Meeting minutes
Meeting minutes: https://
purl for this meeting: https://
GDPR Rights Justifications
<ghurlbot> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by besteves4)
beatriz: justifications to be added for: delay, exercise, non-fulfillment, and the justifications from article 34 are modelled as not-required
beatriz: Article 23 regarding Exemptions to GDPR that are possible by member states has been taken out and is not in justifications anymore
georg: will have a new look but the current terms are okay to continue with
georg: EDPB published proposal on the exercise of rights that is relevant here and which should be reviewed for work on rights exercise. See CEF 2024: Launch of coordinated enforcement on the right of access https://
next steps on this are to produce the general Justifications extension which will then by extended within the existing GDPR extension under a Justifications section. So there will be two difference HTML pages.
AI Act
<ghurlbot> Issue 106 Propose concepts from the AI Act (by coolharsh55)
<ghurlbot> Issue 126 AI Extension to provide AI-specific concepts (by coolharsh55)
delaram: Question about which concepts should go in which extension - Tech or AI Act or DPV? Looking at ISO 22989 definitions to be used in the tech extension - the wording is different from the AI Act e.g. General Purpose AI System. Some definitions are similar and aligned. Others need analysis.
delaram: Aligning concepts between AI Act and Tech extension. Example - deep fake
steveHickman: IOPD is looking for definitions such as these so how to create this?
harsh: definitions that are expected to be important should have authoritative sources for definitions, and we can use multiple definitions and sources for our concepts as long as they are not conflicting with each other
harsh: Lets start with concepts that are easily aligned between AI Act and Tech to create the respective drafts and proposals which will then get updated with time. We can use AIRO and VAIR as the basis to do Tech extension. Are they up to date? Can we use them like this?
delaram: VAIR is up to date, AIRO is being updated at the moment for the AI Act. But they can be used for this.
TOM concepts
harsh: dpv:ROPA being added. Other Organisational measures in the spreadsheet that are proposed should be reviewed and resolved - please review and help resolve these.
harsh: For the Legal measure taxonomy, I have copied the Organisational measures and then the task is to go through each measure and if it is a 'legal implementation' then we keep it in the taxonomy. For example, contracts are but (generic) notice is not.
harsh: One challenge here is with 'Contract' which is a term for both legal basis and legal measure - how to resolve this?
paul: can we use 'contractual necessity' instead of contract for the term?
harsh: that will not be a good idea as we don't want to change the existing 'contract' legal basis - so ideally we can have a new term for the legal measure.
harsh: how about ContractualMeasure?
discussion concluded with agreement that this can be useful as a legal measure - to be reviewed in next meeting
Resource Paper
Writing the paper
harsh: beatriz and I met on Friday to discuss the paper. We took the DCAT paper as an example, and identified the sections that should be present in the paper based on the requirements of the call. See https://
Usage Analysis
harsh: a key section in the paper is how the vocabulary is being adopted and used - for this we should analyse the citations for the previous DPV paper and identify how DPV is being used or cited. This will be a superficial preliminary analysis e.g. to see if DPV is merely cited as a state of the art resource, or the work expands on it, or identifies any gaps or weaknesses. Currently as per Google Scholar, we have something close to 70-80 citations. Excluding citations from this group, we may have approximately 50 citations. This work requires volunteers. Previous analysis on this was put on the wiki - https://
harsh, delaram, paul, tytti, beatriz will divide the work and analyse the citations
harsh: For other uses of DPV e.g. commercial, policy - will liase with georg and others to collect this information. We already have some Horizon projects which use DPV, standards that reference or want to use it, etc.
georg: would like to read and review the paper
georg: European Data Innovation Board had a meeting on MAR-07, no minutes available. Trying to share DPV with them. DPV was shared earlier with DG-CNECT - so trying to see if DPV made the agenda or to get a meeting with the GDPR folks
Timeline
harsh: the deadline for the paper is APR-17, aiming to have a draft available by MAR-31 so that people can see what content is expected to be present in the paper and how it is structured while the paper is being polished and completed
DPV v2
Risk Extension
steveHickman: was looking at the risk extension issue on Github - we are working on risk definitions which differ a lot.
<ghurlbot> Issue 104 Re-evaluate Risk Assessment concepts #104 (by coolharsh55)
<ghurlbot> Issue 74 Add Risk Management concepts from ISO 31000 series (by coolharsh55)
harsh: yes, this will probably be based on the ISO definitions which are the most suitabe 'standard' - though very generic and there are too many variances to the concept.
issue management
harsh: have analysed the github issues and will be updating/resolving them in the coming week - some issues may not be visible as they are closed
w3id config
harsh: the W3ID config through which our purl e.g. https://
beatriz: the broken links have already been pointed out by Pat McBennett - so this should be resolved soon
DPV marketing page
harsh: a challenge in sharing the link to DPV is that it takes the viewer straight to the technical specification which can be intimidating and verbose for a new person to figure out what DPV is, what it contains, where it can be used etc. How about we setup a 'marketing page' for DPV which gives this information in a easy format and then the technical specifications can be where they are. The marketing page can be what is easily shared with other people e.g. dpvcg.org and is much easier than sharing a complex w3id url or a github page.
georg: like the idea, support it
no other responses, this will be taken up again in the next meeting.
Next Meeting
Next meeting will be in 1 week, on WED MAR-20 15:00 WET / 16:00 CET.
Topics for discussion are
1) Rights Justification - finalise output and produce documentation - beatriz, harsh
2) AI Act and Tech concepts by delaram - identify 'simple' subset of concepts to add, start work on AIRO and VAIR integrations
3) TOMs by harsh - to resolve the proposed concepts
4) w3id config update by harsh
5) github issues update by harsh
6) dpv marketing page by harsh
7) dpv resource paper