Controls for Entities to Obtain, Withdraw, Object etc. from Harshvardhan J. Pandit on 2024-04-14 (public-dpvcg@w3.org from April 2024)

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Sun, 14 Apr 2024 23:45:18 +0100
To: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
Message-ID: <c0cc92e1-edaa-491b-a9d5-28012afd27ad@harshp.com>

Hi.

I'm working on (the accumulated backlog) DPV v2 - see current plan 
https://github.com/w3c/dpv/milestone/4

In resolving issue #115 https://github.com/w3c/dpv/issues/115 regarding 
controls for consent regarding obtaining, withdrawing, etc. it occurred 
to me that such controls would also be needed for other measures e.g. 
permissions, contracts, legitimate interest.

Rather than creating terms for each one specifically (e.g. obtain 
consent, obtain contract) - what if we provided a generic list of 
controls that one Entity (e.g. Controller) provides to another Entity 
(e.g. Data Subject). I called these 'Entity Controls' for lack of a 
better word. These are different from tech/org measures which are about 
an Organisation implementing actions for its own sake, whereas Entity 
Controls are about one entity providing an action for another.

For example, Control Obtain can be used to provide information on how to 
obtain information (e.g. for rights, contracts); or Control Object can 
be used to provide information on how to object (e.g. for legitimate 
interest or processing in general). These controls can be used contextually:
- e.g. Contract hasEntityControl <ControlTerminate> to describe how to 
terminate the contract
- e.g. Service hasEntityControl <ControlTerminate> to describe hwo to 
terminate the service

Its usefulness is for cases where a Controller may be asked to describe 
how it is providing information to the data subject regarding obtaining 
consent or permission or a particular information associated with a 
notice, or providing option for objecting to legitimate interest or to 
processing (Art.21). This is a different question from how is the 
Controller implementing these processes within their own systems.

The current list of controls is on the github issue: 
https://github.com/w3c/dpv/issues/115#issuecomment-2054145671 and a live 
version can be seen at: https://harshp.com/dpv/dpv/#vocab-TOM-entitycontrol

TBD in the meeting on Wednesday.

Regards,
-- 
---
Harshvardhan J. Pandit, Ph.D
Assistant Professor
ADAPT Centre, Dublin City University
https://harshp.com/

Received on Sunday, 14 April 2024 22:45:27 UTC