W3C home > Mailing lists > Public > public-dpvcg@w3.org > April 2020

Re: Representation of GDPR rights

From: <besteves@delicias.dia.fi.upm.es>
Date: Thu, 30 Apr 2020 15:26:58 +0000
To: "Harshvardhan J. Pandit" <me@harshp.com>, "Info @ OC" <info@openconsent.com>
Cc: public-dpvcg@w3.org
Message-ID: <20200430152658.Horde.tGnBfGyFIR2Dtd1ZOfEB9Zv@delicias.dia.fi.upm.es>
Thank you for your comments!

To start, I'll create a Google Sheets with the rights and we can go from there.
I'll try to have it for the next call.
Then latyer we can add it to the wiki once it is more mature.

Thanks,
Beatriz


Info @ OC – Thu, 30. April 2020 15:59
> Quick Inline Comments ,
> 
> 
> > On 30 Apr 2020, at 09:52, Harshvardhan J. Pandit <me@harshp.com> wrote:
> > 
> > Rights are definitely of interest and within scope of the work we are
> looking (IMHO).
> 
> +1
> > 
> > On 30/04/2020 13:19, besteves@delicias.dia.fi.upm.es wrote:
> >> For starters, should we discuss which is the best way to do it?
> >> Two options could be:
> >> 1) add a new module (such as the purpose, processing, ... modules) to the
> vocabulary
> > My intuitive reaction was to have "Rights" as a top-level concept and
> associated with a Personal Data Handling instance.
> > However, this would not be the right way to go forward as 'rights' are not
> necessarily associated with personal data handling/processing. For example,
> Right to withdraw consent (GDPR) is associated with legal basis of consent.
> > 
> > So I would propose that as the first exercise we use the Wiki to list down
> the rights and the relevant concepts currently in DPV regarding those (where
> possible).
> > Hopefully after this we would have some indication of where to model them as
> a concept.
> 
> +2 - Rights are relative to the legal authority to process and in this way are
> applied to the context. The operational use of rights, (in my opinion is
> achieved with Notice) Notice requirements are quite clear in the GDPR. 
> 
> For example a data subject has the right to object, a right to restrict
> processing, a right to revoke consent, and right to Notice and privacy
> information. - these vary according to legal justification, which is (suppose
> to be) required to be apart of a Notice . 
> > 
> > Conversely, another interpretation of 'rights' is as a policy - which means
> it would go beyond the scope of DPV (currently).
> > In this case, we should aim to provide the terms required to express this
> policy - which *is* the goal of DPVCG.
> 
> I would suggest that - it would be first rights - then policy, (in terms of
> order of governance operations.) 
> 
> > 
> >> 2) create a separate vocabulary (such as the one created for the legal
> basis)
> > Rights are tied to jurisdictional laws/legislations - much in the same way
> as legal basis.
> > So this makes sense. But instead of a separate vocabulary - we can add them
> to DPV-GDPR.
> > 
> > However, do we create a separate module/extension for every jurisdiction?
> (IMO yes)
> > 
> > P.S. Minutes of meeting for yesterday are at 
> www.w3.org/2020/04/29-dpvcg-minutes.html
> 
> Thank You ! 
> > I had trouble remembering how to use Zakim, RRSAgent.
> > 
> > Regards,
> > 
> > -- 
> > ---
> > Harshvardhan Pandit
> > PhD Researcher
> > ADAPT Centre
> > Trinity College Dublin
> > 
> >
Received on Thursday, 30 April 2020 15:27:14 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:27:58 UTC