W3C home > Mailing lists > Public > public-dpvcg@w3.org > October 2021

Sources of relevance for privacy policies, consent, and real-world data

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Thu, 7 Oct 2021 18:09:45 +0100
Message-ID: <d674d670-4fa0-c669-a125-f13cfbde7046@harshp.com>
To: public-dpvcg@w3.org
Hello. Following the last meeting call on WED, we agreed to next 
prioritise the concepts related to privacy policies, consent, technical 
(measures, tools), and real-world instances. For these, I share my notes 
on possible sources we can utilise (see below).

We have our next call WED OCT-13. Agenda will be circulated on Monday.


1 Privacy Policy concepts
===========================

   - mailing list thread about privacy policy
     * [2021-03-25 Thu]
       <https://lists.w3.org/Archives/Public/public-dpvcg/2021Mar/0006.html>
       discussion of concepts
     * [2020-05-29 Fri]
       <https://lists.w3.org/Archives/Public/public-dpvcg/2020May/0014.html>
       Signatu's proposal for privacy policy concepts based on GDPR A.13
       and A.14
     * <https://www.w3.org/community/dpvcg/track/actions/140> archived
       list of mails related to ACTION-140 privacy policy generation
   - SPECIAL project's work on consent concepts is fully incorporated
     given the origin of DPV in SPL vocabularies. What we have not
     integrated, is the OWL2 representation and use of reasoning to match
     'policies'. There is ongoing work on this in TRAPEZE that is of
     relevance and interest.
   - relevant work in SotA
     * <https://www.privacylabel.org/learn/> Privacy Label
     * <https://github.com/italia/daf-ontologie-vocabolari-controllati>
       Ontologie e Vocabolari Controllati (Italian controlled
       vocabularies)
     * 
<https://github.com/KartikChawla-droid/Taxonomy_Privacy_Data_Control_Signals>
       taxonomy by Kartik et al. about privacy and data control (policy)
   - my Zotero library has references for SotA on this topic
     * <https://www.zotero.org/hpandit/collections/LC55YC7N> privacy
       policy analysis
     * <https://www.zotero.org/hpandit/collections/5NQ8B6H8> privacy
       policy languages
     * <https://www.zotero.org/hpandit/collections/XLBSXLYW> sem-web +
       preferences


2 Consent concepts
====================

   - PAECG deliverable for Consent Receipt
     <https://doi.org/10.5281/zenodo.5076603>
     * outlines consent concepts with analysis of Consent Receipt v1.1
       and GDPR requirements ;
     * provides recommendation for semantic vocabulary and use
   - gconsent ontology <http://w3id.org/GConsent>
     * provides semantic concepts for consent and modelling of 'states'
       and 'actors'
   - FHIR consent codes
     <https://www.hl7.org/fhir/valueset-consent-state-codes.html>
     * comprehensive standard for 'codes' representing use of consent
       (similar to states in GConsent) and its management within systems
     * primarily intended for Health records
   - DUO <http://purl.obolibrary.org/obo/duo.owl>
     * another health-oriented vocabulary about consent
     * outlines permissions and prohibitions for use-cases related to
       health/medical data sharing in terms of practical use-cases
   - sem-web + consent survey paper
     <https://content.iospress.com/articles/semantic-web/sw210438>


3 Technical / Real-world items
================================

   - ENISA security documentation and standards
     * what specific documents/concepts we need? Specific reports as
       sources?
     * e.g. 
<https://www.enisa.europa.eu/publications/data-pseudonymisation-advanced-techniques-and-use-cases>
       about pseudo-anonymisation techniques
   - ISO standards: 27000 series as starting point
     <https://en.wikipedia.org/wiki/ISO/IEC_27000-series>
   - DPAs - EU maintains a list, easily doable
   - Jurisdictions
     * is there a vocab for jurisdictions? There is for general
       expression of regions, and there are standardised vocabs of
       contries, but not all jurisdictions AFAIK.
     * we can start with adding concept jurisdiction in DPV and leave it
       at that
   - Adequacy decisions, SCCs provided by EU/Others -
 
<https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en>


Regards,
-- 
---
Harshvardhan J. Pandit, Ph.D
Research Fellow
ADAPT Centre, Trinity College Dublin
https://harshp.com/
Received on Thursday, 7 October 2021 17:10:03 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:28:01 UTC