W3C home > Mailing lists > Public > public-dpvcg@w3.org > April 2020

Re: Representation of GDPR rights

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Thu, 30 Apr 2020 16:35:30 +0100
To: besteves@delicias.dia.fi.upm.es
Cc: public-dpvcg@w3.org
Message-ID: <0be843b2-c2df-ce1d-4c83-01bfb7589cbc@harshp.com>
Hi Beatriz,
IMHO We should have this on the Wiki in its current state given that it 
is accessible to everyone and is editable for members.
We already have a Wiki page detailing some existing terms - 

If you think there is a lot of (structured) data to record, we can move 
over the spreadsheets.


On 30/04/2020 16:26, besteves@delicias.dia.fi.upm.es wrote:
> Thank you for your comments!
> To start, I'll create a Google Sheets with the rights and we can go from there.
> I'll try to have it for the next call.
> Then latyer we can add it to the wiki once it is more mature.
> Thanks,
> Beatriz
> Info @ OC – Thu, 30. April 2020 15:59
>> Quick Inline Comments ,
>>> On 30 Apr 2020, at 09:52, Harshvardhan J. Pandit <me@harshp.com> wrote:
>>> Rights are definitely of interest and within scope of the work we are
>> looking (IMHO).
>> +1
>>> On 30/04/2020 13:19, besteves@delicias.dia.fi.upm.es wrote:
>>>> For starters, should we discuss which is the best way to do it?
>>>> Two options could be:
>>>> 1) add a new module (such as the purpose, processing, ... modules) to the
>> vocabulary
>>> My intuitive reaction was to have "Rights" as a top-level concept and
>> associated with a Personal Data Handling instance.
>>> However, this would not be the right way to go forward as 'rights' are not
>> necessarily associated with personal data handling/processing. For example,
>> Right to withdraw consent (GDPR) is associated with legal basis of consent.
>>> So I would propose that as the first exercise we use the Wiki to list down
>> the rights and the relevant concepts currently in DPV regarding those (where
>> possible).
>>> Hopefully after this we would have some indication of where to model them as
>> a concept.
>> +2 - Rights are relative to the legal authority to process and in this way are
>> applied to the context. The operational use of rights, (in my opinion is
>> achieved with Notice) Notice requirements are quite clear in the GDPR.
>> For example a data subject has the right to object, a right to restrict
>> processing, a right to revoke consent, and right to Notice and privacy
>> information. - these vary according to legal justification, which is (suppose
>> to be) required to be apart of a Notice .
>>> Conversely, another interpretation of 'rights' is as a policy - which means
>> it would go beyond the scope of DPV (currently).
>>> In this case, we should aim to provide the terms required to express this
>> policy - which *is* the goal of DPVCG.
>> I would suggest that - it would be first rights - then policy, (in terms of
>> order of governance operations.)
>>>> 2) create a separate vocabulary (such as the one created for the legal
>> basis)
>>> Rights are tied to jurisdictional laws/legislations - much in the same way
>> as legal basis.
>>> So this makes sense. But instead of a separate vocabulary - we can add them
>> to DPV-GDPR.
>>> However, do we create a separate module/extension for every jurisdiction?
>> (IMO yes)
>>> P.S. Minutes of meeting for yesterday are at
>> www.w3.org/2020/04/29-dpvcg-minutes.html
>> Thank You !
>>> I had trouble remembering how to use Zakim, RRSAgent.
>>> Regards,
>>> -- 
>>> ---
>>> Harshvardhan Pandit
>>> PhD Researcher
>>> ADAPT Centre
>>> Trinity College Dublin

Harshvardhan Pandit
PhD Researcher
ADAPT Centre
Trinity College Dublin
Received on Thursday, 30 April 2020 15:35:49 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:27:58 UTC