Meeting minutes
Repository: w3c/dpv
Meeting minutes: https://
purl for this meeting: https://
Interpretation of Process
See https://
harsh: the email is asking about interpretation of e.g. multiple purposes and multiple data categories occuring in the same process. Interpretation should be all purposes apply to all data categories. To indicate separation i.e. some purposes apply to some data categories, nested processes should be used for separation. E.g. if we want to model a process X which specifies PurposeA applies to Data1, PurposeB applies to Data1 and Data 2, then we will
… have process X with nested process X1 for PurposeA and Data1, and X2 for PurposeB and Data1 and Data2.
julianFlake: it would be better to have a property to associate the concepts e.g. purpose, personal data and so on
harsh: we shouldn't have additional properties as we would have to create too many of them e.g. for legal basis and processing
harsh: suggestion is to use nested processes to create units who meaning is based on combination of concepts present in the process
julianFlake: so we would have subprocesses where a process has another process within itself where the subprocesses are processes in their own context
julianFlake: this was discussed earlier at some point as well?
harsh: yes, we discussed this and this is the interpretation we have in the examples but it isn't explicitly spelled out
discussed - agreed, and add note to the specification explaining this interpretation of processes
Planning next release
see https://
using github projects to discuss issues https://
workflow management
harsh: #148
harsh: the workflow going ahead will be based on gitflow where we have a main branch representing the stable work, a dev branch, and then feature branches
harsh: we put things on the main branch after they have been agreed or approved, and we use dev branch to show and discuss things while they are in development, and for individual or separate works we use feature branch e.g. diagrams by julian
harsh: we have 2.1-dev as the current development release based on https://
we agreed on this workflow, and closed the issue
archiving DPV
harsh: #45
<ghurlbot> CLOSED Issue 45 Preserving older versions of DPV and other resources (by coolharsh55) [release]
harsh: we have currently dpv deposited in LOV though waiting for extensions to be accepted, and then we have it on Zenodo. Anywhere else to deposit it?
no venues identified, issue marked as completed
diagrams for v2
julianFlake: no further updates - all diagrams are present, some minor diagrams being tested out but nothing pending for the specs
harsh: then we can mark this as done as the issue was about updating existing diagrams for v2 - we can continue working on more diagrams in general
… #166
<ghurlbot> CLOSED Issue 166 Update diagrams for v2 (by coolharsh55) [WIP] [docs] [review]
issue marked as completed
low priority
harsh: #171
<ghurlbot> Issue 171 Provide consolidated list of legal basis, rights, and other relevant concepts for each jurisdiction (by coolharsh55) [rights] [todo] [legal]
harsh: this was a suggestion from beatriz to provide all legal basis, rights, etc. from laws within a jurisdiction in one place - do we need this?
julianFlake: what would this mean in terms of implementation? sounds confusing
harsh: it would allow something like what we have on the legal page https://
beatrizEsteves: would be useful - but not essential
marked as low priority
beatrizEsteves: #36
<ghurlbot> Issue 36 Expressing preferred policies or templates (by csarven) [help-wanted] [question]
harsh: this was the issue about associating a policy or indicating a preferred one - recent discussion there about interpretation of policies to identify preference / outcome.
beatrizEsteves: this is ongoing work in ODRL CG so we should wait for that work to be completed and then build / integrate on it.
… Note #36 this is related to ongoing work in ODRL CG - therefore we will wait for that work and reuse / integrate it here
<ghurlbot> Added comment
issue assigned to beatriz to follow up on
beatrizEsteves: #160
<ghurlbot> Issue 160 Contributors should reference Agents, not a string literal list of authors (by jeswr) [todo] [docs] [code]
harsh: this is good practice but is not essential, though the amount of code change is substantial as both RDF generation and HTML generation code has to be changed
… #147
<ghurlbot> Issue 147 Create extension EU NIS2 (by coolharsh55) [WIP] [help-wanted] [eu-nis2]
harsh: #137
<ghurlbot> Issue 137 Move code for document/minute generation to another branch (by coolharsh55) [code]
harsh: this proposal (issue 137) is about moving the code folder from the repo main branch into a separate branch so the main branch only contains the outputs and people aren't looking at the csv we use as inputs - not essential
… #82
<ghurlbot> Issue 82 Provide vocabulary to specify purposes and permissions related to AI training (by scottkellum) [help-wanted] [proposal] [AI]
harsh: this was related to providing a way to indicate AI training should not happen on a website
beatrizEsteves: would be relevant for ODRL work
delaram: we had the AI ODRL profile that could be relevant here
harsh: realistically, this would be best placed within schema.org - so we identify the concepts and relations and can make a proposal there
… #24
<ghurlbot> Issue 24 Programmatic generation of documentation diagrams (by coolharsh55) [todo] [docs] [help-wanted]
julianFlake: not trivial as diagrams need some control over what concepts are used to produce the diagrams
… #139
<ghurlbot> Issue 139 Provide a 404 page for DPV (by coolharsh55) [todo] [docs] [code] [good first issue]
harsh: trivial and easy to do - will do it at some point when I'm bored and have a bit of time
… #26
<ghurlbot> Issue 26 DPV-ISO providing concepts from ISO terminology and standards (by coolharsh55) [proposal]
harsh: this is related to creating a new ISO extension representing mappings from DPV concepts to ISO terminology e.g. PII and PersonalData and so on.
