- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Thu, 7 Oct 2021 18:09:45 +0100
- To: public-dpvcg@w3.org
Hello. Following the last meeting call on WED, we agreed to next
prioritise the concepts related to privacy policies, consent, technical
(measures, tools), and real-world instances. For these, I share my notes
on possible sources we can utilise (see below).
We have our next call WED OCT-13. Agenda will be circulated on Monday.
1 Privacy Policy concepts
===========================
- mailing list thread about privacy policy
* [2021-03-25 Thu]
<https://lists.w3.org/Archives/Public/public-dpvcg/2021Mar/0006.html>
discussion of concepts
* [2020-05-29 Fri]
<https://lists.w3.org/Archives/Public/public-dpvcg/2020May/0014.html>
Signatu's proposal for privacy policy concepts based on GDPR A.13
and A.14
* <https://www.w3.org/community/dpvcg/track/actions/140> archived
list of mails related to ACTION-140 privacy policy generation
- SPECIAL project's work on consent concepts is fully incorporated
given the origin of DPV in SPL vocabularies. What we have not
integrated, is the OWL2 representation and use of reasoning to match
'policies'. There is ongoing work on this in TRAPEZE that is of
relevance and interest.
- relevant work in SotA
* <https://www.privacylabel.org/learn/> Privacy Label
* <https://github.com/italia/daf-ontologie-vocabolari-controllati>
Ontologie e Vocabolari Controllati (Italian controlled
vocabularies)
*
<https://github.com/KartikChawla-droid/Taxonomy_Privacy_Data_Control_Signals>
taxonomy by Kartik et al. about privacy and data control (policy)
- my Zotero library has references for SotA on this topic
* <https://www.zotero.org/hpandit/collections/LC55YC7N> privacy
policy analysis
* <https://www.zotero.org/hpandit/collections/5NQ8B6H8> privacy
policy languages
* <https://www.zotero.org/hpandit/collections/XLBSXLYW> sem-web +
preferences
2 Consent concepts
====================
- PAECG deliverable for Consent Receipt
<https://doi.org/10.5281/zenodo.5076603>
* outlines consent concepts with analysis of Consent Receipt v1.1
and GDPR requirements ;
* provides recommendation for semantic vocabulary and use
- gconsent ontology <http://w3id.org/GConsent>
* provides semantic concepts for consent and modelling of 'states'
and 'actors'
- FHIR consent codes
<https://www.hl7.org/fhir/valueset-consent-state-codes.html>
* comprehensive standard for 'codes' representing use of consent
(similar to states in GConsent) and its management within systems
* primarily intended for Health records
- DUO <http://purl.obolibrary.org/obo/duo.owl>
* another health-oriented vocabulary about consent
* outlines permissions and prohibitions for use-cases related to
health/medical data sharing in terms of practical use-cases
- sem-web + consent survey paper
<https://content.iospress.com/articles/semantic-web/sw210438>
3 Technical / Real-world items
================================
- ENISA security documentation and standards
* what specific documents/concepts we need? Specific reports as
sources?
* e.g.
<https://www.enisa.europa.eu/publications/data-pseudonymisation-advanced-techniques-and-use-cases>
about pseudo-anonymisation techniques
- ISO standards: 27000 series as starting point
<https://en.wikipedia.org/wiki/ISO/IEC_27000-series>
- DPAs - EU maintains a list, easily doable
- Jurisdictions
* is there a vocab for jurisdictions? There is for general
expression of regions, and there are standardised vocabs of
contries, but not all jurisdictions AFAIK.
* we can start with adding concept jurisdiction in DPV and leave it
at that
- Adequacy decisions, SCCs provided by EU/Others -
<https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en>
Regards,
--
---
Harshvardhan J. Pandit, Ph.D
Research Fellow
ADAPT Centre, Trinity College Dublin
https://harshp.com/
Received on Thursday, 7 October 2021 17:10:03 UTC