Re: Missing concepts in dpv from GDPR Art 13 and 14, Treaty 108 and ISO/IEC 29184 from OCG Info on 2020-06-30 (public-dpvcg@w3.org from June 2020)

From: OCG Info <info@openconsent.com>
Date: Tue, 30 Jun 2020 14:44:52 +0000
To: "Harshvardhan J. Pandit" <me@harshp.com>
CC: Georg Philip Krog <georg@signatu.com>, Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>, Torgeir Hovden <torgeir@signatu.com>, Jon Stephansen <jon@signatu.com>
Message-ID: <1A3E238D-0998-4A8D-9511-6D93AB92A414@openconsent.com>

+1 great work- most of this is covered in the Consent Receipt work we did last year for the DPV.

This is effectively: -  consent record information structure - defined by legal notice - and the core of the consent receipt work

- Mark

On 30 Jun 2020, at 10:24, Harshvardhan J. Pandit <me@harshp.com<mailto:me@harshp.com>> wrote:

c) ISO/IEC 29184 also mentions the concept of 'risk' or 'impact' associated with processing, which the DPV currently does not represent. I feel this is an important concept that should be represented as part of 'risk and mitigation’.

Risk is the key concept the Meaningful Consent law in PIPEDA is the legal standard that requires a separate notice of the risks (and according to ISO 29184) the notice only requires un-mitigated risks.  (So mitigated and un-mitigated  privacy risks should be added to DPV imo)

Received on Tuesday, 30 June 2020 14:45:09 UTC