Meeting minutes
Repository: w3c/dpv
Agenda: https://
Meeting minutes: https://
Persistent ID for current minutes: https://
Note change in weekly meeting schedule: We meet now on WED 13:30 WEST / 14:30 CEST
IngeVejsbjerg: (intro) from IBM Research LAb in Trinity college Dublin working on Risk Atlas Nexus IBM/
v2.2
HarshPandit: Sent email to review volunteers. The timeline for this is that by next week we should identify any major issues (tbd meeting JUL-30), and then the week after that any minor issues should be fixed (tbd meeting AUG-06), and then we have a week after that to release it.
DelaramGolpayegani: send an email reminding of pending review (e.g. on Monday)
Reuse Compatibility for Regulations
<ghurlbot> Issue 298 Model Purpose Compatibility statuses for GDPR (by coolharsh55)
<ghurlbot> Issue 300 Model Intended Purpose Compatibility statuses for AI Act (by coolharsh55)
<ghurlbot> Issue 299 Model Purpose Compatibility statuses for EHDS (by coolharsh55)
HarshPandit: for context, we are adding dpv:ReuseCompatibility as statuses in v2.2, which allows specifying whether something has primary or secondary compatibility where the test of compatibility is not specified by us. These concepts are also useful in legal contexts, and we have discussed before that we should describe these legal notions should be described with DPV concepts.
HarshPandit: For GDPR, this is purpose compatibility; for AI Act this is Intended Purpose compatibility, and for the EHDS this is based on Secondary Uses defined in the law. GDPR has case law and guidelines to utilise, and EHDS has a legal list of cases. For the AI Act we might need what ends up becoming original research here.
DelaramGolpayegani: For AI Act, we can have different types of compatibility, e.g. IntendedPurpose is a subclass of the Provider's IntendedPurpose then it is is compatible, but superclass means it is not necessarily compatible
HarshPandit: we also need to identify the elements of intended purpose based on which we decide if its a subclass or not
DelaramGolpayegani: we should think of different scenarios and cases for compatibility. We should look at the guidelines for prohibited systems and GenAI which could be a helpful resource as they provide info on intended purpose and downstream providers
HarshPandit: The definition of the intended purpose in the AI Act Art.3(12) has several components and sources,
… 1) context -- what info is included here?
… 2) conditions of use -- likewise, what info?
… 3) instructions for use -- we can assume this is as per documentation in the AI Act?
… 4) promotional or sales materials and statements -- does this mean the deployer now has to keep track of promotions and marketing by the provider to ensure the intended purpose is compatible?
… 5) technical documentation -- also can assume this is from the AI Act?
… So based on these, we have at least 3 levels of information -- from documentation in the AI Act, from other obligations for context, and from external sources like marketing.
DelaramGolpayegani: This means IntendedPurpose is a compound concept (will contain other concepts in it). We can start with a baseline using the 5 concept framework https://
HarshPandit: So next steps here are to discuss this further in other meetings, and then report back findings or proposals to the group to make decisions on. Going ahead we will use this format i.e. dedicated meetings/sessions for specific topics, and then using this weekly meeting to share it with wider group and for making decisions.
AI Agents
<ghurlbot> Issue 197 Model `Agent` and `LegalAgent` (by ghurlbot)
HarshPandit: We have discussed the notion of Agent in prior meetings and our concern on how to distinguish this from the legal notion of agent. Now that we have the AI extension, should we model ai:Agent as an AI specific concept?
JulianFlake: do we have a broad concept existing in DPV that this will be based on? (answer: yes, as dpv:Entity, and we have also discussed distinction between MachineAgent and LegalAgent)
JulianFlake: raises broader question of whether the agent should have copyright etc. E.g. if the agent does something who is responsible
HarshPandit: this is also a topic of contention and discussion in legal circles and it is difficult to have an answer as legally this will require changing the laws themselves to either give or prohibit assigning rights to agents. This is outside the scope of DPVCG.
IngeVejsbjerg: Colleagues in US are working on a attribution statement https://
HarshPandit: Art has also been mentioning interesting work on this topic in the issue w3c/
DelaramGolpayegani: where are you getting the definition of Agent from?
HarshPandit: We should should look for well-cited definitions from literature
IngeVejsbjerg: Agent refers to system/program that can autonomously perform tasks for the user
HarshPandit: how do we distinguish this from software in general?
IngeVejsbjerg: AI Agent will be an AI system
DelaramGolpayegani: ISO 22989 has a definition: 3.1.1 AI agent - automated (3.1.7) entity that senses and responds to its environment and takes actions to achieve its goals
HarshPandit: I think its been discussed to be amended or whether this is sufficient e.g. what does "sense" and "respond" mean, but let's start with that and see if it fits e.g. Inge's definition and other tasks
AOB
topic mention in chat
MarkLizar: we have work called differential transparency - where a notice receipt is compared against each other to see if there is a difference in active state of a privacy in a session, in terns of purpose, the permissions for access, control and use for that purpose can also be compared so that a visual indicator for risk can be displayed real-time. i am interesed if i can be looped into the conversation
note after the meeting: the above seems to be in scope of the reuse compatibility concept, where the test for compatibility can be extended outside the DPVCG for Mark's purposes i.e. the use-case can use their own criteria and create concepts for whether something is comaptible (primary use) or not (secondary use).
Next Meeting
The next meeting will be on JUL-30 Thursday 13:30WEST/14:30CEST (new time slot)
Agenda will be reviewing DPV v2.2 draft release, deciding on weekly meeting slot, and starting work on v2.3 -- with a preference to identify topics for discussion where materials/arguments exist and so that we can revist what needs to be done for them.