Adoption of DPVCG

This page provides information about current adoptions, uses, and implementations of the work done by DPVCG, including DPV and DPV-GDPR. Community members should use their W3C account to edit this page. Others should communicate with an existing member or send an email to the group.

Suggested categories for classifying:

• Works that utilise DPV towards an application or goal
• Works that extend DPV
• Works that evaluate DPV e.g. for suitability, extent, feasibility of specified criteria
• Works that compare DPV with other approaches
• Works that mention DPV

Suggested categories for sources:

• Academic or peer-reviewed articles
• Blog posts, reports, and other informal articles
• Social media communications or mentions of interest

Application of DPV in Peer-reviewed Publications

This section lists publications that describe use of DPV in specific applications and use-cases.

• Ryan, P., Crane, M., & Brennan, R. (2020). Design Challenges for GDPR RegTech. open-access: arXiv -- The authors state that DPV is going to be used "to describe the context using explicit semantics" in an open-source tool for high-level GDPR compliance evaluation which is based on a self-assessment checklist created by a data protection regulator.

• Calvaresi, D., Schumacher, M., & Calbimonte, J. P. (2020, October). Personal Data Privacy Semantics in Multi-Agent Systems Interactions. In International Conference on Practical Applications of Agents and Multi-Agent Systems (pp. 55-67). Springer, Cham. ; OA copy researchgate -- The authors use DPV to represent personal data handling policies and information about consent.

• Valentina Leone, Luigi Di Caro: The Role of Vocabulary Mediation to Discover and Represent Relevant Information in Privacy Policies. JURIX 2020: 73-82 -- The authors proposed a method to automatically discover the relevant information in privacy policies by means of integrating the knowledge represented in the DPV with the information modelled in BabelNet.

• Krasnashchok K., Mustapha M., Al Bassit A., Skhiri S. (2020) Towards Privacy Policy Conceptual Modeling. In: Dobbie G., Frank U., Kappel G., Liddle S.W., Mayr H.C. (eds) Conceptual Modeling. ER 2020. Lecture Notes in Computer Science, vol 12400. Springer, Cham. -- The authors proposed a conceptual model for the fine-grained representation of privacy policies by means of mapping concepts to DPV.

• K. García, Z. Zihlmann, S. Mayer, A. Tamò-Larrieux and J. Hooss, "Towards Privacy-Friendly Smart Products," 2021 18th International Conference on Privacy, Security and Trust (PST), 2021, pp. 1-7 -- The authors use DPV to record processing activities and data collected by a toy robot.

• B. Esteves, H. J. Pandit and V. Rodríguez-Doncel, "ODRL Profile for Expressing Consent through Granular Access Control Policies in Solid," 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2021, pp. 298-306, doi: 10.1109/EuroSPW54576.2021.00038. -- The authors use DPV and ODRL to specify GDPR-aligned policies to determine access control to Solid Pods.

• Esteves, B., Rodríguez-Doncel, V., Pandit, H.J., Mondada, N., McBennett, P. (2022). Using the ODRL Profile for Access Control for Solid Pod Resource Governance. In: The Semantic Web: ESWC 2022 Satellite Events. ESWC 2022. Lecture Notes in Computer Science, vol 13384. Springer, Cham. https://doi.org/10.1007/978-3-031-11609-4_3 Open Access -- follow-up paper to the above one presenting a demo implementation

Use of DPV in Industry/Commercial settings

• Signatu - uses DPV to represent information in its SaaS platform for GDPR compliance and Data Governance
• DPV was involved in SPECIAL H2020 Project which contained Industry partners: World Wide Web Consortium (W3C), Unabhängiges Landeszentrum für Datenschutz (ULD, Data Protection Authority), TenForce, PROXIMUS/Belgacom, Deutsche Telekom AG, Thomson Reuters
• DPV is being used by TRAPEZE H2020 Project which contains Industry partners: TENFORCE (BE), Deutsche Telekom (DE), CaixaBank (ES), Unabhängiges Landeszentrum für Datenschutz, Schleswig-Hostein (DE), Kaspersky Lab Italia (IT)
• DPV is being used by SmashHit H2020 Project which contains Industry partners: The Open Group Limited (United Kingdom), Volkswagen Aktiengesellschaft (Germany), Lexisnexis Risk Solutions (europe)ltd (Ireland), Forum Virium Helsinki Oy (Finland), Infotripla Oy (Finland), Atos Spain Sa (Spain), Atos It Solutions And Services Iberia Sl (Spain)

