- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Tue, 27 Aug 2024 20:24:46 +0100
- To: Georg Philip Krog <georg@signatu.com>
- Cc: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>, Tytti Rintamäki <tytti.rintamaki@adaptcentre.ie>
Hi Georg. Thank you for the distinction. Yes, the intent is to model how the right is affected/impacted, so that it can be used in risk/impact assessments to identify the consequences of a process on specific rights. The goal is to keep it simple enough that it is feasible for organisations and individuals to do this activity without getting into the complexities of a full legal investigation or discourse regarding rights. Regards, Harsh On 27/08/2024 19:11, Georg Philip Krog wrote: > Hi Harsh > > Thank you for sharing. > > There are many types of rights (correlative to an obligation, not correlative to an obligation, etc), and they can be enforcable or not enforcable, and a breach of a right can give liability or no liability. > > Do you want to express how a right can be affected regardless of the above? > > Best regards > Georg > >> 27.08.2024 kl. 19:00 skrev Harshvardhan J. Pandit <me@harshp.com>: >> >> Hi. >> Below is my proposed rights taxonomy. I'm not a legal expert, so this is based on identifying the different ways in which rights are discussed and looking up materials discussing rights. The goal of the taxonomy is to assist in identifying what the 'impact' of a process would be on a particular right or rights e.g. if a technology fails, which of these are likely to happen, and if they happen then how will the associated right be affected. >> >> - `RightDenied' - denial that a right exists or applies e.g. argue >> that GDPR Art.20 data portability does not apply at all to data >> inferred by a Controller. The denial of the right refers to the >> argument that a right does not apply at all for a particular case. >> - `RightLimited' - limit the scope of a right e.g. argue that GDPR >> Art.20 does not apply to data inferred by a Controller. The >> limitation refers to the applicability and scope of the right, and >> not in the ability to exercise that right. Limitation is therefore >> fulfilment of the right and its obligations - but for a scope other >> than what was intended or expected. >> - `RightUnfulfilled' - unfulfilment of a right exercise e.g. not all >> data provided for GDPR Art.20. Here unfulfilment refers to >> non-completion of the right's obligations and processes. >> - `RightViolated' - breach of a right in terms of its obligations, >> typically in a deliberate fashion e.g. the controller intentionally >> does not support Art.20 implementation for a specific data category >> to avoid providing the data. Violation of a right is a bar for >> actionable actions by an authority. Other impacts on right may be >> found to construe a violation of the right, but that is not >> necessarily always the case i.e. not all impacts are violations of a >> right. >> - `RightEroded' - weakening of the right e.g. the right to privacy is >> gradually eroded by normalising surveillance advertising on the >> web. Erosion of rights typically only applies to passive rights >> which always apply, since for active rights the exercise of that >> right is what enables it. An active right can be eroded over time it >> is limited consistently and increasingly such that the scope of the >> right is reduced over time. >> - `RightObstructed' - obstruction of the right or its exercise >> e.g. administrative procedures make it difficult to exercise the >> Art.20 and require excessive form filling and other cumbersome >> activities like identity verification. In obstruction, the right is >> not denied, limited, or unfulfilled - but the requirements to enable >> exercise of the rights are increased to the point of discouraging or >> obstructing the exercise of that right. >> >> - Other terms considered, which were then simplified in the above >> taxonomy. The simplification is to reduce the number of concepts >> required to describe the impact for each right i.e. creating 6 >> impacts for each right instead of the 15 or so below. >> * Infringement: delay or limit a right, which could be partial >> infringement to refer to delaying or limiting part of a right, or >> complete infringement which would mean delaying or limiting the >> entire right >> * Violation: direct/intentional or indirect >> * Erosion: gradual or systemic >> * Denial: explicit/directly or implicit >> * Obstruction: administrative/procedural or systematic >> (e.g. technology) >> >> Regards, >> -- >> --- >> Harshvardhan J. Pandit, Ph.D >> Assistant Professor >> ADAPT Centre, Dublin City University >> https://harshp.com/ >> -- --- Harshvardhan J. Pandit, Ph.D Assistant Professor ADAPT Centre, Dublin City University https://harshp.com/
Received on Tuesday, 27 August 2024 19:24:53 UTC