harsh: also involves creating a vocabulary to represent standards and linking them to DPV concepts e.g. 27560 is for consent records
harsh: would be also helpful to represent specific standards and then use these e.g. indicate which are harmonised standards in the eu extension
beatrizEsteves: there is a standard associated with IDSA architecture that is being made an ISO standard
julianFlake: think that is based on an older DIN / German standard - interested in that
harsh: its better to open a separate dedicated issue for that - as this issue is about the ISO extension and mapping of concepts
… #129
<ghurlbot> Issue 129 Move content from W3C wiki to Github wiki, and close W3C wiki (by coolharsh55) [scope] [WIP] [docs]
harsh: easy to do - will be done over time by anyone
… #114
<ghurlbot> Issue 114 In 27560-records, how to identify the latest consent state? (by coolharsh55) [guide]
harsh: this had a bit of discussion but no conclusion - any solutions?
beatrizEsteves: this is relevant to work here in Gent, can have a student who will work on this. Also spoke with OSLO folks who have consent vocabulary
assigned to beatriz to follow up on
medium priority
beatrizEsteves: #135
<ghurlbot> Issue 135 Add biometric categories to Personal Data extension (by coolharsh55) [todo] [help-wanted] [personal-data] [good first issue]
harsh: this refers to adding more categories to PD - are there any in AI Act or in DPIA work?
delaram: AI Act mentions some biometrics but no specific list is given
tyttiRintamaki: nothing in DPIA analysis either
harsh: then we will keep this open to get the list of concepts and add them
… #138
<ghurlbot> Issue 138 Add CIA model to Tech/Org measures (by coolharsh55) [todo] [help-wanted] [dpv]
harsh: CIA model refers to infosec where we have Confidentiality, Integrity, and Availability. Having the tech/org measures specifically categorised to one or more of these categories would help select the correct concept.
harsh: data breaches are also categorised along the same concepts - so the cause can be expressed as a lack of some specific category measure
accepted the work is relevant
harsh: Note #138 work has been accepted and will be started in next version
<ghurlbot> Added comment
harsh: Note #135 identify what categories are present and add them to PD
<ghurlbot> Added comment
harsh: Note #114 beatriz to follow up on this from local implementation
<ghurlbot> Added comment
harsh: #94
<ghurlbot> Issue 94 Represent Datasheets and Model Cards with DPV (by coolharsh55) [todo] [help-wanted] [AI]
assigned to delaram
harsh: this is about taking datasheets and model cards and seeing how to represent them using DPV
delaramGolpayegani: what is the extent of this work? does it start from zero?
harsh: no, we had two EMILDAI students last year who did a mapping from GDPR to fields from these which can be used to which DPV concepts apply and which are needed. Then it will lead to a better version of datasheets and model cards.
… #43
<ghurlbot> Issue 43 Declaring additional axioms for DPV-OWL (by coolharsh55) [help-wanted] [owl]
harsh: would be good to have some assertions e.g. properties are functional or transitive, with more complex assertions stating combinations for subclasses
no takers so far
harsh: #31
<ghurlbot> Issue 31 Mappings from DPV to other vocabularies (by coolharsh55) [todo] [help-wanted]
harsh: for ODRL there is a separate issue, so for the other vocabularies what do we need to do?
beatrizEsteves: interested in PROV as that is relevant to work here
assigned to beatriz
julianFlake: is gist actually used or useful as it is listed here?
