PrOnto: Privacy Ontology for Legal Reasoning

From Data Privacy Vocabularies and Controls Community Group

PrOnto: Privacy Ontology for Legal Reasoning

Provides modeling of the privacy agents, data types, types of processing operations, rights and obligations. Uses FRBR, LKIF Core, ALLOT, and PWO ontologies.

  • domain: Legal Reasoning
  • creators/authors/publishers:
    • Monica Palmirani (University of Bologna, CIRSFID, Bologna,Italy)
    • Michele Martoni (University of Bologna, CIRSFID, Bologna,Italy)
    • Arianna Rossi (University of Bologna, CIRSFID, Bologna,Italy)
    • Cesare Bartolini (SnT - Interdisciplinary Centre for Security, Reliability and Trust, Université du Luxembourg, Luxembourg City, Luxembourg)
    • Livio Robaldo (SnT - Interdisciplinary Centre for Security, Reliability and Trust, Université du Luxembourg, Luxembourg City, Luxembourg)
  • url link: not available
  • documentation if available online: not available
  • publication(s): Palmirani M., Martoni M., Rossi A., Bartolini C., Robaldo L. (2018) PrOnto: Privacy Ontology for Legal Reasoning. In: Kő A., Francesconi E. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2018. Lecture Notes in Computer Science, vol 11032. Springer, Cham


  • Origin: Not specified
  • Developed since: Not specified
  • Latest version: Not specified

Covered Requirements

  • Taxonomy of regulatory privacy terms (including all GDPR terms): YES. Contains references to terms from GDPR, including rights and obligations, as was as compliance.
  • Taxonomy for personal data: YES. It contains concepts such as Sensitive data (health, ethic, genetic, ...), Anonymous Data, Judicial Data
  • Taxonomy of purposes: YES
  • Taxonomy of disclosure: NO
  • Metadata related to the details of anonymisation: YES (unclear about coverage)
  • Log vocabularies for immutably and securely recording: NO
    • disclosure of consent
    • revocation of consent
    • policy changes
    • transparency
  • Taxonomy of linkage operations: NO
  • Taxonomies of human behavior: NO

Uptake and Covered Use-cases

Evaluation of the ontology/approach was carried out inside/using Cloud4EU European project PCP3 that intends to provide legal compliance checking systems for eGovernment services that are delivered across the cloud. Another example for compliance checking, as quoted from the publication: "We suppose that a software manages documentation, registry of processing, DPIA information, etc. (e.g., software provided by the French CNIL – Commission Nationale de l’Informatique et des Libertés6). If such a software is connected with PrOnto ontology, we can check for GDPR compliance throughout all the lifecycle of the personal data, using advanced legal reasoning tools or SPARQL end-points."

List and cross-reference the use cases in the Use cases section:

Terms and Concepts

The work presents a lot of relevant terms/concepts and methods which needs further introspection. In terms of an overview, PrOnto contains five modules: (i) documents and data, (ii) actors and roles, (iii) processing and workflow, (iv) legal rules and deontic formula, (v) purposes and legal bases; each of which presents a model (term/concept and relations) using OWL.