Missing concepts in dpv from GDPR Art 13 and 14, Treaty 108 and ISO/IEC 29184 from Georg Philip Krog on 2020-06-24 (public-dpvcg@w3.org from June 2020)

From: Georg Philip Krog <georg@signatu.com>
Date: Wed, 24 Jun 2020 14:29:09 +0200
To: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Cc: "Harshvardhan J. Pandit" <me@harshp.com>, Torgeir Hovden <torgeir@signatu.com>, Jon Stephansen <jon@signatu.com>
Message-ID: <CAPOUEwkRGLuZRJ6TopLJ7Xc=4ZhE5wnRATi71nJg1=OAv-6f5g@mail.gmail.com>
Dear DPV folks,

Signatu contributes herewith:

   - missing concepts in dpv from GDPR Art 13 and 14, Treaty 108 and
   ISO/IEC 29184.

Value categories DPV GDPR Art 13 GDPR Art 14 Treaty 108
<https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108>
ISO/IEC
29184 <https://www.iso.org/standard/70331.html>
Data Subject Identity FALSE
Data Controller Identity FALSE Data Controller Identity, GDPR Art 13.1(a) Data
Controller Identity, GDPR Art 14.1(a) Article 8.1(a) ISO/IEC 29184, Section
5.2.2 and 5.3.4
Data Controller Contact Details FALSE Data Controller Contact Details, GDPR
Art 13.1(a) Data Controller Contact Details, GDPR Art 14.1(a) Article
8.1(a) (habitual residence or establishment) ISO/IEC 29184, Section 5.2.2
and 5.3.4
Data Controller Representative FALSE Data Controller Representative, GDPR
Art 13.1(a) Data Controller Representative, GDPR Art 14.1(a)
Data Protection Officer FALSE Data Protection Officer of Data Controller,
GDPR Art 13.1(b) Data Protection Officer of Data Controller, GDPR Art
14.1(b)
Data Protection Office Contact Details FALSE Data Protection Officer
Contact Details, GDPR Art 13.1(b) Data Protection Officer Contact Details,
GDPR Art 14.1(b)
Joint Controller FALSE
Data Processor FALSE
Data Processor Representative FALSE
Personal Data FALSE The personal data, GDPR Art 13.1(c) The categories of
personal data, GDPR Art 14.1(d) Article 8.1(c) ISO/IEC 29184, Section 5.3.5
Personal Data Collection Method FALSE ISO/IEC 29184, Section 5.3.6
Personal Data Collection Timing FALSE ISO/IEC 29184, Section 5.3.7
Personal Data Collection Location FALSE ISO/IEC 29184, Section 5.3.7
Personal Data Source FALSE From which source the personal data originate,
GDPR Art 14.2(f).
Personal Data Public or Private Source FALSE Whether the personal data
originate from publicly accessible sources, GDPR Art 14.2(f).
Personal Data Provision Legal Basis FALSE Whether the provision of personal
data is a statutory or contractual requirement, or a requirement necessary
to enter into a contract, GDPR Art 13.2(e).
Personal Data Provision obligation FALSE Whether the data subject is
obliged to provide the personal data, GDPR Art 13.2(e).
Consequence of data provision failure to provide personal data FALSE The
possible consequences of failure to provide personal data, GDPR Art 13.2(e).
Purposes FALSE Purposes of the Processing, GDPR Art 13.1(c) Data Controller
Identity, GDPR Art 14.1(c) Article 8.1(b) ISO/IEC 29184, Section 5.3.2
Processing Categories Classes FALSE GDPR Art 4.2 ISO/IEC 29184, Section
5.3.8
Automated decision-making and profiling FALSE The existence of automated
decision-making, including profiling, referred to in Article 22(1) and (4),
GDPR Art 13.2(f). The existence of automated decision-making, including
profiling, referred to in Article 22(1) and (4), GDPR Art 14.2(g).
Logic of automated decision-making and profiling FALSE Meaningful
information about the logic involved in automated decision-making,
including profiling, referred to in Article 22(1) and (4), GDPR Art
13.2(f). Meaningful
information about the logic involved in automated decision-making,
including profiling, referred to in Article 22(1) and (4), GDPR Art 14.2(g).
Consequences of automated decision-making and profiling FALSE The
significance and the envisaged consequences of automated decision-making,
including profiling, referred to in Article 22(1) and (4) for the data
subject, GDPR Art 13.2(f). The significance and the envisaged consequences
of automated decision-making, including profiling, referred to in Article
