- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Tue, 17 Mar 2020 22:16:07 +0000
- To: Henry Story <henry.story@bblfish.net>, semantic-web <semantic-web@w3.org>
Hi Henry, everyone. I'm replying specifically for #12 regarding GDPR policies. On 17/03/2020 13:02, Henry Story wrote: > 12. Machine Readable GDPR Policies > > The following blog post details in a couple of paragraphs each of > these points with illustrations and links where helpful > https://medium.com/@bblfish/use-cases-for-the-web-of-nations-361c24d5eaee What you are describing in your post (https://medium.com/@bblfish/use-cases-for-the-web-of-nations-361c24d5eaee#e21a) is essentially what P3P (https://www.w3.org/P3P/) was supposed to be in spirit. The largest challenge to having machine-readable privacy policies is (IMHO): (1) the lack of a legal impetus or requirement to provide them as such. Even when a law, such as the GDPR, requires some specific information to be included, organisations routines do not provide such information. (2) lack of structured machine-readable metadata to specify information to be presented in a privacy policy. P3P was an effort in this direction. I have been involved in a related effort called the Data Privacy Vocabulary (DPV) http://w3.org/ns/dpv which can be applied in the context of specifying privacy policy metadata. To date, AFAIK, there isn't a 'complete' solution for specifying the entirety of privacy policy in the form of machine-readable metadata. (3) even where the onus of providing metadata is on the organisation, the onus of developing tools/solutions to interpret the metadata (even if for viewing/display) falls on the society at large - and currently I think only academia is looking at this solution from a research project POV. Current focus is mostly related to abstract categorisation of privacy policy (see UsablePrivacy https://explore.usableprivacy.org/ ; Polisis https://pribot.org/polisis) and/or on consent, and using that to display visualisation, graphs, analysis of privacy policy and consent information. However, a privacy policy is supposed to contain information other than those currently captured/represented, such as other legal bases/justifications, applicable laws/jurisdictions, rights, etc. There is ongoing work, (e.g. see Polisis above and CLAUDETTE http://www.claudette.eu/gdpr/) given GDPR's obligations on inclusion of certain data, but again - this is a social/community effort with diverging approaches and a marked lack of open data regarding privacy policy metadata or ontology which everyone can use, adopt, and build upon to provide the solution you allude to in your post. Regards, -- --- Harshvardhan Pandit PhD Researcher ADAPT Centre Trinity College Dublin
Received on Tuesday, 17 March 2020 22:16:22 UTC