Meeting minutes
Meeting minutes: https://
purl for this meeting: https://
Justifications
<ghurlbot> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by coolharsh55)
Conclusion of discussion: okay to consider this complete and do GDPR linkage after v2 is released
Involved/Active Statuses
<ghurlbot> Issue 116 Add Intended and Active Data Subject categories (by coolharsh55)
Conclusion of discussion: okay to consider this complete
<ghurlbot> Issue 108 Revise Automation and HumanInvolvement concepts (by coolharsh55)
steveHickman: shouldn't revert concepts be modelled as subsets of correct concepts
group agreed to go back to this issue next week
Tech extension
Actors prefix
<ghurlbot> Issue 142 Changing tech:TechnologyActor to tech:Actor (by coolharsh55)
Conclusion of discussion: okay to consider this complete
Cloud concepts
<ghurlbot> Issue 47 ecifying "Cloud Computing" in DPV-TECH (by coolharsh55)
No conclusion - discuss again next week
AI Act Prospective Provider
<ghurlbot> Issue 146 Propose "prospective provider" as a concept (by coolharsh55)
georgKrog: if we had this concept, would we need to add similar ones for another entities, e.g., controller, processor, …?
julianFlake: ok to have the concept in the AI Act extension as the term is explicitly defined there, but we shouldn’t model generic ones on the DPV spec or else we would need the same concept for other entities and even other type of prospective concepts, e.g., statuses.
Conclusion from discussion: accept term to be added into the AI Act extension
GDPR Principles
julianFlake: see live version https://
georgKrog: concepts are useful for DPIAs. Tytti is looking into nacional guidelines for DPIAs and from those more concepts should be added in the future
steveHickman: should concepts be added in the GDPR extension and have generic ones on the main spec
beatriz: no need for generic ones for now but this can be revisited in the future if similar principles are found in other jurisdictions
Conclusion of discussion: okay to consider this complete
Consent Controls
<ghurlbot> Issue 115 Add Measures for Obtain, Withdraw, etc. for Consent and other Actions (by coolharsh55)
markLizar: should we distinguish consent as a individual-centric concept from businesses permissions to use data
markLizar: do we need a term to refer to the capture of consent
georgKrog: (with beatriz) the proposed control term ‘record’ is better for that case as it is mentioned in the law and also used by ISO 27560
beatriz: do we need to find ways to connect the controls with legal basis? Similar to what we did in connecting legal basis with data subject rights in the GDPR extension?
No conclusion - discuss again next week
Next meeting
The next meeting will be in 1 week on WED 22 May 14:00 WEST / 15:00 CEST. Agenda continued from today's continued discussions and other items on the agenda not discussed.