Re: dpvcg-ACTION-39: Add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html to https://www.w3.org/community/dpvcg/wiki/ownyourdata/data_donation from Christoph Fabianek on 2018-11-18 (public-dpvcg@w3.org from November 2018)

From: Christoph Fabianek <christoph.fabianek@gmail.com>
Date: Mon, 19 Nov 2018 00:30:36 +0100
To: Harshvardhan Pandit <me@harshp.com>
Cc: public-dpvcg <public-dpvcg@w3.org>
Message-Id: <1B3CF3E9-7B43-4A6D-8542-6AF430041EC7@gmail.com>
Hello Harsh,

thanks for your comments. Answers inline...

Regards,
Christoph


> Am 11.11.2018 um 22:54 schrieb Harshvardhan Pandit <me@harshp.com>:
> 
> Hello all. A few notes regarding Christoph's update for the use-case.
> 
> 1. Categories of personal data
> The wiki states that all types of personal data can be used. 
> I presume that this would (schould) exclude sensitive information such as health data and bank details?

No, quite the contrary: We have one contact who plans to collect blood sugar levels from diabetes people with this tool. And there is even currently a discussion how to exchange account statements in regard to the new Payment Service Directive (https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en <https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en>) 
So, it is really up to the users what data they want to share!

Is this a problem?

> 
> 2. Purposes
> Both the purposes seem to me to be very abstract and subjective to define (what is a good cause? what would 'research' entail?
> Would these be sufficient for the scope of the taxonomies?

Well, I hope that the aim what the service wants to provide is clear. I'm not versed in the taxonomies. Any help is highly appreciated!  

> 
> 3. Processing
> The link for Semantic Containers currently opens to a placeholder page without any content

The page is now online.

> 
> 4. Actors
> a) Data Requester and Data Donator are sub-types of Data Subjects? Or can they be any Organisation as well?

I would interpret the Data Requester as an Organization (and Data Controller) and the Data Donator being the Data Subject.

> b) OwnYourData would be a Data Controller?

OwnYourData is not the Data Controller! We are implementing the concept of Semantic Containers and provide a frontend to make it generally accessible. The Data Requester (who runs the services) is the Data Controller.
(Example: if you download OwnCloud and provide it as a service then you will be the Data Controller and not the organization who implemented OwnCloud)

> 
> 5. Storage Location
> Are there options about storage location? The wiki refers to the page for Semantic Containers.

The Storage Location (and Duration) are defined when initializing a Semantic Container and the information will be shown on the Info Page.

> 
> 6. Consent (legal basis for processing)
> Can this process be defined using the consent states, terms that we are currently discussing?
> (validating collected inputs) Is anything missing?

Here I would also need some help from more experienced members of the group!

> 
> Thanks for the update Christoph : )
> 
> Regards,
> Harsh
> 
> ---
> Harshvardhan Pandit
> PhD Candidate
> ADAPT, Trinity College Dublin
> https://harshp.com <https://harshp.com/>
> 
> On Sun, 11 Nov 2018 at 20:48, Christoph Fabianek <christoph.fabianek@gmail.com <mailto:christoph.fabianek@gmail.com>> wrote:
> Hi,
> 
> I just updated the page according to the structure provided.
> https://www.w3.org/community/dpvcg/wiki/OwnYourData/Data_Donation <https://www.w3.org/community/dpvcg/wiki/OwnYourData/Data_Donation> 
> 
> @Elmar: feel free to also update the page
> 
> Best,
> Christoph
> 
> 
>> Am 06.11.2018 um 17:08 schrieb Kiesling, Elmar <elmar.kiesling@tuwien.ac.at <mailto:elmar.kiesling@tuwien.ac.at>>:
>> 
>> Hi Christoph,
>> 
>> I joined the DPVCG call today and volunteered to forward this request to you.
>> 
>> The link in the action item is slightly incorrect, it should read
>> 
>> https://lists.w3.org/Archives/Public/public-dpvcg/2018Nov/0000.html <https://lists.w3.org/Archives/Public/public-dpvcg/2018Nov/0000.html>
>> 
>> The request is for each use case to add:
>> 1. categories of personal data involved
>> 2. purposes for personal data handling
>> 3. different kinds of processing involved
>> 4. data subjects, controllers, processors, and recipients involved
>> 5. storage & security aspects:
>>     * storage locations
>>     * storage duration
>>     * security measures (including e.g. anonymisation "levels", pseudonymisation)
>> 6. means of legitimation for personal data processing
>>     e.g. consent, legitimate interest, etc. ...
>> LG,
>> 
>> Elmar
>> 
>> 
>> 
>> 
>>> Begin forwarded message:
>>> 
>>> From: Data Privacy Vocabularies and Controls Community Group Issue Tracker <sysbot+tracker@w3.org <mailto:sysbot+tracker@w3.org>>
>>> Subject: dpvcg-ACTION-39: Add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html <https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html> tohttps://www.w3.org/community/dpvcg/wiki/ownyourdata/data_donation <https://www.w3.org/community/dpvcg/wiki/ownyourdata/data_donation>
>>> Date: 6. November 2018 at 16:56:39 CET
>>> To: <public-dpvcg@w3.org <mailto:public-dpvcg@w3.org>>
>>> Resent-From: <public-dpvcg@w3.org <mailto:public-dpvcg@w3.org>>
>>> Reply-To: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org <mailto:public-dpvcg@w3.org>>
>>> 
>>> dpvcg-ACTION-39: Add points 1.-6. from https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html <https://lists.w3.org/archives/public/public-dpvcg/2018nov/0000.html>  to https://www.w3.org/community/dpvcg/wiki/ownyourdata/data_donation <https://www.w3.org/community/dpvcg/wiki/ownyourdata/data_donation>
>>> 
>>> https://www.w3.org/community/dpvcg/track/actions/39 <https://www.w3.org/community/dpvcg/track/actions/39>
>>> 
>>> Assigned to: Elmar Kiesling
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>
Received on Sunday, 18 November 2018 23:31:03 UTC