Copyright © 2024 the Contributors to the Data & Personal Data Specification, published by the Data Privacy Vocabularies and Controls Community Group under the W3C Community Final Specification Agreement (FSA). A human-readable summary is available.
This document provides additional details and examples for data and personal data concepts in the Data Privacy Vocabulary [DPV], and is a companion to the [DPV] specification.
This specification was published by the Data Privacy Vocabularies and Controls Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Final Specification Agreement (FSA) other conditions apply. Learn more about W3C Community and Business Groups.
Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing guide for further information.
GitHub Issues are preferred for discussion of this specification.
Data Privacy Vocabulary (DPV) Specification: is the base/core specification for the 'Data Privacy Vocabulary', which is extended for Personal Data [PD], Locations [LOC], Risk Management [RISK], Technology [TECH], and [AI]. Specific [LEGAL] extensions are also provided which model jurisdiction specific regulations and concepts - see the complete list of extensions. To support understanding and applications of [DPV], various guides and resources [GUIDES] are provided, including a [PRIMER]. A Search Index of all concepts from DPV and extensions is available.
[DPV] and related resources are published on GitHub. For a general overview of the Data Protection Vocabularies and Controls Community Group [DPVCG], its history, deliverables, and activities - refer to DPVCG Website. For meetings, see the DPVCG calendar.
The peer-reviewed article “Creating A Vocabulary for Data Privacy” presents a historical overview of the DPVCG, and describes the methodology and structure of the DPV along with describing its creation. An open-access version can be accessed here, here, and here. The article Data Privacy Vocabulary (DPV) - Version 2, accepted for presentation at the 23rd International Semantic Web Conference (ISWC 2024), describes the changes made in DPV v2.
DPV provides the concept Data and relation hasData to indicate involvement or association of any data. The concept PersonalData and the relation hasPersonalData are provided to indicate what categories or instances of personal data are being processed. The DPV specification only provides a structure for describing personal data, e.g. as being sensitive. For specific categories of personal data for use-cases, Personal Data categories for DPV provides additional concepts that extend the DPV's personal data taxonomy. This separation is to enable adopters to decide whether the extension's concepts are useful to them, or to use other external vocabularies, or define their own.
In addition to Personal Data, there may be a need to represent Non-Personal Data within the same contextual use-cases. For this, DPV provides the concepts NonPersonalData and SyntheticData.
To indicate data categorised based on DataSource
, e.g. as "collected personal data", DPV provides: CollectedPersonalData, DerivedPersonalData, InferredPersonalData, GeneratedPersonalData, and ObservedPersonalData.
For indicating personal data which is sensitive, the concept SensitivePersonalData is provided. For indicating special categories of data, the concept SpecialCategoryPersonalData is provided. In this, the concept sensitive indicates that the data needs additional considerations (and perhaps caution) when processing, such as by increasing its security, reducing usage, or performing impact assessments. Special categories, by contrast, are a 'special' type of sensitive personal data requiring additional considerations or obligations defined in laws (or through other forms) that regulate how they should be used or prohibit their use until specific obligations are met.
To specify data is anonymised, DPV provides two concepts. AnonymisedData for when data is completely anonymised and cannot be de-anonymised, which is a subtype of NonPersonalData. And, PseudonymisedData for when data has only been partially anonymised or de-anonymisation is possible, which is a subtype of PersonalData.
DPV defines the following concepts for expressing information about data:
The Personal Data categories for DPV extension provides a taxonomy of personal data categories to represent commonly used categories such as 'Email Address' and 'Birth Date'. These concepts are organised in a hierarchical taxonomy where the super/parent concept is a broader form of the sub/child concept, and where these concepts act as sets i.e. everything in the sub/child concept is present in the super/parent concept. For example, consider the concept 'Email' - it can refer to email addresses, actual emails, metadata or attachments associated with emails, and so on. To distinguish between these, the 'Email' concept must be further 'extended' or 'refined' with subclasses or child concepts such as 'Email Address', 'Email Contents', etc. The [PD] taxonomy categories are modelled with such interpretations in mind. This helps align the use of DPV with practical use-cases where such ambiguous use of terms can be identified and rectified by choosing a more specific concept from the taxonomy (e.g. Email Address instead of Email above).
