- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Tue, 30 Jun 2020 15:24:50 +0100
- To: Georg Philip Krog <georg@signatu.com>, Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
- Cc: Torgeir Hovden <torgeir@signatu.com>, Jon Stephansen <jon@signatu.com>
Hello. Thanks for starting the work on mapping ISO/IEC 29184 concepts to DPV. a) A lot of concepts are the same as shared previously in context of privacy policies. So my reply to those also applies here in regards to information as well concept coverage in DPV. https://lists.w3.org/Archives/Public/public-dpvcg/2020Jun/0021.html b) The ISO/IEC 29184 analysis is correct in most parts. However, IMHO a few fields are 'missing' information here. E.g. the document does concern processors, data source, automated decision making & profiling, data transfer, technical measures whereas the fields are empty in the table. Additionally, the document references are misleading (or can be) because these are not 'defined' but sometimes merely mentioned. For example, the document mentions that the rights (of GDPR without calling them as such) 'may' exist jurisdictionally in the context of providing information about rights. c) ISO/IEC 29184 also mentions the concept of 'risk' or 'impact' associated with processing, which the DPV currently does not represent. I feel this is an important concept that should be represented as part of 'risk and mitigation'. On 24/06/2020 13:29, Georg Philip Krog wrote: > Dear DPV folks, > > Signatu contributes herewith: > > * missing concepts in dpv from GDPR Art 13 and 14, Treaty 108 and > ISO/IEC 29184. -- --- Harshvardhan Pandit, Ph.D Researcher at ADAPT Centre, Trinity College Dublin https://harshp.com/research/
Received on Tuesday, 30 June 2020 14:25:07 UTC