- From: Mark Lizar <mark@openconsent.com>
- Date: Mon, 10 Dec 2018 10:33:52 +0000
- To: "Harshvardhan J. Pandit" <me@harshp.com>
- Cc: public-dpvcg <public-dpvcg@w3.org>
- Message-Id: <03CE01D5-7C40-4558-833E-EC60285C945F@openconsent.com>
Hi Harsh, That was a typo, the industry categories can refer to sic code or industry and industry sub-category. Prior to GDPR we called this the purpose category. - Mark > On 10 Dec 2018, at 09:24, Harshvardhan J. Pandit <me@harshp.com> wrote: > > Hi Mark, thanks for the comments. > I did try to find more information on what GDPR means by categories of controllers or bodies, but could not anything about it. The only thing that relates to it is Joint Controllers, but that has separate connotations in the GDPR. > My guess is that these association or bodies are a group of controllers that fall under some arbitrary umbrella of grouping. An example is A37(3). > > P.S. I did not understand which category you were referring to at the end of your mail. > > - Harsh > > On 10/12/18 10:08 AM, Mark Lizar wrote: >> Hi Harsh, >> Nice work. This was a very old appendix for an early draft of the Consent Receipt specification as mentioned when the link was provided. It had a mix of personal data categories and purpose. So not a good functional reference. >> But what we did find very useful was the concept of controller category. Which provides and indication as to the type of processing that would be expected. >> References in the GDPR >> 98. >> Recital (98) Associations or other bodies representing*categories >> of controllers, * >> Article 37(4)- categories of controllers appears again. >> Have you included this category? >> Regards, >> Mark >>> On 9 Dec 2018, at 20:51, Harshvardhan J. Pandit <me@harshp.com <mailto:me@harshp.com> <mailto:me@harshp.com <mailto:me@harshp.com>>> wrote: >>> >>> Hello all, >>> We discussed in the Vienna F2F about high-level purposes or dimensions using examples from MyData. >>> Following that, on the 4th, we looked at Purposes as defined in Consent Receipt https://kantarainitiative.org/confluence/display/infosharing/Appendix+CR+-+V.9.3+-+Example+Purpose+Categories >>> TIt discusses things such as core functions (legitimate interest???), contracted service (contract???), contact requested (communication), personalisation, marketing, marketing by third parties. However, the last few purposes are very abstract as to their use and application. >>> >>> I like the distinction of categorising purposes at a high-level based on how they relate to the controller and the data subject (a point which Bud raised in the F2F) i.e. which of them are essential, which are legal, and which are complimentary, or which does the user have control over. >>> This would be separate from any other categorisation, such as basaed on domain or service. >>> There are examples of this being used in some privacy policies (in the wild, so to speak) as well. >>> >>> Regards, >>> -- >>> --- >>> Harshvardhan J. Pandit >>> PhD Researcher >>> ADAPT Centre, Trinity College Dublin >>> https://harshp.com/ >>> > > -- > --- > Harshvardhan J. Pandit > PhD Researcher > ADAPT Centre, Trinity College Dublin > https://harshp.com/ <https://harshp.com/>
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Monday, 10 December 2018 10:35:23 UTC