W3C home > Mailing lists > Public > public-dpvcg@w3.org > April 2020

Re: Representation of GDPR rights

From: Info @ OC <@>
Date: Thu, 30 Apr 2020 10:57:25 -0400
Cc: besteves@delicias.dia.fi.upm.es, public-dpvcg@w3.org
Message-Id: <466942F8-3CF9-4630-A132-82F093F8EA28@openconsent.com>
To: "Harshvardhan J. Pandit" <me@harshp.com>

Quick Inline Comments ,

> On 30 Apr 2020, at 09:52, Harshvardhan J. Pandit <me@harshp.com> wrote:
> Rights are definitely of interest and within scope of the work we are looking (IMHO).

> On 30/04/2020 13:19, besteves@delicias.dia.fi.upm.es wrote:
>> For starters, should we discuss which is the best way to do it?
>> Two options could be:
>> 1) add a new module (such as the purpose, processing, ... modules) to the vocabulary
> My intuitive reaction was to have "Rights" as a top-level concept and associated with a Personal Data Handling instance.
> However, this would not be the right way to go forward as 'rights' are not necessarily associated with personal data handling/processing. For example, Right to withdraw consent (GDPR) is associated with legal basis of consent.
> So I would propose that as the first exercise we use the Wiki to list down the rights and the relevant concepts currently in DPV regarding those (where possible).
> Hopefully after this we would have some indication of where to model them as a concept.

+2 - Rights are relative to the legal authority to process and in this way are applied to the context.  The operational use of rights, (in my opinion is achieved with Notice)   Notice requirements are quite clear in the GDPR. 

For example a data subject has the right to object, a right to restrict processing, a right to revoke consent, and right to Notice and privacy information. - these vary according to legal justification, which is (suppose to be) required to be apart of a Notice . 
> Conversely, another interpretation of 'rights' is as a policy - which means it would go beyond the scope of DPV (currently).
> In this case, we should aim to provide the terms required to express this policy - which *is* the goal of DPVCG.

I would suggest that - it would be first rights - then policy, (in terms of order of governance operations.) 

>> 2) create a separate vocabulary (such as the one created for the legal basis)
> Rights are tied to jurisdictional laws/legislations - much in the same way as legal basis.
> So this makes sense. But instead of a separate vocabulary - we can add them to DPV-GDPR.
> However, do we create a separate module/extension for every jurisdiction? (IMO yes)
> P.S. Minutes of meeting for yesterday are at https://www.w3.org/2020/04/29-dpvcg-minutes.html

Thank You ! 
> I had trouble remembering how to use Zakim, RRSAgent.
> Regards,
> -- 
> ---
> Harshvardhan Pandit
> PhD Researcher
> ADAPT Centre
> Trinity College Dublin
Received on Thursday, 30 April 2020 14:58:48 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:27:58 UTC