The Data Privacy Vocabulary (DPV) provides terms (classes and properties) to describe and represent information related to processing of personal data. This extension extends the DPV and provides concepts specific to the obligations and requirements of the General Data Protection Regulation (GDPR). More specifically, it provides a taxonomy of legal bases and rights as defined within the GDPR.

The namespace for terms for Legal Bases under GDPR is http://www.w3.org/ns/dpv-gdpr#
The suggested prefix for the GDPR Legal Bases namespace is dpv-gdpr
The DPV-GDPR ontology and its documentation is available on GitHub.

This document is published by the Data Privacy Vocabularies and Controls Community Group (DPVCG) as a deliverable and report of its work in creating and maintaining the Data Privacy Vocabulary (DPV) and its extensions.

Contributing to the DPV and its extensions The DPVCG welcomes participation regarding the DPV, including expansion or refinement of its terms, addressing open issues, and welcomes suggestions on their resolution or mitigation.

While we welcome participation via any and all mediums - e.g., via Github pull requests or issues, emails, papers, or reports - the formal resolution of contributions takes place only through the DPVCG meeting calls and mailing lists. We therefore suggest joining the group to participate in these discussions for formal approval.

For contributions to the DPV, please see the section on GitHub. For DPV-GDPR specific contributions, please see the section on GitHub. The current list of open issues and their discussions to date can be found at DPVCG issue tracker as well as GitHub issues for DPV and DPV-GDPR.

Introduction

The Data Privacy Vocabulary provides terms (classes and properties) to annotate and categorize instances of legally compliant personal data handling. In particular, the vocabulary provides LegalBasis and DataSubjectRight as top-level concepts representing the various legal bases for justifying processing of personal data and rights provided to the data subject respectively. Since these concepts are specifically defined within the scope of jurisdictional laws, their implementation is provided as a separate vocabulary that extends the DPV, thereby permitting continued usage of DPV as a jurisdiction-agnostic and generic vocabulary.

This vocabulary, termed as DPV-GDPR, extends the concepts within DPV regarding legal bases and data subject rights with those provided by the GDPR. It provides a compatible extension to be used in combination with the DPV to represent GDPR-specific information.

Namespaces

The namespace for DPV-GDPR vocabulary is http://www.w3.org/ns/dpv-gdpr#. The table below indicates the full list of namespaces and prefixes used in this document.

Prefix Namespace
dct http://purl.org/dc/terms/
dpv http://www.w3.org/ns/dpv#
dpv-gdpr http://www.w3.org/ns/dpv-gdpr#
odrl http://www.w3.org/ns/odrl/2/
owl http://www.w3.org/2002/07/owl#
rdf http://www.w3.org/1999/02/22-rdf-syntax-ns#
rdfs http://www.w3.org/2000/01/rdf-schema#
skos http://www.w3.org/2004/02/skos/core#
spl http://www.specialprivacy.eu/langs/usage-policy#
svd http://www.specialprivacy.eu/vocabs/data#
svdu http://www.specialprivacy.eu/vocabs/duration#
svl http://www.specialprivacy.eu/vocabs/locations#
svpu http://www.specialprivacy.eu/vocabs/purposes#
svpr http://www.specialprivacy.eu/vocabs/processing#
svr http://www.specialprivacy.eu/vocabs/recipients
xsd http://www.w3.org/2001/XMLSchema#

Rights under GDPR

GDPR provides several rights to the data subject, whose applicability depends on the context and nature of processing taking place. DPV lists these rights at an abstract level as concepts along with their origin in specific clauses of the GDPR.

Classes

A13 Right to be Informed | A14 Right to be Informed | A15 Right of Access | A16 Right to Rectification | A17 Right to Erasure | A18 Right to Restrict Processing | A19 Right to Rectification | A20 Right to Data Portability | A21 Right to object | A22 Right to object to automated decision making | A7-3 Right to Withdraw Consent | A77 Right to Complaint |

A13 Right to be Informed

Term: A13
Description: information to be provided where personal data is directly collected from data subject
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.13
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A14 Right to be Informed

Term: A14
Description: information to be provided where personal data is collected from other sources
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.14
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A15 Right of Access

Term: A15
Description: Right of access
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.15
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A16 Right to Rectification

Term: A16
Description: Right to rectification
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.16
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A17 Right to Erasure

Term: A17
Description: Right to erasure ('Right to be forgotten')
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.17
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A18 Right to Restrict Processing

Term: A18
Description: Right to restriction of processing
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.18
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A19 Right to Rectification

Term: A19
Description: Right to be notified in case of rectification or erasure of personal data or restriction of processing
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.19
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A20 Right to Data Portability

Term: A20
Description: Right to data portability
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.20
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A21 Right to object

Term: A21
Description: Right to object to processing of personal data
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.21
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A22 Right to object to automated decision making

Term: A22
Description: Right not to be subject to a decision based solely on automated processing including profiling
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.22
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A7-3 Right to Withdraw Consent

Term: A7-3
Description: Right to withdraw consent
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.7-3
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A77 Right to Complaint

Term: A77
Description: Right to lodge a complaint with a supervisory authority
Subclass Of: dpv:DataSubjectRight
Source: GDPR Art.77
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit