[WG-InfoSharing] W3C Data Privacy Vocabulary - Consent Receipt Inputs
andrewhughes3000 at gmail.com
Fri Jun 21 14:24:54 UTC 2019
Some more questions, if you don't mind...
A) can we treat the list of terms in the vocabulary as exactly that: a
controlled word list?
B) what is supposed to happen when a word has more than one definition? Or
is the vocabulary not about definitions but rather about "list of words"?
C) regarding the RDF - if one were to use, for example, JSON-LD and refer
to schema.org context and also this RDF - should it work? (Recognizing that
this question is really stretching the limits of my knowledge on semantic
web-ish topics - so please rephrase the question if needed)
In the most simplistic scenario, does this usage sound right:
- I am a Data Controller designing my Consent Receipt data structure
- in this scenario, I have only one processing purpose
- in order to choose which Purpose for Data Processing to include in the
design, I choose the appropriate Purpose word from the DPV document.
- therefore I have confidence that other Data Controllers and Data
Processors who also use the DPV will know what that specific Purpose word
means when they see it in the Consent Receipt output file and can act
On Fri, Jun 21, 2019 at 3:10 AM Harshvardhan J. Pandit <me at harshp.com>
> Hi Andrew, All.
> On 20/06/2019 01:37, Andrew Hughes wrote:
> > What I'm actually interested in is how ontologies generally are consumed
> > and used. When I read this one, some items read as definitions, some as
> > description, and some as pure pointers to other documents.
> > I would like to understand why this is and what the implications are for
> > implementers.
> I think Andrew's questions show the need for more information on what
> the DPV *is* and why it is structured the way it is. Since the DPVCG is
> currently welcoming feedback and comments on the DPV, I'll note down
> about writing a better introduction and adding in a section about
> possible usage applications.
> BTW, the 'official' specification is at https://w3.org/ns/dpv which is
> IMO easier to go through than the RDF file.
> The DPV is not intended to be applicable to only a specific purpose or
> application - it's usage can be quite broad. The aim is to provide a
> common vocabulary regarding the processing of personal data.
> The Base Vocabulary defines top-level classes for describing how the
> processing of data takes place i.e. what purpose, personal data, legal
> basis etc. It is not mandatory for an adopter to use this specific model
> - they can utilise other ways of expressing personal data handling as well.
> The other 'modules' such as Purpose, Personal Data, etc. provide
> concepts relevant for a specific domain. For example, purpose defines
> the top-level classification of purposes (for the processing of personal
> data). One may wish to use only a particular module from the vocabulary.
> In that respect, DPV is quite generic.
> The primary reason DPV is provided in RDF/OWL2 (semantic web), is the
> shared semantics - which is quite important in expressing knowledge. For
> example, in specifying that 'Research' is a purpose, with further
> specialisations such as 'Commercial Research' and 'Academic Research'.
> Or an even better example - First Name, Pet Name, Common Name - all
> being specific categories of a top-level category of Name. So when one
> is processing 'Name' it means one can process all categories falling
> under the 'Name' category. Combine this with properties, and one can
> express all this in what seems to be 'cool' way to call it - a
> knowledge graph.
> Harshvardhan Pandit
> PhD Researcher
> ADAPT Centre
> Trinity College Dublin
Andrew Hughes CISM CISSP
In Turn Information Management Consulting
o +1 650.209.7542 m +1 250.888.9474
1249 Palmer Road, Victoria, BC V8P 2H8
AndrewHughes3000 at gmail.com
Digital Identity | International Standards | Information Security
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-InfoSharing