Re: Contract

Hi,

on contracts, I would also consult the eProcurement Ontology: https://eprocurementontology.github.io/#contrac<https://eprocurementontology.github.io/#contract>t

kr,

Bert
________________________________
From: Harshvardhan J. Pandit <me@harshp.com>
Sent: Friday, 3 November 2023 17:57
To: Tek Raj Chhetri <tekrajchhetri@gmail.com>; public-dpvcg@w3.org <public-dpvcg@w3.org>
Subject: Re: Contract

Hi Tek.
Thanks for sharing this. I have made comments in the spreadsheet itself.

More thoughts on the modelling of contracts under DPV:

1) DPV should prefer normative terms where possible (where normative
means as it is legally enforceable). In this case, it would be contract
law which I know little about. I presume SmashHit as a project had the
necessary legal expert involvement for their use-cases, but I'm not
quite sure the definitions in the document are generalised enough for DPV.

Do we have a legal expert who can sanity check this for DPV?

2) FIBO and GIST specifically model business contracts (SmashHit
ontology references FIBO) and have ability to express relevant
information such as contract categories, parties, elements of a
contract, and specific relations such as "has contract party", "has
contractual element", and "has effective date". See
https://spec.edmcouncil.org/fibo/ontology/FND/Agreements/Contracts/Contract

Can we reuse these? IF not, then why not? I see similar concepts in the
proposed set but with different definitions. I presume FIBO and GIST are
"normative" in their concepts and definitions given their background.

For the scope of this concept, DPV should only provide 'metadata' about
the contract, including limited content such as what personal data is
involved, which service, purpose, etc. We should NOT be aiming to write
a full legal agreement / contract using DPV. Should we point to FIBO for
contract information and ODRL to express contents of a contract?

3) DPVCG's (and DPV's) scope is to have contract be the legal basis for
processing of personal data (DGA has non-personal data contracts, which
should be expressed as a concept separately). So the contract categories
should be a reflection of this category of use-cases similar to how
consent is categorised based on the requirements (informed, explicit).

As I said earlier, I'm a blank for contract law. But I'd like to see
aspects such as whether the contract was drafted by a service provider
and accepted by consumer (with no negotiation), or whether the contract
was a 2-party agreement e.g. both controller and data subject involved.
Such categorisation should help in interpreting and applying the
contract - just like with consent types we identify requirements for
"valid consent".

4) Contract as a legal basis can also be B2B e.g. data controller and
third party (thanks to Jan for asking about this). Should this be in the
scope of DPV? IMHO - no because it is a separate domain/use-case though
DPV can help express its contents (e.g. purpose, TOMs).

 From a EU-centric view we have GDPR Art.6-1b state "contract to which
the data subject is party" as the legal basis and not just a "contract".
So my suggestion is that DPV's (personal data) contract MUST be with the
data subject as a party.

NOTE: contract between controller and processor is not covered under
legal basis, but under organisational measure even if it is a "legal
basis" from the processor's POV. Same for controller and third party.

0) With this discussion under way, we have other legal basis that also
need similar information - using GDPR Art.6-1 list:
a) consent - done
b) contract - ongoing
c) legal obligation - none
d) vital interests of person - none
e) public interest - none
e) official authority - none
f) legitimate interest of controller - none
f) legitimate interest of 3rd party - none

We also have DGA's legal basis, which include "donated data" type
scenarios for altruistic purposes (which AFAIK fit e) public interest).

Regards,
Harsh


On 03/11/2023 15:27, Tek Raj Chhetri wrote:
> Dear all,
>
> I am writing to share the contract related vocabularies from the
> smashHit project to be integrated into DPV. I had shared it with Harsh
> and there're comments, which I will be fixing soon. In the meantime, if
> there're any further comments, you can directly make a comment.
>
> Link:
> https://docs.google.com/spreadsheets/d/1-whatFmVqP0XkSp90p_KsGN82TQ3h6CgA8zDSHk92kg/edit?usp=sharing <https://docs.google.com/spreadsheets/d/1-whatFmVqP0XkSp90p_KsGN82TQ3h6CgA8zDSHk92kg/edit?usp=sharing >
>
> Thank you.
>
> Best,
> Tek

--
---
Harshvardhan J. Pandit, Ph.D
Assistant Professor
ADAPT Centre, Dublin City University
https://harshp.com/

Received on Friday, 3 November 2023 17:04:04 UTC