- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Mon, 10 Dec 2018 10:24:15 +0100
- To: Mark Lizar <mark@openconsent.com>
- Cc: public-dpvcg <public-dpvcg@w3.org>
Hi Mark, thanks for the comments. I did try to find more information on what GDPR means by categories of controllers or bodies, but could not anything about it. The only thing that relates to it is Joint Controllers, but that has separate connotations in the GDPR. My guess is that these association or bodies are a group of controllers that fall under some arbitrary umbrella of grouping. An example is A37(3). P.S. I did not understand which category you were referring to at the end of your mail. - Harsh On 10/12/18 10:08 AM, Mark Lizar wrote: > Hi Harsh, > > Nice work. This was a very old appendix for an early draft of the > Consent Receipt specification as mentioned when the link was provided. > It had a mix of personal data categories and purpose. So not a good > functional reference. > > But what we did find very useful was the concept of controller category. > Which provides and indication as to the type of processing that would > be expected. > > References in the GDPR > > 98. > > Recital (98) Associations or other bodies representing*categories > of controllers, * > > Article 37(4)- categories of controllers appears again. > > > Have you included this category? > > Regards, > > Mark >> On 9 Dec 2018, at 20:51, Harshvardhan J. Pandit <me@harshp.com >> <mailto:me@harshp.com>> wrote: >> >> Hello all, >> We discussed in the Vienna F2F about high-level purposes or dimensions >> using examples from MyData. >> Following that, on the 4th, we looked at Purposes as defined in >> Consent Receipt >> https://kantarainitiative.org/confluence/display/infosharing/Appendix+CR+-+V.9.3+-+Example+Purpose+Categories >> TIt discusses things such as core functions (legitimate interest???), >> contracted service (contract???), contact requested (communication), >> personalisation, marketing, marketing by third parties. However, the >> last few purposes are very abstract as to their use and application. >> >> I like the distinction of categorising purposes at a high-level based >> on how they relate to the controller and the data subject (a point >> which Bud raised in the F2F) i.e. which of them are essential, which >> are legal, and which are complimentary, or which does the user have >> control over. >> This would be separate from any other categorisation, such as basaed >> on domain or service. >> There are examples of this being used in some privacy policies (in the >> wild, so to speak) as well. >> >> Regards, >> -- >> --- >> Harshvardhan J. Pandit >> PhD Researcher >> ADAPT Centre, Trinity College Dublin >> https://harshp.com/ >> > -- --- Harshvardhan J. Pandit PhD Researcher ADAPT Centre, Trinity College Dublin https://harshp.com/
Received on Monday, 10 December 2018 09:24:39 UTC