Data Privacy Controls and Vocabularies

A W3C Workshop on Privacy and Linked Data

17–18 April 2018, WU Vienna, Vienna, Austria, Europe

[graphic: WU campus, a group of four people, a network, a hand on a chin]


The level of privacy and trust concerns has raised to a point where people start to refuse services. Services on the Web are often very complex orchestrations of cooperations between multiple actors. This will increase if the upcoming Internet of Things is taken into account. If the trust in such services is eroded, the growth of the Web and the growth of the digital economy is endangered. This workshop wants to address the privacy issue from the angle of data governance and transparency. And if transparency and data self determination are at stake, the challenge may also be how to convey the transparency to the user to allow for an informed self determination. This includes especially methods to generate and administer user consent, even in an IoT environment.

While the workshop is open to a wide range of ideas, it is mainly inspired by the idea that today, we lack the tools for those wanting to be good citizens of the Web. It is related, but not limited to the work on Permissions and on Tracking protection. Because those permissions and tracking signals carry policy data, the systems have to react upon those signals. To react in a complex distributed system, the signals have to be understood by more than one implementer. The challenge is to identify the areas where such signals are needed for privacy or compliance and to make those signals interoperable. This can take the form taxonomies, vocabularies or ontologies. The most important challenge is to make policy and privacy signals interoperable and transportable within various systems, beyond the mere relation in a browsing context. In the era of upcoming privacy regulation with high fines, we need to make the data lake usable again while respecting the human user.

Because of the paradigm of data self determination, the challenge is bidirectional. Once the semantics of privacy or compliance are clear, this information also has to be presented to the user. On the Web, this is a challenge for the terminal equipment, including but not limited to browsers. E.g., the set of preferences offered to the user may vary with the capability of a service to accommodate those preferences. This needs signaling of the possible preferences (semantics) and a way to communicate the selection back. Such exchange can be protocol- or data driven. Where it is data driven, the policy semantics are transported over whatever channel is available, e.g. using linked data.

Want to attend? Have something insightful to share?

The workshop will be held in Vienna (Austria) at the University of Economics and Business (WU Wien). We will have a limited number of possible attendees at the workshop. People with ideas on how to implement data self determination on the Web and in Linked Data should attend. Beyond exploring Privacy Enhancing Technologies for the Web, the workshop will also determine whether there is interest in standardization of necessary vocabularies and semantics that need to be agreed upon and put in place to enable privacy enabled services, transparency and measurable compliance to regulation or set policies.

If you want to participate, please fill out the expression of interest form or submit a position statement.

Please note, expressions of interest and position statements are not presentation proposals. This is a workshop, not a conference, and any presentations will be short, with topics suggested by expressions of interest and decided by the chairs and program committee. Our goal is to actively discuss topics, not to watch presentations.

Attendees are encouraged to read all accepted expressions of interest prior to the workshop, to facilitate informed discussion.

Attendance is free for all invited participants, and open to the public (space allowed), whether or not W3C members.

Unfortunately, the workshop budget does not allow us to provide travel or lodging expenses to attendees.

Workshop topics

Possible topics include, but are not limited to the following:

It is important to make the policy transportable and interoperable.

Out of Scope

Position statements

An author of a position statement accepted is not required to attend (you can fill out the expression of interest form instead), but it does help set the topic discussions and to establish a particular point of view. If you wish, you can send us a position statement at <team-privacyws-submit@w3.org>, by 28 February 2018. Our program committee will review the expressions of interest, and select the most relevant topics and perspectives.

A good position statement should be a few paragraphs (between 500 and 1000 words) and should include:

Position statements must be in English, and HTML or plain-text format; images should be included inline in HTML using base64-encoded data URIs. You may include multiple topics, but we ask that each person submit only a single coherent position statement. All suitable submitted expressions of interest will be published and linked to from this workshop page.

Who Should Attend

Attendance is open to all, and our aim is to get a diversity of attendees from a variety of industries and communities, including:

Standardization Counter-arguments

There are a lot of voices and conflicting opinions in the privacy communities. Are you skeptical that standardization should be discussed at all? Are the same technologies that are critizized for enabling DRM actually useful/usable to protect and enforce privacy? We also welcome expressions of interest on issues that pose challenges to standardization, helpful to frame workshop topics and serve as a reality check. Please label these submissions “Standards Con” to distinguish them.

Event Archive Policy: Video and Transcripts

For posterity and for those unable to attend this workshop, we may be recording video and/or audio of the event, and will provide live notes (minuted in IRC) of the presentations and group discussion. Participants will be asked to sign a media waiver.


The primary goal of the workshop is to explore interoperability in privacy and compliance expressions using Linked Data. But based on transportable linked data, many privacy concepts can be created. Those are also welcome and give the workshop an additional exploratory aspect.

