GDPRov is pronounced as GDPR-Prov

A vocabulary for defining provenance information relevant to GDPR using (GDPR-related) specific terms and concepts. Extends PROV-O and P-Plan vocabularies.

GDPRov

GDPRov provides a way to define provenance related to consent and data flows in the context of the GDPR. It uses GDPR-relevant terminology for this. By extending PROV-O and P-Plan, GDPRov allows defining an abstract template or model of the system to depict how consent and data are collected, used, stored, deleted, and shared; and allowing specific instances/executions to refer to concrete use-cases of artefacts and entities. This follows from the use of P-Plan, which is an extension of PROV-O, to define abstract workflows which can then be instantiated as provenance traces. For GDPR-related purposes, GDPRov can depict a model of the provenance system, which can then be used to create specific references to particular consent and data entities as well as activities for different agents/data subjects.

GDPRov uses is the GDPR-specific vocabulary through GDPRtEXT.

• domain: legal, provenance
• creators/authors/publishers: Harshvardhan J. Pandit, Declan O'Sullivan, Dave Lewis (ADAPT Centre, Trinity College Dublin)
• license: CC-by-4.0
• url: http://purl.org/adaptcentre/openscience/ontologies/GDPRov
• documentation: https://openscience.adaptcentre.ie/ontologies/GDPRov/docs/index-en.html
• publication: "Modelling Provenance for GDPR Compliance using Linked Open Data Vocabularies". Harshvardhan J. Pandit, Dave Lewis. Proceedings of the 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn2017) (PrivOn). Co-located with ISWC 2017.

Relevance

• origin: (see creators/authors/publishers) Outcome of PhD research by first author.
• developed since: May 2017
• latest version: v0.7 2018-07-31 http://purl.org/adaptcentre/openscience/ontologies/GDPRov

Covered Requirements

• Taxonomy of regulatory privacy terms (including all GDPR terms) : specifies some GDPR terms in relation to provenance
• Taxonomy for personal data : specifies some categories of personal data
• Taxonomy of purposes : specifies some activities over personal data
• Taxonomy of disclosure : N/A
• Metadata related to the details of anonymisation : specifies anonymisation and pseudo-anonymisation
• Log vocabularies for immutably and securely recording: N/A
  • disclosure of consent
  • revocation of consent
  • policy changes
  • transparency
• Taxonomy of linkage operations: N/A
• Taxonomies of human behavior: N/A

Uptake and Covered Use-cases

Primary use-case: Can describe a model of a system in terms of consent and data lifecycles - how the consent and data are acquired, used, stored, shared, and erased.

Reference use-cases:

• SPECIAL/Proximus use case - personalized touristic recommendations : pending documentation of use-case
• SPECIAL/DT use case - mobile network quality measurements : pending documentation of use-case
• SPECIAL/TR use case - ‘Know Your Customer’ (finance, anti-money-laundering) : pending documentation of use-case

Terms and Concepts

https://openscience.adaptcentre.ie/ontologies/GDPRov/docs/index-en.html#crossreference