beatrizEsteves: it provides more details about organisations that is not present in DPV
harsh: an adopter requested it, so we added it to the list
… #75
<ghurlbot> Issue 75 Reuse/Refer to EUROVOC concepts for EU's fundamental rights (by coolharsh55) [rights] [WIP] [help-wanted] [eu-rights]
harsh: this is straightforward to do as it will require providing a link to the eurovoc concept
… #89
<ghurlbot> Issue 89 Multi-lingual labels and descriptions for concepts (by coolharsh55) [todo] [docs] [help-wanted] [code]
harsh: this requires a bit of work, already started on this for v2 but stopped as we didn't have enough manual reviews - will have this for 2.1
… #130
<ghurlbot> Issue 130 Alignment with ODRL (by besteves4) [scope] [WIP] [help-wanted]
beatrizEsteves: this is of interest to ODRL CG as well, aim to get this done in the next release
High priority
beatrizEsteves: #123
<ghurlbot> Issue 123 Add concepts from ENISA SotA Tech/Org Measures (by coolharsh55) [WIP] [help-wanted] [dpv] [eu-nis2] [good first issue]
harsh: this includes measures mentioned in ENISA documents as well as the NIS2 work suggested by Jenni
… #110
<ghurlbot> Issue 110 Add concepts from ISO 22989:2022 AI Terminology (by coolharsh55) [todo] [help-wanted] [AI] [good first issue]
assigned to delaram
harsh: #111
<ghurlbot> Issue 111 Model information about legal bases (by coolharsh55) [todo] [help-wanted] [dpv]
harsh: some ongoing work here
… #12
<ghurlbot> Issue 12 Use-Cases and Examples showing how vocab can be used (by coolharsh55) [use-case] [example] [todo]
harsh: important that we have use-cases and examples as best practice ; we have some 70 examples at the moment but need a review to see whether any examples should be provided which aren't
harsh: use-cases are important to show how concepts are produced and where applications of DPV are envisioned ; see e.g. https://
… #48
<ghurlbot> Issue 48 Specify association between law, authority, and jurisdiction in documentation of respective concepts (by coolharsh55) [legal] [fix-this]
harsh: this is an issue where the relation between law, authority, and jurisdiction is not shown in the HTML e.g. see legal page where only laws are listed
harsh: better to fix this in this version itself
… Note #48 fix this in time for 2.0 release
<ghurlbot> Added comment
harsh: #170
<ghurlbot> Issue 170 Add Lawfulness concept for each Law/Regulation (by coolharsh55) [todo] [eu-nis2] [eu-aiact] [eu-dga]
harsh: simple to do - add lawfulness and compliant concepts to each law defined
… #147
<ghurlbot> Issue 147 Create extension EU NIS2 (by coolharsh55) [WIP] [help-wanted] [eu-nis2]
harsh: pending work for NIS2 includes adding concepts e.g. authorities, list of critical sectors
… #143
<ghurlbot> Issue 143 Integrate AIRO/VAIR concepts for AI and AI Act vocabulary (by coolharsh55) [todo] [help-wanted] [AI] [eu-aiact]
julianFlake: what is the difference between this and 110 ?
harsh: 110 is about AI extension in general, this is about AIRO/VAIR which are delaram's outputs and how to integrate them
assigned to delaram, planned to be completed by September
harsh: #126
<ghurlbot> Issue 126 AI Extension to provide AI-specific concepts (by coolharsh55) [WIP] [help-wanted] [AI]
same as above - about AI extension in general, 110 is about ISO standard, 143 is about AIRO/VAIR, this is about the extension overall
harsh: #103
<ghurlbot> Issue 103 Guide for Data Breach (by coolharsh55) [guide] [WIP] [eu-gdpr]
harsh: work in progress
… #91
<ghurlbot> Issue 91 Provide guidance for implementing ISO/IEC 29184 Privacy Notice using DPV (by coolharsh55) [guide] [WIP] [help-wanted]
harsh: working on this right now - hope to have a demo ready for next week about machine-readable notices
… #74
<ghurlbot> Issue 74 Add Risk Management concepts from ISO 31000 series (by coolharsh55) [WIP] [help-wanted] [risk]
harsh: there is some pending proposals about adding in risk management
… #66
<ghurlbot> Issue 66 Provide a Guide on use of DPV for DPIA (by coolharsh55) [WIP] [docs] [eu-gdpr]
harsh: work in progress
assigned to tytti
harsh: #67
<ghurlbot> Issue 67 Provide for Guide using DPV for ROPA (by coolharsh55) [WIP] [docs] [eu-gdpr]
harsh: work in progress - based on Paul's PhD work
… #63
<ghurlbot> Issue 63 Add Right Non-fulfilment Justifications for GDPR’s rights (by besteves4) [todo] [eu-gdpr]
harsh: this is about linking non-fulfilment justifications to GDPR rights similar to how legal basis and rights are related
assigned to beatriz
harsh: #4
<ghurlbot> Issue 4 Machine-readable requests to execute rights (by coolharsh55) [rights] [guide] [WIP]
harsh: this is about how to exercise a right, what data is needed, how to specify in response identity is needed
beatrizEsteves: have work on this
harsh: good paper for JURIX, the CFP is out https://
Next Meeting
next meeting will be in 1 week on TUESDAY at 13:30 WEST / 14:40 CEST. Agenda will be continuation of current discussion with any updates on github/mailing list and AOB.