Meeting minutes
Meeting minutes: https://
purl for this meeting: https://
Automation
<ghurlbot> Issue 108 Revise Automation and HumanInvolvement concepts (by coolharsh55)
Discussed Automation concepts - okay to continue with them.
Meeting with EC
harsh: presented DPV to the Commission with Georg, it went over time - but good positive response. Discussed DPV and in particular consent and DGA.
Justifications
<ghurlbot> Issue 83 Create new Justifications extension (by coolharsh55)
harsh: Modified the justifications to remove prefix and suffix and make them more 'useful' in different contexts. To be reviewed by beatriz. See w3c/
Involvement/Active concepts
Involvement concepts
<ghurlbot> Issue 108 Revise Automation and HumanInvolvement concepts (by coolharsh55)
For Involvement, Permissive and Non-Permissve Involvement were discussed and accepted - see w3c/
Question about ReversingOutputs and ReversingEffects - what's the difference. To continue discussion next week based on comments on the issue.
Question about opt-in opt-out withdraw - clear distinction in usage note should be provided
Active/Passive Data Subject
<ghurlbot> Issue 116 Add Intended and Active Data Subject categories (by coolharsh55)
Discussed and accepted to have generic involvement e.g. hasActiveInvolvement and EntityActivelyInvolved to indicate any active involvement of entities
Accepted isDeterminedBy for expressing determination
hasActiveDataSubject and hasPassiveDataSubject to be kept as proposed to see if they are needed as other properties should be sufficient, along with DataSubjectActivelyInvovled and DataSubjectPassivelyInvolved
Informed concepts
<ghurlbot> Issue 108 Revise Automation and HumanInvolvement concepts (by coolharsh55)
Discussed and accepted having informed as a status. See w3c/
Specialisations for Data Subject, Controller, Recipient, and Authority
Intent concepts
<ghurlbot> Issue 108 Revise Automation and HumanInvolvement concepts (by coolharsh55)
Discussed about whether intent should be a status of a generic concept - and if generic then how to describe it? E.g. IntendedActivity or IntendedPurpose. Same for Expected - which is distinct from intended as it refers to things not under control
steveHickman: are we modelling this as a boolean or is there stuff in between?
Discussed that this is modelling the two possible distinct values - there could be stuff in between which we can add later
Generic controls
<ghurlbot> Issue 115 Add Measures for Obtain, Withdraw, etc. for Consent and other Actions (by coolharsh55)
Discussion regarding whether these controls are still needed given the involvement concepts (e.g. opt-in). Proposal to keep these controls limited to generic actions e.g. obtain information, obtain action, etc. which can be combined with other controls or consent
steve: do we need this level of details?
julian: are these distinct terms as compared to involvement e.g. withdraw?
harsh: agree that these are confusing, we can repurpose this to instead have generic controls to obtain information, perform information, etc. to support an entity to describe how they are providing e.g. opt-in or ability to withdraw
julian: would be good to have examples
Tech and AI extension
<ghurlbot> Issue 47 Specifying "Cloud Computing" in DPV-TECH (by coolharsh55)
<ghurlbot> Issue 126 AI Extension to provide AI-specific concepts (by coolharsh55)
See see w3c/
harsh: tech/org measures from DPV shouldn't be duplicated in TECH to create categories of different technologies; all categories should be added to DPV's TOM taxonomy
harsh: TECH extension only provides information such as provider (actors), or provision method (e.g. cloud), network connectivity (e.g. bluetooth), environment (e.g. smartphone app) etc.
harsh: AI extension will be a completely separate and detached extension from TECH that will provide a taxonomy of techniques, capabilities, etc. for AI
Discussed and okay to go ahead with this approach, and discuss it next week
AI Act
<ghurlbot> Issue 106 Propose concepts from the AI Act (by coolharsh55)
harsh: we will publish the rest of the concepts that we have (for now) as draft and continue working on it
delaram: let's ask people who are working on specific articles of the act to provide concepts
NIS2/ISO27001 vocab
<ghurlbot> Issue 123 Add concepts from ENISA SotA Tech/Org Measures (by coolharsh55)
harsh: Rob has a Master's student Jenni who is working on this and will be
delaram: AI Act article 15 (or so) has relevant requirements for cybersecurity, accuracy, and quality which would be relevant here
Next meeting
The next meeting will be in 1 week on WED 01 May 14:00 WEST / 15:00 CEST. Agenda continued from today's discussions.