[WG-InfoSharing] W3C Data Privacy Vocabulary - Consent Receipt Inputs

James Hazard james.g.hazard at gmail.com
Fri Jun 21 15:34:23 UTC 2019

A few quick thoughts, in line on Andrew’s list:
> On Fri, Jun 21, 2019, 7:32 AM Andrew Hughes <andrewhughes3000 at gmail.com <mailto:andrewhughes3000 at gmail.com>> wrote:
> Cool.
> Some more questions, if you don't mind...
> A) can we treat the list of terms in the vocabulary as exactly that: a controlled word list?
Most of legal documentation can be done as a “controlled list” of words, phrases, document forms.  The problem is who is in “control.”  That is, a closed system will always be incomplete and therefore force edge cases and diversity into a standard vocabularies and conformity.  It can centralize “control” of the vocabulary and hence the thoughts.  Prototype inheritance enables “permissionless” variations at the edge. 
> B) what is supposed to happen when a word has more than one definition? Or is the vocabulary not about definitions but rather about "list of words”?
> C) regarding the RDF - if one were to use, for example, JSON-LD and refer to schema.org <http://schema.org/> context and also this RDF - should it work? (Recognizing that this question is really stretching the limits of my knowledge on semantic web-ish topics - so please rephrase the question if needed)
I am far from an expert on this subject, but I found that RDF over-solves the problem of managing vocabularies.  Schema.org is great, but also too limited, so it either needs a way to fork and build, or one needs to start otherwise and connect to it.

JSON-LD seems really useful, though I’ve found that you only need a very limited set to do most of the work.

http://www.commonaccord.org/index.php?action=json&file=Wx/org/schema/Person.md <http://www.commonaccord.org/index.php?action=json&file=Wx/org/schema/Person.md>

> In the most simplistic scenario, does this usage sound right:
> - I am a Data Controller designing my Consent Receipt data structure
> - in this scenario, I have only one processing purpose
> - in order to choose which Purpose for Data Processing to include in the design, I choose the appropriate Purpose word from the DPV document. 
> - therefore I have confidence that other Data Controllers and Data Processors who also use the DPV will know what that specific Purpose word means when they see it in the Consent Receipt output file and can act accordingly
> On Fri, Jun 21, 2019 at 3:10 AM Harshvardhan J. Pandit <me at harshp.com <mailto:me at harshp.com>> wrote:
> Hi Andrew, All.
> On 20/06/2019 01:37, Andrew Hughes wrote:
> > What I'm actually interested in is how ontologies generally are consumed 
> > and used. When I read this one, some items read as definitions, some as 
> > description, and some as pure pointers to other documents.
> > 
> > I would like to understand why this is and what the implications are for 
> > implementers.
> I think Andrew's questions show the need for more information on what 
> the DPV *is* and why it is structured the way it is. Since the DPVCG is 
> currently welcoming feedback and comments on the DPV, I'll note down 
> about writing a better introduction and adding in a section about 
> possible usage applications.
> BTW, the 'official' specification is at https://w3.org/ns/dpv <https://w3.org/ns/dpv> which is 
> IMO easier to go through than the RDF file.
> The DPV is not intended to be applicable to only a specific purpose or 
> application - it's usage can be quite broad. The aim is to provide a 
> common vocabulary regarding the processing of personal data.
> The Base Vocabulary defines top-level classes for describing how the 
> processing of data takes place i.e. what purpose, personal data, legal 
> basis etc. It is not mandatory for an adopter to use this specific model 
> - they can utilise other ways of expressing personal data handling as well.
> The other 'modules' such as Purpose, Personal Data, etc. provide 
> concepts relevant for a specific domain. For example, purpose defines 
> the top-level classification of purposes (for the processing of personal 
> data). One may wish to use only a particular module from the vocabulary. 
> In that respect, DPV is quite generic.
> The primary reason DPV is provided in RDF/OWL2 (semantic web), is the 
> shared semantics - which is quite important in expressing knowledge. For 
> example, in specifying that 'Research' is a purpose, with further 
> specialisations such as 'Commercial Research' and 'Academic Research'.
> Or an even better example - First Name, Pet Name, Common Name - all 
> being specific categories of a top-level category of Name. So when one 
> is processing 'Name' it means one can process all categories falling 
> under the 'Name' category. Combine this with properties, and one can 
> express all this in what seems to  be 'cool' way to call it - a 
> knowledge graph.
> Regards,
> -- 
> ---
> Harshvardhan Pandit
> PhD Researcher
> ADAPT Centre
> Trinity College Dublin
> -- 
> Andrew Hughes CISM CISSP 
> In Turn Information Management Consulting
> o  +1 650.209.7542 m +1 250.888.9474
> 1249 Palmer Road, Victoria, BC V8P 2H8
> AndrewHughes3000 at gmail.com <mailto:AndrewHughes3000 at gmail.com> 
> https://www.linkedin.com/in/andrew-hughes-682058a <https://www.linkedin.com/in/andrew-hughes-682058a>
> Digital Identity | International Standards | Information Security
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
> https://kantarainitiative.org/mailman/listinfo/wg-infosharing <https://kantarainitiative.org/mailman/listinfo/wg-infosharing>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190621/472dfe16/attachment-0001.html>

More information about the WG-InfoSharing mailing list