- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Mon, 15 Aug 2022 16:29:04 +0100
- To: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Hi. I'm sharing a draft version of the new concepts for review. I'm currently writing the accompanying documentation that will go with these. Assistance with code, writing, editing is welcome. --- Draft spec: https://harshp.com/dpv-x/dpv/ GitHub: Code, RDF, etc. is here: https://github.com/w3c/dpv/tree/local_hjp but the draft HTML is served from here: https://github.com/coolharsh55/dpv-x This way you can compare current (https://w3id.org/dpv) and draft specs. --- Changes to review: 1) Updated structures - The Tech/Org concepts have been split into two sections for technical and organisational measures respectively - Statuses have been removed from Context section and moved to a section of their own - ProcessingScale has been removed from ProcessingContext and moved to a section of its own 2) Consent Concepts - https://harshp.com/dpv-x/dpv/#vocab-consent - The concepts agreed upon in previous meetings have been added, i.e. Consent types, Consent states, and new relations - Instead of 'ConsentType', these are expressed as subclasses of the existing 'Consent' concept - Both new and previous relations are provided on the page - For previous relations, there's a WARNING comment regarding its planned deprecation in future releases - ConsentNotice and ConsentRecord have been added to Organisational Measure alongside other notice and record types - DPV-GDPR consent concepts have been updated to reflect the new types. Additional concepts to represent freely given, unambigious, etc. can similarly next be added to DPV or DPV-GDPR. 3) Risk - https://harshp.com/dpv-x/risk - Provides 7 levels for risk, severity, and likelihood based on common qualitative labels (ExtremelyLow to ExtremelyHigh) - Provides few categories of risk controls (to be expanded) - Provides a large list of consequences and impacts based on ISO/IEC 27005:2018 - these are aligned with DPV's concepts, e.g. Damage and Harm. These are not intended to be discussed individually as they will take up a large amount of time. Discussions are therefore suggested over other means e.g. mailing list, GitHub issues - List of risk assessment techniques (e.g. DPIA) based on ISO/IEC 27005:2018 - Risk Matrices of size 3x3, 5x5, and 7x7. These are accompanied with values for each specific node, e.g. Row 1, Col 1 in 3x3 has Risk, Severity, and Likelihood Level as Moderate. This isn't reflected well in the HTML (e.g. they all have the same label) or RDF, but it will be changed soon. 4) Rights - https://harshp.com/dpv-x/rights/eu - Simple list taken from EU Charter of Fundamental Rights 5) Full Changelog - https://github.com/coolharsh55/dpv-x/blob/master/documentation-generator/logs/changelog.txt --- Issues, Queries, Suggestions - let me know. Regards, -- --- Harshvardhan J. Pandit, Ph.D Research Fellow ADAPT Centre, Trinity College Dublin https://harshp.com/
Received on Monday, 15 August 2022 15:27:54 UTC