dpv icon indicating copy to clipboard operation
dpv copied to clipboard
verified publisher icon w3c

Model information about legal bases

Open coolharsh55 opened this issue 2 years ago • 4 comments

Currently, only the Consent legal basis has additional information (e.g. status, types) modelled within the taxonomy. Similar concepts should be added for other legal bases.

(Update 2024-05-17) The legal bases in DPV based on GDPR are:

  • Consent
  • Contract
    • Data Subject Contract
    • Data Processor Contract
    • Data Controller Contract
    • Third Party Contract
    • Contract Performance
    • Enter Into Contract
  • Data Transfer Legal Basis
  • Legal Obligation
  • Legitimate Interest
    • Legitimate Interest of Controller
    • Legitimate Interest of Third Party
    • Legitimate Interest of Data Subject
  • Official Authority of Controller
  • Public Interest
  • Vital Interest
    • Vital Interest of Data Subject
    • Vital Interest of Natural Person

coolharsh55 avatar Sep 14 '23 20:09 coolharsh55

We should ensure that this work includes documentation of the IEEE7012 style data sharing agreements (contracts) which are written from the perspective of the individual.

iainh1 avatar Aug 27 '24 11:08 iainh1

Hi @iainh1 - agreed. I think the IEEE P7012 contracts would all fall under Data Subject Contract category. We are also adding concepts to indicate whether the contract was negotiated or not. What is missing is who drafted the contract (terms) - the Controller or the Data Subject. This only matters for non-negotiated contracts. Typically the assumption is that the Controller drafts the non-negotiable contract. However, with P7012 we can also have the Data Subject draft the non-negotiable contract. If you are attending today, we can raise the need for this concept.

coolharsh55 avatar Aug 27 '24 11:08 coolharsh55

Added contract types, clause types, contract statuses, fulfilment statuses, and controls. Added statuses for other legal basis: legitimate interest, legal obligation, official authority, public and vital interests. Discussion in meeting AUG-27. Live version: https://dev.dpvcg.org/2.1-dev/dpv/#vocab-legal-basis-contract

The overlapping contract concepts such as DataSubjectContract are marked as sunset and a note is added indicating they will be deprecated in the future. The concepts from LegalMeasure such as ControllerDataSubjectAgreement have been moved to LegalBasis taxonomy and declared as subclasses for these concepts as their replacements.

TODO: accompanying HTML documentation.

coolharsh55 avatar Aug 30 '24 07:08 coolharsh55

We agreed the concepts for contract types, contract statuses, and statuses for other legal basis in meeting SEP-10. These are live at https://dev.dpvcg.org/2.1-dev/dpv/#vocab-legal-basis. Further documentation and examples will follow is a dedicated legal basis page similar to other DPV modules.

coolharsh55 avatar Sep 17 '24 04:09 coolharsh55

Closing this issue as we have added some concepts for describing each legal basis in v2.1. For further work, new issues for the specific legal basis and concepts should be used.

coolharsh55 avatar Jan 22 '25 09:01 coolharsh55

Hi Harsh,

On this topic - the online notice record and consent receipt model for contract to ask if this is reflected with DPV?

First this is a notice record for permission, with legal basis of consent, to enter into a contract. This way consent can be withdrawn (to use pii) in a contract as a separate action. Which may, or may not invalidate the contact/agreement depending on its terms and standards for the permission of personal data.

smartopian avatar Mar 19 '25 22:03 smartopian