- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Fri, 1 May 2020 17:43:30 +0100
- To: Zach Edwards <zach@victorymedium.com>
- Cc: public-dpvcg@w3.org
Hi Zach - is there a guide/documentation for how to interprety and/or understand the spreadsheet? On 30/04/2020 16:49, Zach Edwards wrote: > howdy ya'll, > > I'd love to join any groups working on this and I'll try to keep an eye > on the discussions. I've been working ona. "privacy schema" that uses > language from GDPR/CCPA/CPRA and a few other frameworks in the U.S. > (HIPAA/COPPA, etc) and then describes the "States of Data" (Inbound, at > rest, outbound) and how an organization may need to append metadata to > that data in various states of transmission to properly identify the > source/consent/transfers for revocations/deletion efforts. > > Privacy schema draft @ (feel free to clone / take anything, no credit > needed) : > https://docs.google.com/spreadsheets/d/1jrmUpLq88M_lq6iM2-0Tsm1-XSqU-9q-ChcNxSwJ31Y/edit?usp=sharing > > Thanks for everyone's work on this topic! > > Sincerely, > Zach > > On Thu, Apr 30, 2020 at 8:41 AM <besteves@delicias.dia.fi.upm.es > <mailto:besteves@delicias.dia.fi.upm.es>> wrote: > > Great, didn't know, but if we already have it on the wiki we should > definitly use it. > > Thanks, I'll have a look. > > Best, > Beatriz > > > Harshvardhan J. Pandit – Thu, 30. April 2020 16:36 > > Hi Beatriz, > > IMHO We should have this on the Wiki in its current state given > that it > > is accessible to everyone and is editable for members. > > We already have a Wiki page detailing some existing terms - > > www.w3.org/community/dpvcg/wiki/Rights > <http://www.w3.org/community/dpvcg/wiki/Rights> > > > > If you think there is a lot of (structured) data to record, we > can move > > over the spreadsheets. > > > > Best, > > Harsh > > > > On 30/04/2020 16:26, besteves@delicias.dia.fi.upm.es > <mailto:besteves@delicias.dia.fi.upm.es> wrote: > > > Thank you for your comments! > > > > > > To start, I'll create a Google Sheets with the rights and we > can go from > > there. > > > I'll try to have it for the next call. > > > Then latyer we can add it to the wiki once it is more mature. > > > > > > Thanks, > > > Beatriz > > > > > > > > > Info @ OC – Thu, 30. April 2020 15:59 > > >> Quick Inline Comments , > > >> > > >> > > >>> On 30 Apr 2020, at 09:52, Harshvardhan J. Pandit > <me@harshp.com <mailto:me@harshp.com>> wrote: > > >>> > > >>> Rights are definitely of interest and within scope of the > work we are > > >> looking (IMHO). > > >> > > >> +1 > > >>> > > >>> On 30/04/2020 13:19, besteves@delicias.dia.fi.upm.es > <mailto:besteves@delicias.dia.fi.upm.es> wrote: > > >>>> For starters, should we discuss which is the best way to do it? > > >>>> Two options could be: > > >>>> 1) add a new module (such as the purpose, processing, ... > modules) to the > > >> vocabulary > > >>> My intuitive reaction was to have "Rights" as a top-level > concept and > > >> associated with a Personal Data Handling instance. > > >>> However, this would not be the right way to go forward as > 'rights' are not > > >> necessarily associated with personal data handling/processing. > For example, > > >> Right to withdraw consent (GDPR) is associated with legal > basis of consent. > > >>> > > >>> So I would propose that as the first exercise we use the Wiki > to list down > > >> the rights and the relevant concepts currently in DPV > regarding those > > (where > > >> possible). > > >>> Hopefully after this we would have some indication of where > to model them > > as > > >> a concept. > > >> > > >> +2 - Rights are relative to the legal authority to process and > in this way > > are > > >> applied to the context. The operational use of rights, (in my > opinion is > > >> achieved with Notice) Notice requirements are quite clear in > the GDPR. > > >> > > >> For example a data subject has the right to object, a right to > restrict > > >> processing, a right to revoke consent, and right to Notice and > privacy > > >> information. - these vary according to legal justification, > which is > > (suppose > > >> to be) required to be apart of a Notice . > > >>> > > >>> Conversely, another interpretation of 'rights' is as a policy > - which > > means > > >> it would go beyond the scope of DPV (currently). > > >>> In this case, we should aim to provide the terms required to > express this > > >> policy - which *is* the goal of DPVCG. > > >> > > >> I would suggest that - it would be first rights - then policy, > (in terms of > > >> order of governance operations.) > > >> > > >>> > > >>>> 2) create a separate vocabulary (such as the one created for > the legal > > >> basis) > > >>> Rights are tied to jurisdictional laws/legislations - much in > the same way > > >> as legal basis. > > >>> So this makes sense. But instead of a separate vocabulary - > we can add > > them > > >> to DPV-GDPR. > > >>> > > >>> However, do we create a separate module/extension for every > jurisdiction? > > >> (IMO yes) > > >>> > > >>> P.S. Minutes of meeting for yesterday are at > > >> www.w3.org/2020/04/29-dpvcg-minutes.html > <http://www.w3.org/2020/04/29-dpvcg-minutes.html> > > >> > > >> Thank You ! > > >>> I had trouble remembering how to use Zakim, RRSAgent. > > >>> > > >>> Regards, > > >>> > > >>> -- > > >>> --- > > >>> Harshvardhan Pandit > > >>> PhD Researcher > > >>> ADAPT Centre > > >>> Trinity College Dublin > > >>> > > >>> > > > > -- > > --- > > Harshvardhan Pandit > > PhD Researcher > > ADAPT Centre > > Trinity College Dublin > > > > -- > -- > Zach Edwards > zach@victorymedium.com <mailto:zach@victorymedium.com> > 512-417-3095 > skype: thezedwards -- --- Harshvardhan Pandit PhD Researcher ADAPT Centre Trinity College Dublin
Received on Friday, 1 May 2020 16:43:45 UTC