The relation hasPersonalData can be used to indicate both the category and instance of personal data. For example, to indicate the personal data being collected is of category 'Email Address', or to specify a particular email address. We recommend using rdf:value
to represent such 'values' of personal data associated with a category. Alternatively, other vocabularies such as [FOAF] or [schema-org] can also be used to further specify the contents of personal data. Through we strongly recommend always using a DPV concept and a [PD] taxonomy concept for interoperability.
Real-world and common usage of personal data is at both an abstract level as well as specific level. For example, consider the sentence "We use your Email information...", which uses "Email" to represent a reference to what personal data is involved. Here, one may interpret Email as representing only the email address, or as a broad set of possible information related to emails, such as email address, email senders and recipients list, email service provider, email usage statistics and so on.
For ensuring clarity and resolving any potential ambiguity, DPV recommends being as specific as possible. This means where there is ambiguity as to what the information may be associated with or within a concept, it is advisable to resolve that ambiguity - either by choosing a more accurate concept from the taxonomy and/or by creating one through extension of an existing concept.
In addition to above, it is also challenging to accurately represent how concepts function within real-world use in terms of their encapsulation within one another. For example, when establishing the DPV, we discussed the modelling of personal data categories based on the scenario where a picture of passport is initially collected, and from it various categories are extracted, such as - name, address, and photo. For representing this, merely stating the personal data as ‘passport photograph’ would not be entirely accurate as there is additional information within the photograph.
A solution was established whereby the use-case is expected to declare explicitly what information it intends to collect or use with sufficient details and clarity. For the passport photograph scenario, the use-case would use the concept PassportPhoto
as the data it collects, and indicate that it extracts or derives Name
and Age
from it. Or, it directly declares that it collects all three concepts. This is necessary to ensure the interpretation that using PassportPhoto
means having access to and using all of its subsequent personal data categories.
While this is one possible solution, other methods exist, such as explicitly declaring the data categories and their encapsulation within one another, such as by reusing hasPersonalData
or creating additional properties (e.g. containsData
) to indicate a personal data concept, i.e. the passport photo, contains information associated through the relation, i.e. name, age, etc. We welcome discussions regarding both these methods.
Some personal data categories are sensitive. To indicate this, the concept SensitivePersonalData is used. It is important to recognise and document data when it is sensitive as it can require additional considerations such as enhanced technical and organisational measures, and appropriate privacy and data protection impact assessments.
DPV currently categorises personal data as sensitive based on existing research and literature, and as special categories based on [GDPR] Article 9. Both are subject to expansion in the future based on requirements and technological progress, and we welcome well-formed proposals for the same.
SpecialCategoryPersonalData represents those sensitive categories which are regulated by law i.e. their use is regulated and requires additional considerations and obligations, such as under [GDPR] Article 9 which prohibits their use unless specific conditions are met, and also requires conducting a data protection impact assessment (DPIA) for certain cases where they are involved.
The PD taxonomy uses the GDPR Article 9 definition to denote specific concepts as belonging to special categories of personal data, and due to the way the taxonomy is hierarchical in nature, all concepts extending such concepts are also considered (sensitive and) special categories. For example, Biometric
is a special category, which is further extended as FacialPrint
- which is also considered as a special category due to being biometric data.
PII (Personally Identifiable Information) and Sensitivity of data are common concepts in relation to use of personal data. PII is a term with variable definitions depending on the particular interpretation of personal and identifiable. While ISO standards define PII as a concept closer to the personal data definition within DPV, this term can still result in confusion and ambiguity. DPV therefore defines IdentifyingPersonalData
to explicitly denote that some data 'identifies' a person.
DPV provides the SensitivePersonalData
concept, and to indicate the degree of sensitivity, we recommend using the SensitivityLevel
concept and associate it with hasSensitivityLevel
.
The sensitivity of personal data can be universal, where that data is always sensitive, or contextual, which means a use-case needs to declare it as such. For indicating personal data is sensitive (or special), it is sub-typed or declared as an instance of SensitivePersonalData
, as shown in the example below.
In using these concepts, it is important to note that DPV's modelling of sensitive and special categories is non-exhaustive and as such should not be taken as an authoritative fact or a 'source of truth'. To assist with better identifying sensitive concepts, work is ongoing within DPV to identify and provide a reference list of (potentially) sensitive and special categories, and we welcome contributions for the same.
