Meeting minutes
Meeting minutes: https://
purl for this meeting: https://
introductions - alexJarju, victorLopezJuarez, jenniParry, robBrennan
Justifications
<ghurlbot> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by coolharsh55)
georg and paul have looked through the spreadsheet and have comments - to be resolved with/when beatriz is available
Human Involvement
<ghurlbot> Issue 108 Revise Automation and HumanInvolvement concepts (by coolharsh55)
Discussed Automation concepts from last meeting - okay to continue with ReverseOutput and reverseEffects as two distinct concepts.
Controls
<ghurlbot> Issue 115 Add Measures for Obtain, Withdraw, etc. for Consent and other Actions (by coolharsh55)
Discussed and okay to continue with general controls as the alternative would be too many specific controls
AI Act
<ghurlbot> Issue 106 Propose concepts from the AI Act (by coolharsh55)
delaram: what's the best way forward for this work? In approx. 1 month can propose existing work of AIRO and VAIR to be integrated in DPV. Specific concepts need discussion and prioritisation - risk management, FRIA, conformity. Specific roles e.g. Notified Body. Question on whether these would be entities linked to GDPR.
AI extension
<ghurlbot> Issue 126 AI Extension to provide AI-specific concepts (by coolharsh55)
using ISO 22989 and AIRO/VAIR to populate this extension
v2 release schedule
harsh: had originally planned to complete this by April end, but we are a few tasks short of this. New goal would be end of May - am confident we can get it done by then.
harsh: tasks left are rights (will email georg, paul, and beatriz), documentation update, and landing page; and then the data breach guide for which the existing paper is sufficient.
NIS2 ontology
<ghurlbot> Issue 123 Add concepts from ENISA SotA Tech/Org Measures (by coolharsh55)
jenniParry presenting their project (with robBrennan) at UCD, Dublin on comparing ISO 27001 and ENISA guidelines with DPV to identify which concepts are missing
slides shared on mailing list (MAY-02) - https://
jenniParry: research question is how effective is DPV in meeting NIS2 requirements
jenniParry: proposing NIS2V ontology that provides ISO controls for DPV
jenniParry: findings - 101 27001 controls of which 89 are unique, 30 ENISA controls. Used the january version of DPV which has since changed
jenniParry: ENISA used 2013 version of 27001 whereas DPV mapping used the recent 2022 publication, there are changes e.g. Threat Intelligence (27001:2022)
georgKrog: NIS2 introduces new cybersecurity measures and they have to do a mapping +2/-2 levels upstream/downstream. So mapping should be done between 27001 and DORA as it is more comprehensive than NIS2
jenniParry: DORA is for financial regulation whereas NIS2 is general, hence the focus
robBrennan: DORA might be a good source for further refinement for the complex terms
paulRyan: what are the next steps?
jenniParry: continue building the ontology and then a question based tool for each control to determine maturity score
georgKrog: if a service is produced or delivered using different technologies will this work for each technology?
jenniParry: don't know yet
robBrennan: won't solve every term
harsh: what are the 24 missing terms from DPV that you found? Can you open a Github issue or share them so we know if we are missing anything major?
P7012 and Human extension
iainHenderson: P7012 is for individuals to initiate agreements on their terms. This is from customer commons, which is like creative commons but for customer oriented agreements. For this we need from DPV specific data, purposes, etc. which I will share requests for
steveHickman: who is working on the standard?
iainHenderson: Doc Searls would be the most well known, but there are many others. Standard is close to going to ballot state in a month.
iainHenderson: human extension in DPV for individual oriented concepts is being proposed from the meeting with harsh today in DCU
Paper on Consent Records
harsh: submitted paper to Annual Privacy Forum https://
georgKrog: submit to the Commission
Next meeting
The next meeting will be in 1 week on WED 08 May 14:00 WEST / 15:00 CEST. Agenda continued from today's discussions.