- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Thu, 14 Sep 2023 14:04:18 +0100
- To: Iain Henderson <iain@jlinc.com>
- Cc: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Hi Iain. Well put - yes I recall going over the GDPR documents and seeing lots of things that didn't make the 'final cut' e.g. machine-readable data portability. For DPV's future, IMHO, we should consider the user / individual / societal side of "vocabulary" as well - though that comes with lack of consistency that we need to find a way to address. A good starting point could be using the ISO/IEC 29184 to do privacy notices which will have terms for the individual's comprehension as well as legal vocabularies underlying to keep them connected to compliance. Regards, Harsh On 14/09/2023 10:43, Iain Henderson wrote: > That’s great Harsh. Yes I agree that DPV rightly focuses on data management from the organisational and regulatory perspective. But that when it comes to personal data, there is always a person on the other side of that personal data record; that regulations currently assume little capability on that side is a fault of the regulation, not the person. Ironically, I remember the early stakeholder conversations around what became GDPR (in 2011) included as in scope that an individual could be more than a data subject. Somewhere between meeting 1 and meeting 2 that concept got lobbied out. > > No matter, what you have built in DPV is a great asset that can be leveraged from the individual perspective. That IRI’s and descriptions exist for many of the key terms means that with enough thought and effort, what organisations do around data sharing agreements can be heavily influenced from the outside. > > It would be great to continue to explore that space with you. > > Cheers > > Iain > >> On 7 Sep 2023, at 18:38, Harshvardhan J. Pandit <me@harshp.com> wrote: >> >> Hi Iain. Thanks for wording it out this way (see quoted text below). >> I support this perspective on the usefulness of DPV - albeit also acknowledging that we haven't worked on its explicitly but I see that as a limitation of the regulations being organisation-centric. >> I am willing and support exploring the other side of this i.e. what might it mean to have individual-centric perspectives - while still being faithful of DPV's scope in following existing regulations. >> >> - Harsh >> >> On 07/09/2023 08:10, Iain Henderson wrote: >>> On the other side (empowered individuals); that is clearly wide open with no particular regulatory guidance in place. We are all assumed to be un-empowered data subjects with the rights that gives us; but nothing more than that. >>> Where I’m coming from is that DPV is a means through which empowered individuals can begin to point to specific things, in the knowledge that those things can easily be understood by, and relevant to, the organisations that hold data on them. >> >> -- >> --- >> Harshvardhan J. Pandit, Ph.D >> Assistant Professor >> ADAPT Centre, Dublin City University >> https://harshp.com/ >> > -- --- Harshvardhan J. Pandit, Ph.D Assistant Professor ADAPT Centre, Dublin City University https://harshp.com/
Received on Thursday, 14 September 2023 13:04:24 UTC