AnonymisedData refers to anonymisation, which is a data de-identification technique whereby any information which can be used to identify the individual, either by itself or in combination with other information - which may be present in the same dataset or outside it, is removed to prevent any possibility of attributing the data to the person it is about. From this, it is clear that the bar for 'true' or 'effective' anonymisation is very high. Anonymised data is no longer considered personal data, and is therefore non-personal data.
To specify data is anonymised, DPV provides two concepts. AnonymisedData
for when data is completely anonymised and cannot be de-anonymised, which is a subtype of NonPersonalData
. And, PseudonymisedData
for when data has only been partially anonymised or de-anonymisation is possible, which is a subtype of PersonalData
.
When data undergoes a partial anonymisation process i.e. it is not completely anonymised, and there is a possibility of re-identification, but it is unlikely for this to happen within the use-case, and where the use-case wishes to treat such data as 'contextually anonymised', the concept ContextuallyAnonymisedData is provided. Transferring such data outside the context results in the data no longer being anonymous, and it must be treated as personal data.
PseudonymisedData is data that has gone a partial or incomplete anonymisation process by replacing the identifiable information with artificial identifiers or 'pseudonyms'. Using such pseudonyms (e.g. IP addresses or fingerprinting techniques) does not render the data anonymous, and it still remains personal data as long as re-identification or association with an individual is possible.
It is important to note that these definitions can be contextually difficult to apply or interpret. For example, consider the case where some data is indicated as being anonymised by itself without any available information to de-anonymise it. Though this can be considered as anonymised data, if there were to exist an external method or dataset that when combined with the anonymised dataset provides de-anonymised information - then this does not fit the definition of anonymised data.
Therefore, when indicating AnonymisedData, the understanding is that it is completely anonymised. Otherwise, given that regulations targeting PersonalData do not apply over anonymised data, the labelling of anonymised or contextually anonymised data may lead to misleading representation and violating obligations.
While the focus of DPV is on Personal Data, there may be a need to represent Non-Personal Data within the same contextual use-cases. For example, if the personal data has been fully, completely, and irreversibly anonymised, then it can no longer be said to be personal data. To enable this, and other representations, DPV provides the concept Data
to represent any data, with subtypes PersonalData
and NonPersonalData
. Using these as annotations can assist in clearly indicating which data should be protected, or protected with more severe measures, or to determine the scope of regulations which only apply over operations involving personal data.
Data
is further subtyped as SyntheticData
- a new concept that represents generated data intended to mimic personal data within a system so as to aid in development and testing without using actual or real personal data. Since such synthetic data may be used in systems that assume it is personal data, it has not been declared as a specific category of personal or non-personal data to permit its use as either.
To specify data in terms of how it was sourced or generated, various concepts are provided that correspond to the processing operations such as collect, derive, infer, observe, generate, and so on. This allows annotating data or indicating how the data was obtained.
CollectedPersonalData denotes the data was collected (from another entity), and ProvidedPersonalData indicates the data was provided by another entity i.e. the other entity knowingly provided this data for collection. For example, a data subject filling out a form to provide data is an example of provided personal data, whereas observation of individuals via CCTV is collected but not provided personal data.
DerivedPersonalData refers to data being derived from another (existing) data - where such data was already present in some form. For example, taking a photograph of a passport and extracting the relevant names and dates from it is considered 'derived data' as the data was already present in the photograph. Where data being derived does not exist i.e. it is 'inferred', the concept InferredPersonalData should be used. For example, if the passport photograph was used in some way to create a risk score for the individual by the immigration office, then such data is considered to be an 'inference' as it was not already present and has been inferred through some algorithmic process.
These concepts are analogous to their processing counterparts, as well as helpful in indicating the source of data i.e. the data source concepts. They are helpful to 'tag' or 'annotate' data, such as in databases or other systems, to indicate or categorise which data has been collected, or derived, or inferred. They can also be used to check or verify the information documented about processing and data sources is accurate and up to date.
