- From: Bert Van Nuffelen <Bert.Van.Nuffelen@tenforce.com>
- Date: Fri, 3 Nov 2023 17:03:53 +0000
- To: "Harshvardhan J. Pandit" <me@harshp.com>, Tek Raj Chhetri <tekrajchhetri@gmail.com>, "public-dpvcg@w3.org" <public-dpvcg@w3.org>
- Message-ID: <VI1P191MB07833454C28E50CD62201265D6A5A@VI1P191MB0783.EURP191.PROD.OUTLOOK.COM>
Hi, on contracts, I would also consult the eProcurement Ontology: https://eprocurementontology.github.io/#contrac<https://eprocurementontology.github.io/#contract>t kr, Bert ________________________________ From: Harshvardhan J. Pandit <me@harshp.com> Sent: Friday, 3 November 2023 17:57 To: Tek Raj Chhetri <tekrajchhetri@gmail.com>; public-dpvcg@w3.org <public-dpvcg@w3.org> Subject: Re: Contract Hi Tek. Thanks for sharing this. I have made comments in the spreadsheet itself. More thoughts on the modelling of contracts under DPV: 1) DPV should prefer normative terms where possible (where normative means as it is legally enforceable). In this case, it would be contract law which I know little about. I presume SmashHit as a project had the necessary legal expert involvement for their use-cases, but I'm not quite sure the definitions in the document are generalised enough for DPV. Do we have a legal expert who can sanity check this for DPV? 2) FIBO and GIST specifically model business contracts (SmashHit ontology references FIBO) and have ability to express relevant information such as contract categories, parties, elements of a contract, and specific relations such as "has contract party", "has contractual element", and "has effective date". See https://spec.edmcouncil.org/fibo/ontology/FND/Agreements/Contracts/Contract Can we reuse these? IF not, then why not? I see similar concepts in the proposed set but with different definitions. I presume FIBO and GIST are "normative" in their concepts and definitions given their background. For the scope of this concept, DPV should only provide 'metadata' about the contract, including limited content such as what personal data is involved, which service, purpose, etc. We should NOT be aiming to write a full legal agreement / contract using DPV. Should we point to FIBO for contract information and ODRL to express contents of a contract? 3) DPVCG's (and DPV's) scope is to have contract be the legal basis for processing of personal data (DGA has non-personal data contracts, which should be expressed as a concept separately). So the contract categories should be a reflection of this category of use-cases similar to how consent is categorised based on the requirements (informed, explicit). As I said earlier, I'm a blank for contract law. But I'd like to see aspects such as whether the contract was drafted by a service provider and accepted by consumer (with no negotiation), or whether the contract was a 2-party agreement e.g. both controller and data subject involved. Such categorisation should help in interpreting and applying the contract - just like with consent types we identify requirements for "valid consent". 4) Contract as a legal basis can also be B2B e.g. data controller and third party (thanks to Jan for asking about this). Should this be in the scope of DPV? IMHO - no because it is a separate domain/use-case though DPV can help express its contents (e.g. purpose, TOMs). From a EU-centric view we have GDPR Art.6-1b state "contract to which the data subject is party" as the legal basis and not just a "contract". So my suggestion is that DPV's (personal data) contract MUST be with the data subject as a party. NOTE: contract between controller and processor is not covered under legal basis, but under organisational measure even if it is a "legal basis" from the processor's POV. Same for controller and third party. 0) With this discussion under way, we have other legal basis that also need similar information - using GDPR Art.6-1 list: a) consent - done b) contract - ongoing c) legal obligation - none d) vital interests of person - none e) public interest - none e) official authority - none f) legitimate interest of controller - none f) legitimate interest of 3rd party - none We also have DGA's legal basis, which include "donated data" type scenarios for altruistic purposes (which AFAIK fit e) public interest). Regards, Harsh On 03/11/2023 15:27, Tek Raj Chhetri wrote: > Dear all, > > I am writing to share the contract related vocabularies from the > smashHit project to be integrated into DPV. I had shared it with Harsh > and there're comments, which I will be fixing soon. In the meantime, if > there're any further comments, you can directly make a comment. > > Link: > https://docs.google.com/spreadsheets/d/1-whatFmVqP0XkSp90p_KsGN82TQ3h6CgA8zDSHk92kg/edit?usp=sharing <https://docs.google.com/spreadsheets/d/1-whatFmVqP0XkSp90p_KsGN82TQ3h6CgA8zDSHk92kg/edit?usp=sharing > > > Thank you. > > Best, > Tek -- --- Harshvardhan J. Pandit, Ph.D Assistant Professor ADAPT Centre, Dublin City University https://harshp.com/
Received on Friday, 3 November 2023 17:04:04 UTC