DPVCG

Data Privacy Vocabularies and Controls Community Group (DPVCG) repository

Community Group | (W3C) wiki

Warning

NOTICE OF PLANNED MAJOR CHANGES

Major changes as described by: 1) #99 including non-personal data; and 2) #107 repo restructuring -- are planned to be implemented from 30 SEP 2023. If you wish to raise issues or objections, please do so before then.

The mission of the W3C Data Privacy Vocabularies and Controls CG (DPVCG) is to develop a taxonomy of privacy and data protection related terms, which include in particular terms from the new European General Data Protection Regulation (GDPR), such as a taxonomy of personal data as well as a classification of purposes (i.e., purposes for data collection), and events of disclosures, consent, and processing such personal data.

Newcomers to the DPV are recommended to start with the Primer to familiarise themselves with the concepts, semantics, and usefulness of the DPV.

License: All work produced by DPVCG and provided through this repo or elsewhere is provided by contributors under the W3C Document License. A copy of the license is provided in the LICENSE.md file.

Contributing: See contributing.md

Releases

latest release

Releases are provided through the GitHub feature at https://github.com/w3c/dpv/releases. These contained zipped collections of DPV specifications, modules, extensions, and accompanying documents, categorised by serialisation. Currently, the following types of releases are provided:

• dpv (dpv.zip) : The core and canocical DPV specification serialised as a SKOS collection of terms
• dpv-skos (dpv-skos.zip) : DPV serialised using RDFS and SKOS semantics
• dpv-owl (dpv-owl.zip) : DPV serialised using OWL2 semantics
• dpv (dpv.xlsx) : DPV's terms provided in a spreadsheet

Final Reports

The following vocabularies are being published as v1 and final reports of the group:

• Primer w3c/cg-reports link
• DPV w3c/cg-reports link
• DPV-GDPR w3c/cg-reports link
• DPV-PD w3c/cg-reports link
• DPV-OWL w3c/cg-reports link
• DPV-OWL-GDPR w3c/cg-reports link
• DPV-OWL-PD w3c/cg-reports link
• Guide on using DPV in OWL2 w3c/cg-reports link
• DPV-SKOS w3c/cg-reports link
• DPV-SKOS-GDPR w3c/cg-reports link
• DPV-SKOS-PD w3c/cg-reports link

DPV Family of Documents

Core documents:

• Primer for Data Privacy Vocabulary: introductory document to DPV concepts

Note: Newcomers to the DPV are strongly recommended to first read through the Primer to familiarise themselves with the semantics and concepts of DPV.

• Data Privacy Vocabulary (DPV) Specification: (this document) formal and normative description of DPV and its concepts.
• Use-Cases and Requirements
• Examples

Serialisations of DPV:

• Data Privacy Vocabulary serialised using SKOS+RDFS (DPV-SKOS): serialisation of DPV with SKOS and RDFS semantics
• Data Privacy Vocabulary serialised using OWL2 (DPV-OWL): serialisation of DPV using OWL2 semantics

Extensions to Concepts:

• GDPR Extension for Data Privacy Vocabulary (DPV-GDPR): extends DPV concepts for GDPR
• Personal Data Categories Extension for Data Privacy Vocabulary (DPV-PD)
• Legal Extension providing Jurisdictions, Laws, and Authorities for Data Privacy Vocabulary (DPV-LEGAL)
• Risk Extension providing concepts related to risk assessment and management (RISK)
• Rights Extension providing concepts related to rights (RIGHTS)

Guides and Tutorials

• Guidelines for Adoption and Use of DPV: Using DPV in OWL2

Other Resources:

• NACE Taxonomy serialised in RDFS

Related Links

• For a general overview of the Data Protection Vocabularies and Controls Community Group [DPVCG], its history, deliverables, and activities - refer to DPVCG Website.
• Cite as: The peer-reviewed article “Creating A Vocabulary for Data Privacy” presents a historical overview of the DPVCG, and describes the methodology and structure of the DPV along with describing its creation. An open-access version can be accessed here, here, and here.

Data Privacy Vocabulary (DPV)

The Data Privacy Vocabulary provides terms (classes and properties) to annotate and categorize instances of legally compliant personal data handling according to the EU General Data Protection Regulation. This scope could be extended by later versions to other data and privacy protection regulations.

The vocabulary provides terms to describe:

• purposes of processing
• personal data categories involved
• processing operations
• technical and organisational measures or restrictions applied
• legal basis used to justify processing
• information about legal basis for processing
• rights as applicable
• risks as applicable

The namespace for DPV terms is http://www.w3id.org/dpv# with suggested prefix dpv. The IRI for DPV is currently redirected to serve the files hosted in this repository from GitHub pages i.e. https://w3c.github.io/dpv/dpv/ (thanks to @bert-github for setting this up). Content-negotiation should therefore be supported for all files/serialisations of the DPV and its modules.

DPV and Modules

The term 'DPV' represents the entire vocabulary - with its concepts and terms as defined in the specification. Serialisations for this in rdf+xml, json-ld, and turtle are provided. The 'modules' in DPV are separate files for each of the hierarchies and concept taxonomies - for example 'purposes'. These are defined in the rdf folder with serialisations for each module. The core or base vocabulary or ontology is defined containing the top-level classes and data model (i.e. PersonalDataHandling).

Getting help and assistance

If you're unsure about something, or would like clarifications, or suggestions - please communicate with us or open an issue. We would be happy to help.