Term | AnonymisedData | Prefix | dpv |
---|---|---|---|
Label | Anonymised Data | ||
IRI | https://w3id.org/dpv#AnonymisedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:NonPersonalData → dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Personal Data that has been (fully and completely) anonymised so that it is no longer considered Personal Data | ||
Usage Note | It is advised to carefully consider indicating data is fully or completely anonymised by determining whether the data by itself or in combination with other data can identify a person. Failing this condition, the data should be denoted as PseudonymisedData. To indicate data is anonymised only for a specified entity (e.g. within an organisation), the concept ContextuallyAnonymisedData (as subclass of PseudonymisedData) should be used instead of AnonymisedData. | ||
Date Created | 2022-01-19 | ||
Contributors | Piero Bonatti | ||
See More: | section PERSONAL-DATA in DPV |
Term | CollectedData | Prefix | dpv |
---|---|---|---|
Label | Collected Data | ||
IRI | https://w3id.org/dpv#CollectedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that has been obtained by collecting it from a source | ||
Date Created | 2023-12-10 | ||
See More: | section PERSONAL-DATA in DPV |
Term | CollectedPersonalData | Prefix | dpv |
---|---|---|---|
Label | Collected Personal Data | ||
IRI | https://w3id.org/dpv#CollectedPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:CollectedData → dpv:Data | ||
Broader/Parent types | dpv:PersonalData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Personal Data that has been collected from another source such as the Data Subject | ||
Usage Note | To indicate the source of data, use the DataSource concept with the hasDataSource relation | ||
Examples | dex:E0046 :: Indicating data being collected and derived |
||
Date Created | 2022-03-30 | ||
Date Modified | 2023-12-10 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DEX |
Term | CommerciallyConfidentialData | Prefix | dpv |
---|---|---|---|
Label | Commercially Confidential Data | ||
IRI | https://w3id.org/dpv#CommerciallyConfidentialData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data protected through Commercial Confidentiality Agreements | ||
Source | |||
Date Created | 2024-02-14 | ||
See More: | section PERSONAL-DATA in DPV |
Term | ConfidentialData | Prefix | dpv |
---|---|---|---|
Label | Confidential Data | ||
IRI | https://w3id.org/dpv#ConfidentialData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data deemed confidential | ||
Source | |||
Date Created | 2024-02-14 | ||
See More: | section PERSONAL-DATA in DPV |
Term | ContextuallyAnonymisedData | Prefix | dpv |
---|---|---|---|
Label | Contextually Anonymised Data | ||
IRI | https://w3id.org/dpv#ContextuallyAnonymisedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:PseudonymisedData → dpv:PersonalData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Data that can be considered as being fully anonymised within the context but in actuality is not fully anonymised and is still personal data as it can be de-anonymised outside that context | ||
Usage Note | To distinguish between partially anonymised data that can be effectively treated as anonymised data (e.g. in processing) within a context (e.g. an organisation), the concept ContextuallyAnonymisedData should be used instead of AnonymisedData. Transfer of this data outside of the context should consider that it is not fully anonymised and that it is still personal data | ||
Date Created | 2024-06-11 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | Data | Prefix | dpv |
---|---|---|---|
Label | Data | ||
IRI | https://w3id.org/dpv#Data | ||
Type | rdfs:Class, skos:Concept | ||
Object of relation | dpv:hasData | ||
Definition | A broad concept representing 'data' or 'information' | ||
Date Created | 2022-01-19 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | DerivedData | Prefix | dpv |
---|---|---|---|
Label | Derived Data | ||
IRI | https://w3id.org/dpv#DerivedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that has been obtained through derivations of other data | ||
Date Created | 2023-12-10 | ||
See More: | section PERSONAL-DATA in DPV |
Term | DerivedPersonalData | Prefix | dpv |
---|---|---|---|
Label | Derived Personal Data | ||
IRI | https://w3id.org/dpv#DerivedPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:DerivedData → dpv:Data | ||
Broader/Parent types | dpv:PersonalData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Personal Data that is obtained or derived from other data | ||
Usage Note | Derived Data is data that is obtained through processing of existing data, e.g. deriving first name from full name. To indicate data that is derived but which was not present or evident within the source data, InferredPersonalData should be used. | ||
Examples | dex:E0009 :: Derivation and inference of personal datadex:E0046 :: Indicating data being collected and derived |
||
Source | DPVCG | ||
Related | svd:Derived | ||
Date Created | 2019-05-07 | ||
Date Modified | 2023-12-10 | ||
