GDPRov
GDPRov is pronounced as GDPR-Prov
A vocabulary for defining provenance information relevant to GDPR using (GDPR-related) specific terms and concepts. Extends PROV-O and P-Plan vocabularies.
GDPRov
GDPRov provides a way to define provenance related to consent and data flows in the context of the GDPR. It uses GDPR-relevant terminology for this. By extending PROV-O and P-Plan, GDPRov allows defining an abstract template or model of the system to depict how consent and data are collected, used, stored, deleted, and shared; and allowing specific instances/executions to refer to concrete use-cases of artefacts and entities. This follows from the use of P-Plan, which is an extension of PROV-O, to define abstract workflows which can then be instantiated as provenance traces. For GDPR-related purposes, GDPRov can depict a model of the provenance system, which can then be used to create specific references to particular consent and data entities as well as activities for different agents/data subjects.
GDPRov uses is the GDPR-specific vocabulary through GDPRtEXT.
- domain: legal, provenance
- creators/authors/publishers: Harshvardhan J. Pandit, Declan O'Sullivan, Dave Lewis (ADAPT Centre, Trinity College Dublin)
- license: CC-by-4.0
- url: http://purl.org/adaptcentre/openscience/ontologies/GDPRov
- documentation: https://openscience.adaptcentre.ie/ontologies/GDPRov/docs/index-en.html
- publication: "Modelling Provenance for GDPR Compliance using Linked Open Data Vocabularies". Harshvardhan J. Pandit, Dave Lewis. Proceedings of the 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn2017) (PrivOn). Co-located with ISWC 2017.
Relevance
- origin: (see creators/authors/publishers) Outcome of PhD research by first author.
- developed since: May 2017
- latest version: v0.7 2018-07-31 http://purl.org/adaptcentre/openscience/ontologies/GDPRov
Covered Requirements
- Taxonomy of regulatory privacy terms (including all GDPR terms) : specifies some GDPR terms in relation to provenance
- Taxonomy for personal data : specifies some categories of personal data
- Taxonomy of purposes : specifies some activities over personal data
- Taxonomy of disclosure : N/A
- Metadata related to the details of anonymisation : specifies anonymisation and pseudo-anonymisation
- Log vocabularies for immutably and securely recording: N/A
- disclosure of consent
- revocation of consent
- policy changes
- transparency
- Taxonomy of linkage operations: N/A
- Taxonomies of human behavior: N/A
Uptake and Covered Use-cases
Primary use-case: Can describe a model of a system in terms of consent and data lifecycles - how the consent and data are acquired, used, stored, shared, and erased.
Reference use-cases:
- SPECIAL/Proximus use case - personalized touristic recommendations : pending documentation of use-case
- SPECIAL/DT use case - mobile network quality measurements : pending documentation of use-case
- SPECIAL/TR use case - ‘Know Your Customer’ (finance, anti-money-laundering) : pending documentation of use-case
Terms and Concepts
https://openscience.adaptcentre.ie/ontologies/GDPRov/docs/index-en.html#crossreference