Re: Discussing GA4GH consent representation using DPV from Harshvardhan J. Pandit on 2020-06-18 (public-dpvcg@w3.org from June 2020)

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Thu, 18 Jun 2020 20:39:34 +0100
To: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Message-ID: <f41d3125-1b9c-6b5e-4ece-8e00586485d2@harshp.com>
Hi Everyone.
Sharing minutes of meeting (see below).
To summarise: DUO is also a vocabulary (ontology) for describing data 
sharing and reuse - scoped within genomics and health research domain.
Though it is currently legislation-agnostic, the team is interested in 
working towards better specification of requirements.

Thanks to Georg for organising this and showcasing a demo of DPV, and to 
Beatriz for helping with the minutes.

Regards,
Harsh

minutes of meeting

_Details_
time_start
       [2020-06-18 Thu 18:00]
location
       zoom
attendees
       @HJP @GeorgPKrog @AdrienThorogood @BeatrizE
time_end
       [2020-06-18 Thu 19:10]
emails
       [dpvcg mailing list invite]

_Meeting Notes_
- introductions
- description of Signatu's work
- DPV presentation by Harsh ([slides])
   * Question: how to specify restrictions on processing location?
   * Question: how can this be used for legal compliance of obligations?
- Signatu Demo by Georg that showcases use of DPV in Consent dialogues /
   cookie banners related to DUO specific use case
   * Question: difference between purpose category and purpose
- Discussion topics
   * Adrian: DUO initially started as a reference implementation, we are
     currently discussing issues surrounding certain items being
     implied. For example how purposes interact or imply purposes such as
     academic purpose with non-profit or commercial entities
     involved. There is an overlap between purposes. DUO does not really
     comply with any specific regulation - this is an issue that often
     appears for implementers of the DUO.
   * Adrian: DUO implies academic and research basis and further
     specifies scope; however there are edge cases
   * Harsh: Separation of information specification and the policy
     (e.g. used to specify obligations or restrictions or
     interpretations)
   * Georg: Purpose and purpose category used to generate summary
     involving data categories, processing, and perhaps legal bases in
     Signatu's implementation
   * Beatriz: policy languages and limitations ; description of research
     topic thats attempt to use DPV as the vocabulary to populate privacy
     policies, build using the W3C standard ODRL
   * Adrian: we are thinking how can DUO be presented to the data
     protection community and what is the best way forward
- Adrian: more than happy to collaborate / work on a mapping between DUO
   and DPV
- Adrian: next week there will a new release of the DUO ontology, will
   share so that DPV can be compared on the most recent version

[dpvcg mailing list invite]
https://lists.w3.org/Archives/Public/public-dpvcg/2020Jun/0013.html

[slides]
https://www.slideshare.net/HarshvardhanPandit1/dpv-v01-201909-introduction/HarshvardhanPandit1/dpv-v01-201909-introduction


On 15/06/2020 13:58, Harshvardhan J. Pandit wrote:
> Dear All,
> I received an invite to present DPV to GA4GH (https://www.ga4gh.org/) 
> member Adrian Thorogood (who works on Machine Readable Consent Guidance) 
> - Thanks to George/Signatu for this.
> 
> The aim would be to present the DPV and discuss whether the GA4GH can 
> utilise this for their machine-readable consent requirements, to see if 
> the GA4GH requirements can be utilised as an use-case for DPVCG.
> 
> This will probably happen 19:00 CEST / 13:00 EDT this Thursday (subject 
> to suitability for all).
> 
> I will be sharing the minutes of this meeting back with the group.
> 
> If you are interested in contributing to this exercise as a DPVCG 
> member, please let me know so I can add you.
> If you have specific points you wish for me to convey, please share them 
> on this email thread.
> 
> This is not part of the Notice & Consent Summer Project posted by Mark 
> to the group recently 
> (https://lists.w3.org/Archives/Public/public-dpvcg/2020Jun/0004.html) - 
> though people working on DPV within the project are welcome to attend 
> the call.
> 
> P.S. I will be point to the existence of SPECIAL project and their work 
> on consent as an example of what DPV (which is based on SPECIAL base 
> vocabulary)  can be used to do. However, to the best of my 
> understanding, GA4GH is also requesting formalisation of the request 
> (e.g. notice information) and the workflow surrounding it. For this, I 
> will be referencing to GDPR requirements and ISO/IEC 29184 as the basis.
> 
> Best,

-- 
---
Harshvardhan Pandit, Ph.D
Researcher at ADAPT Centre, Trinity College Dublin
https://harshp.com/research/
Received on Thursday, 18 June 2020 19:39:50 UTC