Contributors | Elmar Kiesling; Harshvardhan J. Pandit, Fajar Ekaputra | ||
See More: | section PERSONAL-DATA in DEX |
Term | GeneratedData | Prefix | dpv |
---|---|---|---|
Label | Generated Data | ||
IRI | https://w3id.org/dpv#GeneratedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that is generated or brought into existence without relation to existing data i.e. it is not derived or inferred from other data | ||
Date Created | 2023-12-10 | ||
See More: | section PERSONAL-DATA in DPV |
Term | GeneratedPersonalData | Prefix | dpv |
---|---|---|---|
Label | Generated Personal Data | ||
IRI | https://w3id.org/dpv#GeneratedPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:PersonalData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Personal Data that is generated or brought into existence without relation to existing data i.e. it is not derived or inferred from other data | ||
Usage Note | Generated Data is used to indicate data that is produced and is not derived or inferred from other data | ||
Date Created | 2022-03-30 | ||
Date Modified | 2023-12-10 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | IdentifyingPersonalData | Prefix | dpv |
---|---|---|---|
Label | Identifying Personal Data | ||
IRI | https://w3id.org/dpv#IdentifyingPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:PersonalData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Personal Data that explicitly and by itself is sufficient to identify a person | ||
Usage Note | DPV does not use PII ('Personally Identifiable Information') as it has varying and conflicting definitions across sources. Instead the concept 'identifying personal data' is intended to provide a clear categorisation of its interpretation. Where multiple data categories can be combined to create an 'identifying' category e.g. fingerprinting, this concept represents the combined category. | ||
Date Created | 2024-02-14 | ||
See More: | section PERSONAL-DATA in DPV |
Term | IncorrectData | Prefix | dpv |
---|---|---|---|
Label | Incorrect Data | ||
IRI | https://w3id.org/dpv#IncorrectData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that is known to be incorrect or inconsistent with some requirements | ||
Date Created | 2022-11-02 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | InferredData | Prefix | dpv |
---|---|---|---|
Label | Inferred Data | ||
IRI | https://w3id.org/dpv#InferredData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:DerivedData → dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that has been obtained through inferences of other data | ||
Date Created | 2023-12-10 | ||
See More: | section PERSONAL-DATA in DPV |
Term | InferredPersonalData | Prefix | dpv |
---|---|---|---|
Label | Inferred Personal Data | ||
IRI | https://w3id.org/dpv#InferredPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:DerivedPersonalData → dpv:DerivedData → dpv:Data | ||
Broader/Parent types | dpv:DerivedPersonalData → dpv:PersonalData → dpv:Data | ||
Broader/Parent types | dpv:InferredData → dpv:DerivedData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Personal Data that is obtained through inference from other data | ||
Usage Note | Inferred Data is derived data generated from existing data, but which did not originally exist within it, e.g. inferring demographics from browsing history. | ||
Examples | dex:E0009 :: Derivation and inference of personal data |
||
Date Created | 2022-01-19 | ||
Date Modified | 2023-12-10 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DEX |
Term | IntellectualPropertyData | Prefix | dpv |
---|---|---|---|
Label | Intellectual Property Data | ||
IRI | https://w3id.org/dpv#IntellectualPropertyData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:ConfidentialData → dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data protected by Intellectual Property rights and regulations | ||
Source | |||
Date Created | 2024-02-14 | ||
See More: | section PERSONAL-DATA in DPV |
Term | NonPersonalData | Prefix | dpv |
---|---|---|---|
Label | Non-Personal Data | ||
IRI | https://w3id.org/dpv#NonPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that is not Personal Data | ||
Usage Note | The term NonPersonalData is provided to distinguish between PersonalData and other data, e.g. for indicating which data is regulated by privacy laws. To specify personal data that has been anonymised, the concept AnonymisedData should be used as the anonymisation process has a risk of not being fully effective and such anonymous data may be found to be personal data depending on circumstances. | ||
Date Created | 2022-01-19 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | ObservedData | Prefix | dpv |
---|---|---|---|
Label | Observed Data | ||
IRI | https://w3id.org/dpv#ObservedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:CollectedData → dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that has been obtained through observations of a source | ||
Date Created | 2023-12-10 | ||
See More: | section PERSONAL-DATA in DPV |
Term | ObservedPersonalData | Prefix | dpv |
