DPVCG GDPR Legal Basis Vocabulary

Draft Community Group Report

Latest editor's draft:
https://w3.org/ns/dpv-gdpr
Editors:
(Trinity College Dublin)
(Vienna University of Economics and Business)
Authors:
Bert Bos (W3C/ERCIM)
Rob Brennan (Dublin City University)
Bud Bruegger (Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein)
Fajar J. Ekaputra (Vienna University of Technology)
Javier D. Fernández (Vienna University of Economics and Business)
Ramisa Gachpaz Hamed (Trinity College Dublin)
Elmar Kiesling (Vienna University of Technology)
Mark Lizar (OpenConsent/Kantara Initiative)
Eva Schlehan (Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein)
Simon Steyskal (Siemens)
Rigo Wenning (W3C/ERCIM)

Abstract

The Data Privacy Vocabulary provides terms (classes and properties) to annotate and categorize instances of legally compliant personal data handling according to the EU General Data Protection Regulation. One category of terms are the legal bases. This vocabulary provides the legal bases defined by the GDPR.

The namespace for terms for Legal Bases under GDPR is http://www.w3.org/ns/dpv-gdpr#

The suggested prefix for the GDPR Legal Bases namespace is dpv-gdpr

An ontology of Legal Bases under GDPR is available here.

The Github repository for DPV is here.

Status of This Document

This specification was published by the Data Privacy Vocabularies and Controls Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

This document was published by the Data Privacy Vocabularies and Controls Community Group (DPVCG) as a first public working draft. If you wish to make comments regarding this document, please send them to public-dpvcg@w3.org ( archived ). All comments are welcome.

If you wish to make comments regarding this document, please send them to public-dpvcg@w3.org (subscribe, archives).

Editor's note

Participation

The DPVCG requests participation regarding open issues and welcomes suggestions on their resolution or mitigation. The list of open issues and their discussions to date can be found at https://www.w3.org/community/dpvcg/track/issues/open. Specifically, the DPVCG kindly requests proposals to extend its initial taxonomies by additional terms, where these are missing or need refinements in order to describe specific use cases of personal data handling. A list of issues at the time of creating this document can be found here. Other forms of participation such as comments and feedback are also welcome.

While we welcome participation via any and all mediums - e.g. via Github pull requests or issues, emails, papers, or reports - the formal resolution of contributions will be done via the DPVCG meeting calls and mailing lists. We therefore would suggest submitting submissions there once they reach the stage for formal approval.

Interested participants should submit their suggestions, feedbacks, and comments by 15th September 2019 in order to have them formally reviewed according to the scheduled timeline.

In order to propose/approve new terms, please include the following:

  • term - suggested URI/identifier
  • class/property - is the suggested term a class or a property?
  • description - a natural language description of the term as to be included in the vocabulary to describe the term in an unambiguous manner.
  • domain/range - for properties include information about domain and range
  • superclasses/subclasses - for classes include (if applicable) information about known sub/super-classes.
  • superproperties/subproperties - for properties include (if applicable) information about known sub/super-properties.
  • related terms - include if applicable otherwise related terms from other vocabularies and explain how they are related (e.g. skos:broader/skos:narrower, rdfs:seeAlso).
  • source - mention where the new term originates from (e.g. from a legal regulation or from an existing ontology, if possible with a link confirming the reference.

1. Introduction

The Data Privacy Vocabulary provides terms (classes and properties) to annotate and categorize instances of legally compliant personal data handling. In particular, the vocabulary provides LegalBasis as a top-level concept representing the various legal basis that can be used for justifying processing of personal data. Since these legal bases are defined in legislations within the scope of legal jurisdictions, we provide the legal bases specific to GDPR as a separate aligned vocabulary.

2. Namespaces

The namespace for DPV-GDPR vocabulary is http://www.w3.org/ns/dpv-gdpr#. The table below indicates the full list of namespaces and prefixes used in this document.

Prefix Namespace
dct http://purl.org/dc/terms/
dpv http://www.w3.org/ns/dpv#
dpv-gdpr http://www.w3.org/ns/dpv-gdpr#
odrl http://www.w3.org/ns/odrl/2/
owl http://www.w3.org/2002/07/owl#
rdf http://www.w3.org/1999/02/22-rdf-syntax-ns#
rdfs http://www.w3.org/2000/01/rdf-schema#
skos http://www.w3.org/2004/02/skos/core#
spl http://www.specialprivacy.eu/langs/usage-policy#
svd http://www.specialprivacy.eu/vocabs/data#
svdu http://www.specialprivacy.eu/vocabs/duration#
svl http://www.specialprivacy.eu/vocabs/locations#
svpu http://www.specialprivacy.eu/vocabs/purposes#
svpr http://www.specialprivacy.eu/vocabs/processing#
svr http://www.specialprivacy.eu/vocabs/recipients
xsd http://www.w3.org/2001/XMLSchema#