Open michaelgeamanu opened 2 years ago
PersonalDataHandling is the term used by DPV to indicate all aspects of an instance of personal data processing: the DataController, the DataSubject, The Purpose, the LegalBasis (Consent in this case) and indeed also the actual Processingdetails (what kind of processing exactly, like is the data accessed, acquired, collected, consulted, disclosed etc etc. In GConsent Processing has the same meaning, a class that groups all aspects mentioned is missing however. Thus, while DPV allows to say with one instance that eg the email (PersonalData) of X (DataSubject) is collected (Processing) for marketing (Purpose) by Google (DataCollector), in GConsent all this info is connected to Consent which is indeed rather awkward and often wrong (Consent is not give for a email as such but for a very particular use of email, like illustrated by above example). See also issue #38 and a solution (namely remapping/adapting the model to DPV in issue #46).
I'm still not conviced about this class. In the GDPR it is just called 'processing activity' or 'processing'. In the GDPR all aspects you speak of above are part of the processing. I would keep to the text of the GDPR here too and refrain from inventing new terms which are not used in the GDPR itself (even though it orginates from another model).
Wat moet ik begrijpen onder ‘PersonalDataHandling’? Dit lijkt me de verwerkingsactiviteit te zijn? Zo ja, dan lijkt dit mij geen goede term (zelfs al komt dit opnieuw van een andere standaard). De GDPR gebruikt ‘processing activities’. De entiteit processing uit GConsent komt denk ik beter overeen met wat er daar bedoeld moet worden.