search

Informatievlaanderen / OSLOthema-consent

GitHub repository for the OSLO trajectory "consent"
0 stars 0 forks source link

Legal validity of the model and the word "Consent" #7

Closed michaelgeamanu closed 2 years ago

michaelgeamanu commented 2 years ago

Due to the datamodel being closely linked to GDPR, the legal validity of the datamodel is more sensitive than others. Meaning that the wording, definitions and content need to follow the rules defined within GDPR and no room for ambiguity should be left open. All this to avoid the model being inapplicable. Hence, we are wondering if anyone has some input on the legal validity or how this could be double checked in advance.

Secondly, a reflection was made during the workshops whether "Consent" is the right word because it has a different meaning in different countries and regions. This is currently being looked into but any input on the topic is welcome.

michaelgeamanu commented 2 years ago

GDPR defines six lawful bases for the processing of personal data, with consent only being one of those. To visualise this, the class LegalBasis was added as a superclass of Consent. Additionally, LegalBasis was added as an attribute to the classes PersonalDataHandling and DataRetention, defining the legal basis on which the data handling or retention is based. The added value of the class LegalBasis was discussed, which is to show that consent is a subclass of the superclass LegalBasis, because consent is only one of the legal bases for processing personal data.

Additionally, the different meanings of ‘consent’ were discussed: ‘granting permission’ and ‘GDPR consent’. To avoid any confusion, other names were proposed such as ‘GDRP_Consent’, ‘permission’ and ‘assent’. This will be looked at during the public review as the legal advisors of Datanutsbedrijf are currently still discussing amongst themselves.

Finally, it was clarified that this model should cover the legal basis of ‘consent’ only. It would however be possible to extend the model to the other legal bases in another trajectory, where definitions and usage notes get updated to fit the other legal bases, because right now the definitions are reused from ontologies that focus on the legal basis of consent only. During the public review the team of Datanutsbedrijf will do a mapping exercise on the data model to see if it is possible to use the data model for all their use cases - which are broader than only about GDPR’s consent.