Data Privacy Vocabularies and Controls Community Group

https://www.w3.org/community/dpvcg/

The mission of the W3C Data Privacy Vocabularies and Controls CG (DPVCG) is to develop a taxonomy of privacy and data protection related terms, which include in particular terms from the new European General Data Protection Regulation (GDPR), such as a taxonomy of personal data as well as a classification of purposes (i.e., purposes for data collection), and events of disclosures, consent, and processing such personal data.

The DPVCG was created as an outcome of the W3C Workshop on Data Privacy Controls and Vocabularies in Vienna in 2017, and started on 25th May 2018 – the date of the enforcement of GDPR. Since then, the DPVCG has worked to fulfil its aims and objectives, and produced the Data Privacy Vocabulary (DPV) as a deliverable.

Membership to the group is open to all interested individuals and organisations. To join the group, you need a valid W3C account – which is free to get and can be requested here . The group meets usually through online meeting calls, details of which, including past minutes, can be found here. The group also interacts through a mailing list regarding topics, discussions, sharing of agendas, actions, and other relevant items. The resources and work relevant to the group is hosted on the GitHub platform under the DPVCG name.

The group is currently chaired by:

• Harshvardhan J. Pandit (ADAPT SFI Research Centre, Trinity College Dublin)
• Bert Bos (ERCIM W3C)
• Axel Polleres (WU Wirschaftsuniversitat Wien – Vienna University of Economics and Business)

Participation in Group Activities

The working of the group is fairly open and transparent in its process, with most of the information present on the wiki. For past work, actions, issues, and records – please refer to the wiki and threads on the mailing list. Anyone can use the mailing list to ask questions, suggest topics, raise issues, and offer solutions. Non-members might receive an automated reply asking them to authenticate their email or email address for posting.

Similarly, calls are usually open to attend, with the agenda shared on the public mailing list. Call details may be shared on the internal mailing lists accessible to only members for security purposes – so it may be best to ask the chair(s) or a member for attending a call.

General questions regarding what the group considers in scope can be determined from the aims and objectives. Specific queries or propositions should be conveyed to the mailing list. For issues regarding the DPV, including addition of concepts or a query or other relevant topics – you can use the mailing list or the issues feature in a GitHub repo.

Data Privacy Vocabulary (DPV)

The DPV is a vocabulary (terms) and an ontology (relationships) serialised using semantic-web standards to represent concepts associated with privacy and data protection, primarily derived from GDPR. It enables representation of which personal data categories are undergoing a what kind of processing by a specific data controller and/or transferred to some recipient for a particular purpose, based on a specific legal basis (e.g., consent, or other legal grounds such as legitimate interest, etc.), with specified technical and organisational measures and restrictions (e.g., storage locations and storage durations) in place.

The DPV is useful as a machine-readable representation of personal data processing and can be adopted in relevant use-cases such as legal compliance documentation and evaluation, policy specification, consent representation and requests, taxonomy of legal terms, and annotation of text and data.

The DPV is an evolving vocabulary – as the DPVCG continues to work on updating it with broader concepts as well as enriching its hierarchy of concepts. For this, we invite contributions of concepts, use-cases, requirements, and applications. See the GitHub repository for more information on this process.

DPV Namespaces and Links - IRIs, namespaces, and links to DPV spec, serialisations, primer, guides, etc.

DPV future - a note on topics for upcoming updates, contributions, and changes.

Publications

Specifications

Published specifications are listed on the DPVCG home page. They include:

• DPVCG Vocabulary (see also draft on GitHub)
• DPVCG GDPR Legal Basis Vocabulary (see also draft on GitHub)

Peer-reviewed Publications

The following peer-reviewed publications have been published associated with the DPVCG:

1. Creating a Vocabulary for Data Privacy: The First-Year Report of Data Privacy Vocabularies and Controls Community Group (DPVCG) publication paper (OA)
   This publication describes the Data Privacy Vocabulary as the deliverable along with its methodology, design, and components.
   Authors: Harshvardhan J Pandit, Axel Polleres, Bert Bos, Rob Brennan, Bud Bruegger, Fajar J Ekaputra, Javier D Fernández, Roghaiyeh Gachpaz Hamed, Elmar Kiesling, Mark Lizar, Eva Schlehahn, Simon Steyskal, Rigo Wenning
   Presented at: 8th International Conference onOntologies, DataBases, and Applications of Semantics (ODBASE) at Rhodes, Greece on 23 October, 2019
2. Data privacy vocabularies and controls: Semantic web for transparency and privacy. paper (OA)
   This publication describes the inception of the DPVCG along with its motivation and goals.
   Authors: Piero A Bonatti, Bert Bos, Stefan Decker, Javier David Fernandez Garcia, Sabrina Kirrane, Vassilios Peristeras, Axel Polleres, Rigo Wenning. Presented at Workshop on Semantic Web for Social Good (SWSG2018) co-located with 17th International Semantic Web Conference (ISWC 2018) at Monterey, California, USA on October 9, 2018.

Links

Meeting call details and Minutes

For details on joining the meeting calls and records of past minutes, see Meeting Calls.

Use-Cases, Requirements, Vocabularies

It is recommended to submit issues on GitHub and using the wiki for recording documentation / notes. See repositories under DPVCG account on GitHub. Use-cases should be submitted to GitHub use-cases, Examples should be submitted to GitHub dpv-examples.

The Use-Cases, Requirements, Vocabularies section on the wiki lists some notes and templates for the use-cases as well as notes on existing vocabularies.

Taxonomy

The Taxonomy section provides ongoing discussion and consensus on definitions of terms/concepts as well as work towards the creation of a taxonomy of terms and concepts.

Adoption of DPVCG

The Adoption of DPVCG section provides information about current implementations of the work done by DPVCG, including DPV and DPV-GDPR.

Presentations and Showcases

The Presentations and Showcases section provides a list of presentations and showcases of the work done by DPVCG, and includes slides/notes where possible.

Frequently Asked Questions (FAQ)

The Frequently Asked Questions (FAQ) section is a collection of topics, questions, and issues that are frequently raised along with links to their discussion and answers within the DPVCG community.