22(1) and (4) for the data subject, GDPR Art 14.2(g). ISO/IEC 29184,
Section 5.3.16 (Risks)
Data transfer to third country FALSE Transfer of personal data to a third
country or to an international organisation, GDPR Art 13.1(f) Transfer of
personal data to a third country or to an international organisation, GDPR
Art 14.1(f).
Third country name FALSE
Data transfer legal basis FALSE Legal Basis for transfer to a third
country, GDPR Art 13.1(f) Legal Basis for transfer to a third country, GDPR
Art 14.1(f).
Technical and Organisational Measures FALSE
Data storage period FALSE The period for which the personal data will be
stored, GDPR Art 13.2(a). The period for which the personal data will be
stored, GDPR Art 14.2(a). ISO/IEC 29184, Section 5.3.11
Criteria to determine data storage period FALSE The criteria used to
determine the period for which the personal data will be stored, GDPR Art
13.2(a). The criteria used to determine the period for which the personal
data will be stored, GDPR Art 14.2(a).
Time limit for data erasure FALSE
Data Storage Location and legal jurisdiction over stored data FALSE ISO/IEC
29184, Section 5.3.9
Recipients FALSE Recipients of categories of recipients of the personal
data (if any), GDPR Art 13.1(e) The recipients or categories of recipients
of the personal data, if any, GDPR Art 14.1(e). Article 8.1(d) ISO/IEC
29184, Section 5.3.10
Legitimate interest of Data Controller FALSE Legitimate Interest (if the
processing is based on GDPR Art 6.1(f)), GDPR Art 13.1(d) Legitimate
Interest (if the processing is based on GDPR Art 6.1(f)), GDPR Art 14.2(b)
Legitimate interest of Third Party FALSE Legitimate Interest (if the
processing is based on GDPR Art 6.1(f)), GDPR Art 13.1(d) Legitimate
Interest (if the processing is based on GDPR Art 6.1(f)), GDPR Art 14.2(b)
Legal Basis FALSE Legal Basis for the Processing, GDPR Art 13.1(c) Legal
Basis for the Processing, GDPR Art 14.1(c) Article 8.1(b) ISO/IEC 29184,
Section 5.3.15
Means to exercise right FALSE GDPR Article 12.2 GDPR Article 12.2 Article
8.1(e)
Right to access FALSE The right to access to personal data, GDPR Art
13.2(b). The right to access to personal data, GDPR Art 14.2(c). ISO/IEC
29184, Section 5.3.12
Right to rectification FALSE The right to rectification of personal data,
GDPR Art 13.2(b). The right to rectification of personal data, GDPR Art
14.2(c). ISO/IEC 29184, Section 5.3.12
Right to erasure FALSE The right to erasure of personal data, GDPR Art
13.2(b). The right to erasure of personal data, GDPR Art 14.2(c). ISO/IEC
29184, Section 5.3.12
Right to restriction FALSE The right to restriction of processing
concerning the data subject, GDPR Art 13.2(b). The right to restriction of
processing concerning the data subject, GDPR Art 14.2(c). ISO/IEC 29184,
Section 5.3.12
Right to object to processing FALSE The right to object to processing, GDPR
Art 13.2(b). The right to object to processing, GDPR Art 14.2(c). ISO/IEC
29184, Section 5.3.12
Right to data portability FALSE The right to data portability, GDPR Art
13.2(b). The right to data portability, GDPR Art 14.2(c). ISO/IEC 29184,
Section 5.3.12
Right to withdraw consent FALSE The right to withdraw consent at any time,
without affecting the lawfulness of processing based on consent before its
withdrawal (where the processing is based on point (a) of Article 6(1) or
point (a) of Article 9(2)), GDPR Art 13.2(c). The right to withdraw consent
at any time, without affecting the lawfulness of processing based on
consent before its withdrawal (where the processing is based on point (a)
of Article 6(1) or point (a) of Article 9(2)), GDPR Art 14.2(d). ISO/IEC
29184, Section 5.3.14
Right to lodge a complaint FALSE The right to lodge a complaint with a
supervisory authority, GDPR Art 13.2(d). The right to lodge a complaint
with a supervisory authority, GDPR Art 14.2(e). ISO/IEC 29184, Section
5.3.13

Best regards,
Georg
-- 
Georg Philip Krog

signatu <https://signatu.com>
Received on Wednesday, 24 June 2020 12:29:49 UTC