[WG-InfoSharing] W3C Data Privacy Vocabulary - Consent Receipt Inputs

Mark @ OC mark at openconsent.com
Thu Jun 20 13:09:33 UTC 2019


Hi Andrew, 

Not really a history lessons, more a 2 year significant spec breaking action item that took a lot of collaboration and work with others to just solve this week.   As a vice-chair, thought people working on / with the spec might appreciate (even celebrate) the context. 

- Mark 

> On 20 Jun 2019, at 01:37, Andrew Hughes <andrewhughes3000 at gmail.com> wrote:
> 
> Thanks for the history lesson Mark. 
> 
> What I'm actually interested in is how ontologies generally are consumed and used. When I read this one, some items read as definitions, some as description, and some as pure pointers to other documents. 
> 
> I would like to understand why this is and what the implications are for implementers. 
> 
> 
> On Wed, Jun 19, 2019 at 4:17 PM Mark @ OC <mark at openconsent.com <mailto:mark at openconsent.com>> wrote:
> Hi Andrew, 
> 
> (I will see if Harsh can make a meeting - offline) 
> 
> And for this:  A bit of  CISWG background; 
> 
> There is a long standing v1 action from v0.07 for the Purpose Categories, the Data Categories and the purpose specification.  Originally,  Richard Beaumont, from Governor Tech, a company purchased by One Trust for their pioneering of cookie banners, contributed a set of purpose categories, and we made a first set of data categories before stumbling upon Jason’s amazing work in this space. These are required to make a legally (for the Regulators) useful demo of consent receipts. 
> 
> Later in v0.09, this was moved to the Kantara wiki with a long standing Action item to produce these required components for legally usable receipts.
> 
> Yes - Understanding a semantic system generating a receipt rather than a record system generating a receipt is  - new -   in many use cases it was assumed the input was from a record - but - its the output (the receipt) that is the record for both parties with the DPV.  It removes a couple of technical steps which makes the use of semantics much more efficient, the technology much more flexible.  (But lots to learn still) 
> 
> But, of course, this is something Jim from Common Accord has discussed to  the CISWG, on a couple of occasions, also provided an example ( e.g. a consent based on the Global Alliance for Genomics and Health’s “model form” <http://www.commonaccord.org/index.php?action=source&file=Wx/org/genomicsandhealth/REWG/Demo/Geraldine_Graber_DE>  ) 
> 
> So there are a lot more pieces here now.  And Semantics brings a new set of considerations.  
> 
> Mark 
> 
> 
> 
>> On 19 Jun 2019, at 22:57, Andrew Hughes <andrewhughes3000 at gmail.com <mailto:andrewhughes3000 at gmail.com>> wrote:
>> 
>> The DPV is very interesting!
>> 
>> I'm not very fluent in working with ontologies - I'm browsing the dpv.ttl in Protege, trying to get a feel for what's here. 
>> 
>> Any chance we could invite Bud, Harsh or Jason to walk the WG through the work?
>> 
>> I know that the DPV is useful in context of the receipt specification - just need some help to understand how to use it
>> 
>> andrew.
>> Andrew Hughes CISM CISSP 
>> In Turn Information Management Consulting
>> 
>> o  +1 650.209.7542
>> m +1 250.888.9474
>> 5043 Del Monte Ave., <https://www.google.com/maps/search/5043+Del+Monte+Ave.,+Victoria,+BC+V8Y+1W9?entry=gmail&source=g> Victoria, BC V8Y 1W9 <https://www.google.com/maps/search/5043+Del+Monte+Ave.,+Victoria,+BC+V8Y+1W9?entry=gmail&source=g>
>> AndrewHughes3000 at gmail.com <mailto:AndrewHughes3000 at gmail.com> 
>> https://www.linkedin.com/in/andrew-hughes-682058a <https://www.linkedin.com/in/andrew-hughes-682058a>
>> Digital Identity | International Standards | Information Security 
>> 
>> 
>> 
>> On Wed, Jun 19, 2019 at 12:43 PM Mark @ OC <mark at openconsent.com <mailto:mark at openconsent.com>> wrote:
>> Hello Everyone, 
>> 
>> The W3C  DPV v.1 was approved yesterday - and Harsh who has administered the DPV works, has been kind enough to provide an input for us in terms of what was taken from the CR and how it was used for the GDPR. 
>> 
>> On behalf of CISWG, I would like thank both Harsh and Bud for the effort of including and vetting the CR for use with the DPV vocabulary.  And special thanks for Harsh for feeding back the results, which will enable the semantic generation of consent receipts. 
>> 
>> The DPV,  provides the CISWG with authoritative ontologies, including personal data categories, (base set provided a few years ago by Jason at  Enterprivacy - Thank You Jason) as well as very much needed position on Data Controller Categories, and the initial set/approach to purposes.  All of which are key to enabling a consent receipt to be used for compliance and evidence for Me2B and B2C. 
>> 
>> Here is the link to the CR input workshee <https://docs.google.com/spreadsheets/d/1OPIuYdaTLqIQforseLS4YY0RDxy4gYoYF55sVbTp2PQ/edit?usp=sharing>t (Andrew/Kate, let me know if you need more information.)  This worksheet provides the differences from the CR v1.1 to the GDPR DPV compliance vocabulary and can now be used to provide an authoritative explicit consent receipt specification. 
>> 
>> Best Regards, 
>> 
>> Mark 
>> 
>>> On 18 Jun 2019, at 18:11, Harshvardhan J. Pandit <me at harshp.com <mailto:me at harshp.com>> wrote:
>> 
>>> Dear All,
>>> 
>>> As agreed in today's call, we now have repositories for:
>>> 
>>> dpv vocabulary: https://github.com/dpvcg/dpv <https://github.com/dpvcg/dpv>
>>> 
>>> dpv-gdpr vocabulary: https://github.com/dpvcg/dpv-gdpr <https://github.com/dpvcg/dpv-gdpr>
>>> 
>>> dpv-nace vocabulary: https://github.com/dpvcg/dpv-nace <https://github.com/dpvcg/dpv-nace>
>>> 
>>> Regards,
>>> 
>>> Harsh
>> _______________________________________________
>> WG-InfoSharing mailing list
>> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
>> https://kantarainitiative.org/mailman/listinfo/wg-infosharing <https://kantarainitiative.org/mailman/listinfo/wg-infosharing>
>> _______________________________________________
>> WG-InfoSharing mailing list
>> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
>> https://kantarainitiative.org/mailman/listinfo/wg-infosharing <https://kantarainitiative.org/mailman/listinfo/wg-infosharing>
> 
> -- 
> Andrew Hughes CISM CISSP 
> In Turn Information Management Consulting
> o  +1 650.209.7542 m +1 250.888.9474
> 1249 Palmer Road, Victoria, BC V8P 2H8
> AndrewHughes3000 at gmail.com <mailto:AndrewHughes3000 at gmail.com> 
> https://www.linkedin.com/in/andrew-hughes-682058a <https://www.linkedin.com/in/andrew-hughes-682058a>
> Digital Identity | International Standards | Information Security
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
> https://kantarainitiative.org/mailman/listinfo/wg-infosharing <https://kantarainitiative.org/mailman/listinfo/wg-infosharing>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190620/0c50f2b1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3862 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190620/0c50f2b1/attachment-0001.p7s>


More information about the WG-InfoSharing mailing list