---|---|---|---|
Label | Observed Personal Data | ||
IRI | https://w3id.org/dpv#ObservedPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:CollectedPersonalData → dpv:CollectedData → dpv:Data | ||
Broader/Parent types | dpv:CollectedPersonalData → dpv:PersonalData → dpv:Data | ||
Broader/Parent types | dpv:ObservedData → dpv:CollectedData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Personal Data that has been collected through observation of the Data Subject(s) | ||
Date Created | 2022-08-24 | ||
Date Modified | 2023-12-10 | ||
Contributors | Georg P. Krog | ||
See More: | section PERSONAL-DATA in DPV |
Term | PersonalData | Prefix | dpv |
---|---|---|---|
Label | Personal Data | ||
IRI | https://w3id.org/dpv#PersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Data directly or indirectly associated or related to an individual. | ||
Usage Note | This definition of personal data encompasses the concepts used in GDPR Art.4-1 for 'personal data' and ISO/IEC 2700 for 'personally identifiable information (PII)'. | ||
Examples | dex:E0044 :: Specifying personal data |
||
Source | GDPR Art.4-1g | ||
Related | spl:AnyData | ||
Date Created | 2019-04-05 | ||
Date Modified | 2022-01-19 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DEX |
Term | ProvidedData | Prefix | dpv |
---|---|---|---|
Label | Provided Data | ||
IRI | https://w3id.org/dpv#ProvidedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:CollectedData → dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that has been provided by an entity | ||
Usage Note | Provided data involves one entity explicitly providing the data, which the other entity then collects | ||
Date Created | 2024-04-20 | ||
Contributors | Harshvardhan J. Pandit, Paul Ryan | ||
See More: | section PERSONAL-DATA in DPV |
Term | ProvidedPersonalData | Prefix | dpv |
---|---|---|---|
Label | Provided Personal Data | ||
IRI | https://w3id.org/dpv#ProvidedPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:CollectedPersonalData → dpv:CollectedData → dpv:Data | ||
Broader/Parent types | dpv:CollectedPersonalData → dpv:PersonalData → dpv:Data | ||
Broader/Parent types | dpv:ProvidedData → dpv:CollectedData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Personal Data that has been provided by an entity such as the Data Subject | ||
Usage Note | Provided personal data involves one entity (e.g. data subject) explicitly providing the data, which the other entity (e.g. data controller) then collects | ||
Examples | dex:E0046 :: Indicating data being collected and derived |
||
Date Created | 2024-04-20 | ||
Contributors | Harshvardhan J. Pandit, Paul Ryan | ||
See More: | section PERSONAL-DATA in DEX |
Term | PseudonymisedData | Prefix | dpv |
---|---|---|---|
Label | Pseudonymised Data | ||
IRI | https://w3id.org/dpv#PseudonymisedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:PersonalData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Pseudonymised Data is data that has gone a partial or incomplete anonymisation process by replacing the identifiable information with artificial identifiers or 'pseudonyms', and is still considered as personal data | ||
Date Created | 2022-01-19 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | SensitiveData | Prefix | dpv |
---|---|---|---|
Label | Sensitive Data | ||
IRI | https://w3id.org/dpv#SensitiveData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data deemed sensitive | ||
Date Created | 2024-02-14 | ||
See More: | section PERSONAL-DATA in DPV |
Term | SensitiveNonPersonalData | Prefix | dpv |
---|---|---|---|
Label | Sensitive Non Personal Data | ||
IRI | https://w3id.org/dpv#SensitiveNonPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:SensitiveData → dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Non-personal data deemed sensitive | ||
Source | |||
Date Created | 2024-02-14 | ||
See More: | section PERSONAL-DATA in DPV |
Term | SensitivePersonalData | Prefix | dpv |
---|---|---|---|
Label | Sensitive Personal Data | ||
IRI | https://w3id.org/dpv#SensitivePersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:PersonalData → dpv:Data | ||
Broader/Parent types | dpv:SensitiveData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Personal data that is considered 'sensitive' in terms of privacy and/or impact, and therefore requires additional considerations and/or protection | ||
Usage Note | Sensitivity' is a matter of context, and may be defined within legal frameworks. For GDPR, Special categories of personal data are considered a subset of sensitive data. To illustrate the difference between the two, consider the situation where Location data is collected, and which is considered 'sensitive' but not 'special'. As a probable rule, sensitive data require additional considerations whereas special category data requires additional legal basis / justifications. | ||
Examples | dex:E0010 :: Indicating personal data is sensitive or special categorydex:E0045 :: Indicating data belongs to sensitive or special category |
||
