DPV consent standards work wins Best Paper at Annual Privacy Forum from Harshvardhan Pandit on 2024-09-09 (public-dpvcg@w3.org from September 2024)

From: Harshvardhan Pandit <me@harshp.com>
Date: Mon, 9 Sep 2024 12:29:47 +0100
To: "public-dpvcg@w3.org" <public-dpvcg@w3.org>
Cc: Jan Lindquist <jan@linaltec.com>, Georg Philip Krog <georg@signatu.com>
Message-ID: <8f006f60-a1c2-44d2-b39d-3baddf8c953f@harshp.com>

Hi All.
On behalf of myself, Jan Lindquist, and Georg Krog - who are all 
contributing members to the DPVCG, I'm happy to announce our paper " 
Implementing ISO/IEC TS 27560: 2023 Consent Records and Receipts for 
GDPR and DGA" was awarded the "Best Paper Award" at the Annual Privacy 
Forum 2024 (APF) organised by ENISA and the EU Commission.

As the chair of the DPVCG, I'm delighted with this impact and 
recognition of the hard and excellent work that we have been doing. The 
presentation at APF also enabled putting DPV in front of several Data 
Protection Authorities and practioners - which is another milestone.

The paper is based heavily only the DPV implementation guide for consent 
as per the ISO/IEC TS 27560:2023 standard - of which Jan was a co-editor 
and I was a contributor. We explain how the standard aligns with GDPR, 
and how to create interopreable standards-based consent records and 
receipts with DPV. We also discuss how this DPV work will work with the 
DGA and eIDAS as well as EUDI Wallets (which Jan has ongoing work on).

The paper is available as open access: 
https://doi.org/10.1007/978-3-031-68024-3_12
The slides are available online: 
https://harshp.com/presentations/2024/APF-27560/APF-27560.pdf
Annual Privacy Forum: https://privacyforum.eu/

For further work in this particular area, both Jan and myself has 
proposed that the 27560 standard be made free / open-access in the 
interest of public benefit similar to other ISO standards. We are 
awaiting a formal reply on the matter. Separately, we are also exploring 
how to adopt this standard as an EN - which will permit its formal 
recognition and use in regulations/policies within EU.

To further enable the use of DPV and ISO/IEC TS 27560:2023, myself and 
Georg (Signatu) are creating a technical 'schema' for communicating and 
interpreting consent records and receipts. This addresses the potential 
'infinite combinations' problem of using DPV as different entities can 
create different schemas and interpret it in different ways. Instead, we 
are working on a technical specification that allows use of JSON/JSON-LD 
where the schema and interpretation are fixed/determinisitc - based on 
the practical use-cases and experience of Signatu as a Consent 
Management Platform.

If you are interested in this work, or want to implement or support its 
development, please reach out to us.

Regards,
-- 
---
Harshvardhan J. Pandit, Ph.D
Assistant Professor
ADAPT Centre, Dublin City University
https://harshp.com/

Received on Monday, 9 September 2024 11:29:53 UTC