SPLOG
SPLOG stands for the SPECIAL Policy Log Vocabulary
A vocabulary to log data processing and sharing events that should comply with a given consent provided by a data subject. It also models the consent actions related to consent giving and revocation.
SPLOG
The European General Data Protection Regulation defines a set of obligations for personal data controllers and processors. Primary obligations include: obtaining explicit consent from the data subject for the processing of personal data, providing full transparency with respect to the processing, and enabling data rectification and erasure (albeit only in certain circumstances). At the core of any transparency architecture is the logging of events in relation to the processing and sharing of personal data. The logs should enable verification that data processors abide by the access and usage control policies that have been associated with the data based on the data subject’s consent and the applicable regulations.
The SPECIAL Policy Log Vocabulary is focused purely on the representation of such logs using the W3C RDF (Resource Description Framework) standard and published following the principles of linked data.
At the heart of a log is a set of log entries organized along the privacy-aware content they relate to, together with associated metadata. The SPECIAL Policy Log Vocabulary makes extensive use of the Usage Policy Language Ontology, defined within the SPECIAL H2020 EU project.
- domain: logs, events, consent, policies
- creators/authors/publishers: Bonatti, B. A., Dullaert, W., Fernández, J. D., Kirrane, S., Milosevic, U., and Polleres, A. (SPECIAL H2020 EU project)
- license: CC-by-4.0
- url: http://purl.org/specialprivacy/splog. OWL download
- documentation: https://www.specialprivacy.eu/images/documents/SPECIAL_D2.3_M14_V1.0.pdf
The SPECIAL Policy Log vocabulary in turn builds upon the following existing RDF vocabularies:
- The SPECIAL Usage Policy Language for policies
- Provenance Ontology for provenance information
- Dublin Core Terms for metadata
Relevance
- origin: SPECIAL H2020 EU project.
- developed since: Feb 2018
- latest version: v0.1 2018-02-28 https://www.specialprivacy.eu/langs/splog
Covered Requirements
- Taxonomy of regulatory privacy terms (including all GDPR terms) : uses the GDPR terms specified in the SPECIAL Usage Policy Language
- Taxonomy for personal data : uses the data categories specified in the SPECIAL Usage Policy Language
- Taxonomy of purposes : uses the purpose categories specified in the SPECIAL Usage Policy Language
- Taxonomy of disclosure : N/A
- Metadata related to the details of anonymisation : N/A
- Log vocabularies for immutably and securely recording: Specifies links to Inmutable Records
- disclosure of consent : records the action of consent agreement
- revocation of consent : records the action of consent revocation
- policy changes : policy changes are created as new policy events
- transparency : records all data sharing and processing events
- Taxonomy of linkage operations: N/A
- Taxonomies of human behavior: N/A
Uptake and Covered Use-cases
Primary use-case: Can represent logs of data sharing and processing events, as well as consent giving and revocation. Such logs can be used as a basis for transparency and compliance.
Reference use-cases:
- SPECIAL/Proximus use case - personalized touristic recommendations : pending documentation of use-case
- SPECIAL/DT use case - mobile network quality measurements : pending documentation of use-case
- SPECIAL/TR use case - ‘Know Your Customer’ (finance, anti-money-laundering) : pending documentation of use-case