Date Created | 2022-01-19 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DEX |
Term | SpecialCategoryPersonalData | Prefix | dpv |
---|---|---|---|
Label | Special Category Personal Data | ||
IRI | https://w3id.org/dpv#SpecialCategoryPersonalData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:SensitivePersonalData → dpv:PersonalData → dpv:Data | ||
Broader/Parent types | dpv:SensitivePersonalData → dpv:SensitiveData → dpv:Data | ||
Object of relation | dpv:hasData, dpv:hasPersonalData | ||
Definition | Sensitive Personal Data whose use requires specific additional legal permission or justification | ||
Usage Note | The term 'special category' is based on GDPR Art.9, but should not be considered as exclusive to it. DPV considers all Special Categories to also be Sensitive, but whose use is either prohibited or regulated and therefore requires additional legal basis for justification that is separate from that for general personal data. | ||
Examples | dex:E0010 :: Indicating personal data is sensitive or special categorydex:E0045 :: Indicating data belongs to sensitive or special category |
||
Source | GDPR Art.9-1 | ||
Date Created | 2019-05-07 | ||
Date Modified | 2022-01-19 | ||
Contributors | Elmar Kiesling; Harshvardhan J. Pandit, Fajar Ekaputra | ||
See More: | section PERSONAL-DATA in DEX |
Term | StatisticallyConfidentialData | Prefix | dpv |
---|---|---|---|
Label | Statistically Confidential Data | ||
IRI | https://w3id.org/dpv#StatisticallyConfidentialData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:ConfidentialData → dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data protected through Statistical Confidentiality regulations and agreements | ||
Source | |||
Date Created | 2024-02-14 | ||
See More: | section PERSONAL-DATA in DPV |
Term | SyntheticData | Prefix | dpv |
---|---|---|---|
Label | Synthetic Data | ||
IRI | https://w3id.org/dpv#SyntheticData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:GeneratedData → dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Synthetic data refers to artificially created data such that it is intended to resemble real data (personal or non-personal), but does not refer to any specific identified or identifiable individual, or to the real measure of an observable parameter in the case of non-personal data | ||
Source | ENISA Data Protection Engineering | ||
Date Created | 2022-08-18 | ||
Date Modified | 2023-12-10 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | UnverifiedData | Prefix | dpv |
---|---|---|---|
Label | Unverified Data | ||
IRI | https://w3id.org/dpv#UnverifiedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that has not been verified in terms of accuracy, inconsistency, or quality | ||
Date Created | 2022-11-02 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | VerifiedData | Prefix | dpv |
---|---|---|---|
Label | Verified Data | ||
IRI | https://w3id.org/dpv#VerifiedData | ||
Type | rdfs:Class, skos:Concept | ||
Broader/Parent types | dpv:Data | ||
Object of relation | dpv:hasData | ||
Definition | Data that has been verified in terms of accuracy, consistency, or quality | ||
Date Created | 2022-11-02 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | hasData | Prefix | dpv |
---|---|---|---|
Label | has data | ||
IRI | https://w3id.org/dpv#hasData | ||
Type | rdf:Property, skos:Concept | ||
Range includes | dpv:Data | ||
Definition | Indicates associated with Data (may or may not be personal) | ||
Date Created | 2022-08-18 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DPV |
Term | hasPersonalData | Prefix | dpv |
---|---|---|---|
Label | has personal data | ||
IRI | https://w3id.org/dpv#hasPersonalData | ||
Type | rdf:Property, skos:Concept | ||
Broader/Parent types | dpv:hasData | ||
Sub-property of | dpv:hasData | ||
Range includes | dpv:PersonalData | ||
Definition | Indicates association with Personal Data | ||
Examples | dex:E0044 :: Specifying personal data |
||
Date Created | 2022-01-19 | ||
Contributors | Harshvardhan J. Pandit | ||
See More: | section PERSONAL-DATA in DEX |
DPV uses the following terms from [RDF] and [RDFS] with their defined meanings:
The following external concepts are re-used within DPV:
The following people have contributed to this vocabulary. The names are ordered alphabetically. The affiliations are informative do not represent formal endorsements. Affiliations may be outdated. The list is generated automatically from the contributors listed for defined concepts.
The DPVCG was established as part of the SPECIAL H2020 Project, which received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731601 from 2017 to 2019.
Harshvardhan J. Pandit was funded to work on DPV from 2020 to 2022 by the Irish Research Council's Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790.
The ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106 (2018 to 2020) and Grant#13/RC/2106_P2 (2021 onwards).
The contributions of Harshvardhan J. Pandit have been made with the financial support of Science Foundation Ireland under Grant Agreement No. 13/RC/2106_P2 at the ADAPT SFI Research Centre.