- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Mon, 10 Dec 2018 12:29:39 +0100
- To: Mark Lizar <mark@openconsent.com>
- Cc: public-dpvcg <public-dpvcg@w3.org>
Hi Mark, thanks for the pointer towards SIC. From SIC, I found NAICS (US) which replaces SIC, NACE (EU), and ISIC (UN). NACE and ISIC have the same broad categorisation (see below), but I think these are more suitable for categorisation of services/data controllers rather than the purpose itself. I would envision purposes as being related more towards provision of service, security, enabling features, and so on. These come from some reading of privacy policies I did. I would propose collecting these terms and starting our base ontology using them. Regards, Harsh Broad Structure in NACE & ISIC A. Agriculture, forestry and fishing B. Mining and quarrying C. Manufacturing D. Electricity, gas, steam and air conditioning supply E. Water supply; sewerage, waste management and remediation activities F. Construction G. Wholesale and retail trade; repair of motor vehicles and motorcycles H. Transportation and storage I. Accommodation and food service activities J. Information and communication K. Financial and insurance activities L. Real estate activities M. Professional, scientific and technical activities N. Administrative and support service activities O. Public administration and defence; compulsory social security P. Education Q. Human health and social work activities R. Arts, entertainment and recreation S. Other service activities T. Activities of households as employers; undifferentiated goods- and services-producing activities of households for own use U. Activities of extraterritorial organizations and bodies # Further notes NAICS ----- replaces SIC https://www.census.gov/eos/www/naics/2017NAICS/2017_NAICS_Manual.pdf Example * Advertising * Sector 54: Professional, scientific and technical activities * 541 Professional, Scientific, and Technical Services * 5418 Advertising, Public Relations, and Related Services * 541860 Direct Mail Advertising ### NACE https://ec.europa.eu/eurostat/ramon/nomenclatures/index.cfm?TargetUrl=LST_NOM_DTL&StrNom=NACE_REV2&StrLanguageCode=EN Example * Advertising * M Professional, scientific and technical activities * M73 - Advertising and market research * M73.1 - Advertising * M73.1.1 - Advertising agencies ### ISIC https://unstats.un.org/unsd/publication/SeriesM/seriesm_4rev4e.pdf See Chapter II Example * Advertising * 731 / 7310 * Division 73 Advertising and Market Research * Section M Professional, scientific and technical activities On 10/12/18 11:33 AM, Mark Lizar wrote: > Hi Harsh, > > That was a typo, the industry categories can refer to sic code or > industry and industry sub-category. Prior to GDPR we called this the > purpose category. > > - Mark > > >> On 10 Dec 2018, at 09:24, Harshvardhan J. Pandit <me@harshp.com >> <mailto:me@harshp.com>> wrote: >> >> Hi Mark, thanks for the comments. >> I did try to find more information on what GDPR means by categories of >> controllers or bodies, but could not anything about it. The only thing >> that relates to it is Joint Controllers, but that has separate >> connotations in the GDPR. >> My guess is that these association or bodies are a group of >> controllers that fall under some arbitrary umbrella of grouping. An >> example is A37(3). >> >> P.S. I did not understand which category you were referring to at the >> end of your mail. >> >> - Harsh >> >> On 10/12/18 10:08 AM, Mark Lizar wrote: >>> Hi Harsh, >>> Nice work. This was a very old appendix for an early draft of the >>> Consent Receipt specification as mentioned when the link was >>> provided. It had a mix of personal data categories and purpose. So >>> not a good functional reference. >>> But what we did find very useful was the concept of controller >>> category. Which provides and indication as to the type of >>> processing that would be expected. >>> References in the GDPR >>> 98. >>> Recital (98) Associations or other bodies representing*categories >>> of controllers, * >>> Article 37(4)- categories of controllers appears again. >>> Have you included this category? >>> Regards, >>> Mark >>>> On 9 Dec 2018, at 20:51, Harshvardhan J. Pandit <me@harshp.com >>>> <mailto:me@harshp.com><mailto:me@harshp.com>> wrote: >>>> >>>> Hello all, >>>> We discussed in the Vienna F2F about high-level purposes or >>>> dimensions using examples from MyData. >>>> Following that, on the 4th, we looked at Purposes as defined in >>>> Consent Receipt >>>> https://kantarainitiative.org/confluence/display/infosharing/Appendix+CR+-+V.9.3+-+Example+Purpose+Categories >>>> TIt discusses things such as core functions (legitimate >>>> interest???), contracted service (contract???), contact requested >>>> (communication), personalisation, marketing, marketing by third >>>> parties. However, the last few purposes are very abstract as to >>>> their use and application. >>>> >>>> I like the distinction of categorising purposes at a high-level >>>> based on how they relate to the controller and the data subject (a >>>> point which Bud raised in the F2F) i.e. which of them are essential, >>>> which are legal, and which are complimentary, or which does the user >>>> have control over. >>>> This would be separate from any other categorisation, such as basaed >>>> on domain or service. >>>> There are examples of this being used in some privacy policies (in >>>> the wild, so to speak) as well. >>>> >>>> Regards, >>>> -- >>>> --- >>>> Harshvardhan J. Pandit >>>> PhD Researcher >>>> ADAPT Centre, Trinity College Dublin >>>> https://harshp.com/ >>>> >> >> -- >> --- >> Harshvardhan J. Pandit >> PhD Researcher >> ADAPT Centre, Trinity College Dublin >> https://harshp.com/ > -- --- Harshvardhan J. Pandit PhD Researcher ADAPT Centre, Trinity College Dublin https://harshp.com/
Received on Monday, 10 December 2018 11:30:05 UTC