- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Thu, 30 Apr 2020 16:35:30 +0100
- To: besteves@delicias.dia.fi.upm.es
- Cc: public-dpvcg@w3.org
Hi Beatriz, IMHO We should have this on the Wiki in its current state given that it is accessible to everyone and is editable for members. We already have a Wiki page detailing some existing terms - https://www.w3.org/community/dpvcg/wiki/Rights If you think there is a lot of (structured) data to record, we can move over the spreadsheets. Best, Harsh On 30/04/2020 16:26, besteves@delicias.dia.fi.upm.es wrote: > Thank you for your comments! > > To start, I'll create a Google Sheets with the rights and we can go from there. > I'll try to have it for the next call. > Then latyer we can add it to the wiki once it is more mature. > > Thanks, > Beatriz > > > Info @ OC – Thu, 30. April 2020 15:59 >> Quick Inline Comments , >> >> >>> On 30 Apr 2020, at 09:52, Harshvardhan J. Pandit <me@harshp.com> wrote: >>> >>> Rights are definitely of interest and within scope of the work we are >> looking (IMHO). >> >> +1 >>> >>> On 30/04/2020 13:19, besteves@delicias.dia.fi.upm.es wrote: >>>> For starters, should we discuss which is the best way to do it? >>>> Two options could be: >>>> 1) add a new module (such as the purpose, processing, ... modules) to the >> vocabulary >>> My intuitive reaction was to have "Rights" as a top-level concept and >> associated with a Personal Data Handling instance. >>> However, this would not be the right way to go forward as 'rights' are not >> necessarily associated with personal data handling/processing. For example, >> Right to withdraw consent (GDPR) is associated with legal basis of consent. >>> >>> So I would propose that as the first exercise we use the Wiki to list down >> the rights and the relevant concepts currently in DPV regarding those (where >> possible). >>> Hopefully after this we would have some indication of where to model them as >> a concept. >> >> +2 - Rights are relative to the legal authority to process and in this way are >> applied to the context. The operational use of rights, (in my opinion is >> achieved with Notice) Notice requirements are quite clear in the GDPR. >> >> For example a data subject has the right to object, a right to restrict >> processing, a right to revoke consent, and right to Notice and privacy >> information. - these vary according to legal justification, which is (suppose >> to be) required to be apart of a Notice . >>> >>> Conversely, another interpretation of 'rights' is as a policy - which means >> it would go beyond the scope of DPV (currently). >>> In this case, we should aim to provide the terms required to express this >> policy - which *is* the goal of DPVCG. >> >> I would suggest that - it would be first rights - then policy, (in terms of >> order of governance operations.) >> >>> >>>> 2) create a separate vocabulary (such as the one created for the legal >> basis) >>> Rights are tied to jurisdictional laws/legislations - much in the same way >> as legal basis. >>> So this makes sense. But instead of a separate vocabulary - we can add them >> to DPV-GDPR. >>> >>> However, do we create a separate module/extension for every jurisdiction? >> (IMO yes) >>> >>> P.S. Minutes of meeting for yesterday are at >> www.w3.org/2020/04/29-dpvcg-minutes.html >> >> Thank You ! >>> I had trouble remembering how to use Zakim, RRSAgent. >>> >>> Regards, >>> >>> -- >>> --- >>> Harshvardhan Pandit >>> PhD Researcher >>> ADAPT Centre >>> Trinity College Dublin >>> >>> -- --- Harshvardhan Pandit PhD Researcher ADAPT Centre Trinity College Dublin
Received on Thursday, 30 April 2020 15:35:49 UTC