W3C

DPVCG Meeting Call

15 MAY 2025

Attendees

Present
BeatrizEsteves, GeorgKrog, HarshPandit, JulioHernandez, MarkLizar, PaulRyan
Regrets
DelaramGolpayegani
Chair
HarshPandit
Scribe
HarshPandit

Meeting minutes

Repository: w3c/dpv

Agenda: https://www.w3.org/events/meetings/178d1c71-a92d-4da7-a196-6a89d0fe2277/20250515T133000/

Meeting minutes: https://w3id.org/dpv/meetings

Persistent ID for current minutes: https://w3id.org/dpv/meetings/meeting-2025-05-15

Representing Use-Cases

<ghurlbot> Issue 284 [NEW]: Modelling Intended Uses/Purposes as Use-Cases (by coolharsh55)

continued discussion

discussed UseCase as a concept to be added to DPV

+1 from Paul and Julio

Next week to decide on categories of use-cases

Operating Factors / Environment

<ghurlbot> Issue 285 [NEW]: Modelling Operating Factors for Technology (by coolharsh55)

discussed this, decision next week

Secondary Use

<ghurlbot> Issue 283 [NEW]: Secondary Uses for Data Reuse (by coolharsh55)

discussed compatibility as a concept in GDPR, AI Act, and EHDS

BeatrizEsteves: Should there be compatibility for purposes, we were thinking of a property to state compatibility with purpose

HarshPandit: Good idea, we should have the property isCompatibleWith and isIncompatibleWith, but these should work at the use-case or process level as the test of compatibility can involve many things

GeorgKrog: How would this compatibility be determined?

HarshPandit: compatibility is specific to the use-case or framework e.g. in GDPR we have purpose compatibility which is purposes, but also invovles data categories, recipients, legal basis, etc.

BeatrizEsteves: How would this work with policy checking?

HarshPandit: you have a test for checking compatibility, and then when comparing the two policies you check whether it is compatible or not, and these concepts are the outputs

HarshPandit: note for policies we need fixable and non-fixable compatibility so we know what can be resolved

GeorgKrog: Where in GDPR would this be useful?

HarshPandit: e.g. to model scenarios during DPIA. GDPR already has a structure for describing use-cases which is Art.30 ROPA records which gives indication of what information is present in such an use-case

AOB

GDPR revision proposed

HarshPandit: proposal from EU Commission on diluting ROPA requirements for GDPR, some specific wording of concern on special categories.

GeorgKrog: Not sure about the usefulness of these as these concepts are already required for fulfilling other obligations which are still present

PaulRyan: Agree, these are needed for rights and transparency

TCF ruling

GeorgKrog: Court ruling on IAB and TCF declaring it illegal https://www.linkedin.com/posts/johnnyryan1_eu-ruling-tracking-based-advertising-by-activity-7328492374689550336-yYWD

HarshPandit: congrats to Johnny and ICCL

NXDG workshop

BeatrizEsteves: CFP for NXDG workshop -- https://nxdg-workshop.github.io/2025/ NXDG deadline is JUN-14

New complaint

MarkLizar: complaint filed against Google Chrome https://www.globalprivacyrights.org/quebec-law-25-collective-google-chrome-complaint-45

Next Meeting

The next meeting will be on MAY-22 Thursday 13:30WET/14:30CET

Agenda will be EHDS concepts led by Georg, and continued discussions from today on use-case categories, operating factors, and secondary use concepts

Minutes manually created (not a transcript), formatted by scribe.perl version 217 (Fri Apr 7 17:23:01 2023 UTC).