Use in Projects containing Industry/Commercial Partners

• SPECIAL H2020 project -- The SPECIAL project (Scalable Policy-aware Linked Data Architecture For Privacy, Transparency and Compliance) developed method for the acquisition of user consent at collection time and the recording of both data and metadata (consent policies, event data, context) according to legislative and user-specified policies. SPECIAL launched the W3C Data Privacy Vocabularies and Controls Community Group (DPVCG) as a follow-up action of a very successful workshop on ‘Data Privacy Controls and Vocabularies’ that SPECIAL held together with W3C in April 2018. The consortium partners are the Vienna University of Business and Economics (WU), World Wide Web Consortium (W3C), the Unabhängiges Landeszentrum für Datenschutz (ULD), the Centro Regionale Information Communication Technology (CeRICT), the Technische Universität Berlin (TU-Berlin), TenForce, PROXIMUS/Belgacom, Deutsche Telekom AG and Thomson Reuters.
• TRAPEZE H2020 project -- TRAPEZE (Transparency, Privacy & Security for European Citizens) uses DPV for creating a semantic policy language that uniformly represents: Privacy policies, data subjects’consent, data protection regulations. It is developing a machine understandable vocabulary and automated compliance checking using an OWL2 profile that uses formal semantics to provide provably correct compliance (no false positives nor negatives) with high performance (real time compliance checking: ~200 μsec/check). TRAPEZE’s industrial partners test these implementations by writing their privacy policies using the developed framework. To facilitate greater adoption, TRAPEZE is creating a JSON serialisation (equivalent to OWL2 version). The project includes 13 partners from seven European countries: TENFORCE (BE), ERCIM – The European Research Consortium for Informatics and Mathematics (FR), TU Berlin (DE), Informatie Vlaanderen (BE), Deutsche Telekom (DE), CaixaBank (ES), CINI – Consorzio Interuniversitario Nazionale per l’Informatica (IT), Unabhängiges Landeszentrum für Datenschutz, Schleswig-Hostein (DE), Kaspersky Lab Italia (IT), Institute Mihajlo Pupin (RS), IPSOS (BE), Athens Technology Centre (GR) and E-Seniors Association (FR).
• SmashHit H2020 project -- SmashHit has developed an ontology for GDPR compliant sensor data sharing in the smart cities and insurance domains that uses DPV in its ontologies to model contracts and consent information as Knowledge Graphs. The consortium includes Universitaet Innsbruck (Austria), Gottfried Wilhelm Leibniz Universitaet Hannover (Germany), The Open Group Limited (United Kingdom), Volkswagen Aktiengesellschaft (Germany), Lexisnexis Risk Solutions (europe)ltd (Ireland), Forum Virium Helsinki Oy (Finland), Infotripla Oy (Finland), Atos Spain Sa (Spain), Atos It Solutions And Services Iberia Sl (Spain), Rheinische Friedrich-wilhelms-universitat Bonn (Germany).
• MOSAICrOWN H2020 project -- TBA
• FAIRVASC H2020 project -- uses semantic-web technologies to link vasculitis (health condition) registries across Europe into a ‘single European dataset’, and thus open the door to new research into these challenging diseases by using FAIR principles for better data sharing. It uses DPV to annotate datasets with policies and represent consent information.

Extensions to DPV

• "A Common Semantic Model of the GDPR Register of Processing Activities" by : . JURIX 2020: 251-254
• Debruyne, C., Pandit, H.J., Lewis, D. et al. “Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance. Knowl Inf Syst 62, 3615–3640 (2020).

Evaluation/Comparison of DPV

• Thalhath N., Nagamori M., Sakaguchi T. (2020) MetaProfiles - A Mechanism to Express Metadata Schema, Privacy, Rights and Provenance for Data Interoperability. In: Ishita E., Pang N.L.S., Zhou L. (eds) Digital Libraries at Times of Massive Societal Transition. ICADL 2020. Lecture Notes in Computer Science, vol 12504. Springer, Cham.
• Esteves, B., Rodríguez-Doncel, V. (2022) "Analysis of Ontologies and Policy Languages to Represent Information Flows in GDPR". Semantic Web Journal: 1 – 35.

Mentions of DPV

• Calvaresi, D., Schumacher, M., & Calbimonte, J. P. (2020). Agent-based modeling for ontology-driven analysis of patient trajectories. Journal of medical systems, 44(9), 1-11. (open-access)
• Bonatti, P. A., Kirrane, S., Petrova, I. M., & Sauro, L. (2020). Machine Understandable Policies and GDPR Compliance Checking. KI-Künstliche Intelligenz, 34(3), 303-315. open-access: arXiv
• Matulevičius, R., Tom, J., Kala, K., & Sing, E. (2020, June). A Method for Managing GDPR Compliance in Business Processes. In International Conference on Advanced Information Systems Engineering (pp. 100-112). Springer, Cham.