While we hope to identify opportunities and possible timelines for standardization, we do not anticipate that W3C will form a Working Group as a direct result of this workshop. Instead, if we do identify areas that need Web standardization, our aim would be to incubate and refine these ideas, to make sure that the right steps are taken at the right time for the key stakeholders involved.

What is W3C?

W3C is a voluntary standards consortium that convenes companies and communites to help structure productive discussions around existing and emerging technologies, and offers a Royalty-Free patent framework for Web Recommendations. We focus primarily on client-side (browser) technologies, and also have a mature history of vocabulary (or “ontology”) development. W3C develops work based on the priorities of our members and our community.


W3C's Workshop on is located at Vienna Unniversity of Economics and Business (WU Wien) near Prater in Vienna, Austria.

Organizations interested in becoming sponsors are encouraged to contact the organizers.


WU Vienna Campus

Vienna University of Economics and Business (WU Wien)
Building LC
Welthandelsplatz 1
2. Bezirk
1020, Vienna


Hotels nearby include:

Social Media and Remote Participation

Tweets and other social messages are encouraged to use the hashtag #dataprivacy18. Please be respectful and accurate when quoting others.

We may have a live video stream… details will follow.


Local Organizer: Sabrina Kirrane, WU Wien

W3C contact: Rigo Wenning, W3C/ERCIM

The program committee is listed on a separate page.

The position statements are published.

DRAFT Schedule

The workshop will focus on discussion around several topics introduced by short impulse statements from position papers and expressions of interest. The goal of the discussion is not to resolve the technical issues of the topic, but to help the final discussion about next steps. Please also consider that the goal is not centered around the presentation of a particular initiative. It is focused on finding appropriate next steps. Those next steps discussion will determine relevance and priority of the points raised towards standardization.

If panelists want to use slides, please send them by 16 April 18:00 to Rigo Wenning (rigo*at*w3.org)

Day 1: 17 April
09:00–09:15 Registration & Coffee, Building LC
09:15–09:30 Opening remarks by the chairs
09:30–09:45 Participants Introduction
09:45–10:45 Relevant vocabularies and initiatives


  1. COELITION (Joss Langford 10min)
  2. ODRL Usage Control (Pullmann, Mader, Eitel 10min)
  3. Remote Obligation Enforcement (Lux, Brost, Schütte 10min)
  4. Kantara CISWG (Mark Lizar 10min)
  5. Decentralised Identifiers (Markus Sabadello 5min)
  6. Usage Control & GDPR (Sabrina Kirrane 10min)
  7. An ODRL profile for GDPR (Ensar Hadziselimovic 5min)
10:45–11:15 Break
11:15–12:30 Relevant vocabularies and initiatives

Continued panel discussion


Discussion about vocabularies

12:30–14:00 Lunch at the WU Mensa, Building D1
14:00–16:00 Industry Perspective


  1. Privacy challenges in the Opera Browser (Michael Markevich 10min)
  2. Tracking Protection (Martin Kurze & Matthias Schunter 10min)
  3. Modeling, recording, communicating and interoperability of consent (Georg Philip Krog 10min)
  4. Interoperability issues for mobile operators (Freddy de Meersmann 10min)
  5. Building the Legal Knowledge Graph (Victor Mireles 10min)

Discussion on industry needs

16:00–16:30 Break
16:30–18:00 The governmental side & initiatives


  1. Integrating ontologies for privacy legal reasoning (Monica Palmirani 10min)
  2. Privacy for linked open government data (Peter Bruhn Andersen 10min)
  3. The UK Data Archive (Darren Bell 10min)
  4. Privacy and Data Protection in Australia (David Watts 10min)
  5. GDPR transparency requirements (Schlehahn/Zwingelberg 10min)

Discussion on governmental needs for vocabularies


Networking event at Heuriger (access by Metro/Tram)

10er Marie
Ottakringer Str. 222-224
1160 Wien
Tel. ++43 (0)1 489 46 47

Map (OSM) – Public transport: U2 from Messe Prater to Volkstheater, U3 from Volkstheater to Ottakring, walk 5 mins – Directions (Google)

Day 2: 18 April
09:00–10:15 Research Track


  1. Privacy preserving profiling (Ramisa Gachpaz Hamed 10min)
  2. Linked Data, Provenance, Compliance (Javier Fernández 10min)
  3. Data-driven privacy and trust enhancement mechanisms (Yi Yin 10min)
  4. Meta-data to describe the details of the anonymization (Benjamin Heitmann 10min)
  5. Privacy-utility Control For Linked Data Against Deanonymisability Risk (Dalal Al-Azizy 5min)

Discussion about vocabularies and research needs and directions

10:15–11:00 Chairs summary and discussion of next steps
11:00–11:30 Break
11:30–12:30 Chairs summary and discussion of next steps
12:30–14:00 Lunch
14:00-15:00 Continued discussion on next steps
15:00 End of workshop