- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Sun, 12 May 2024 16:35:22 +0100
- To: Data Privacy Vocabularies and Controls Community Group <public-dpvcg@w3.org>
- Cc: Delaram Golpayegani <delaram.golpayegani@adaptcentre.ie>, Georg Philip Krog <georg@signatu.com>
Hi. I've played around with how to describe the 'purpose' of technology, and tried out using Function, Goal, and also TechnologyPurpose - which all were not clear or were ambiguous/confusing with DPV's existing Purpose. Using the existing dpv:Purpose taxonomy is not feasible because it is meant to be a high-level description or end-goals, whereas technology 'purpose' can be just about anything (e.g. store data). Based on earlier discussion's with Delaram around AI Act, I think using IntendedUse (not IntendedPurpose) might be a solution here. See https://github.com/w3c/dpv/issues/85#issuecomment-2106286745 for an example. In this, the technology/service would have an IntendedUse description that say what it can be used for (so we avoid calling it purpose), and then when someone uses the technology they can have their own IntendedUse to describe what they are planning to use it for. This IntendedUse can be a DPV purpose, or processing, or tech/org measure - anything. When using the service in an activity, the entity keeps data processing records as usual - with the (GDPR) purpose, etc. and additionally indicates the it is implemented using the service. Through this, the actual use can be compared with the company's documented intended used as well as the supplier/provider's intended use. What do you think about taking this approach? -- --- Harshvardhan J. Pandit, Ph.D Assistant Professor ADAPT Centre, Dublin City University https://harshp.com/
Received on Sunday, 12 May 2024 15:35:30 UTC