W3C home > Mailing lists > Public > public-dpvcg@w3.org > May 2022

Proposal: Concepts relevant for DPIA

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Tue, 24 May 2022 18:37:36 +0100
Message-ID: <1e503d99-d9f2-d7e9-1944-54ac3078a7fd@harshp.com>
To: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Please see a proposal discussing documenting DPIA information using DPV 

repo: https://github.com/coolharsh55/dpv-dpia
summary: https://harshp.com/dpv-dpia/
draft paper: https://harshp.com/dpv-dpia/paper/paper.html

I only realise now that I haven't clearly indicated that the DPIA reuses 
DPV concepts, e.g. Purpose, PersonalData, DataController and so on. I'm 
working on better documentation, adding more concepts for risks, 
mitigations, and impacts, etc. But the basic structure of proposal is as 
I'm sharing now.

--- Risks ---

There's a separate risk ontology based on ISO 31K family 
(https://github.com/coolharsh55/riskonto) that is also work in progress 
for risk related concept, and it will be aligned with DPIA and DPV in 
terms of risk, mitigation, consequence, and impact.

Whether we want to include basic concepts such as Risk Levels, Severity, 
Likelihood, in DPV (main), or extension, or keep this entirely separate 
is for discussion. I've intentionally kept the risk ontology as 
lightweight as possible, but there are lots more that could be modelled 
(see https://github.com/coolharsh55/riskonto/blob/master/riskos.ttl)

Harshvardhan J. Pandit, Ph.D
Research Fellow
ADAPT Centre, Trinity College Dublin
Received on Tuesday, 24 May 2022 17:37:04 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 24 May 2022 17:37:05 UTC