Data Privacy Vocabulary (DPV)

version 1

Final Community Group Report

This version:
https://www.w3.org/community/reports/dpvcg/CG-FINAL-dpv-20221205/
Latest published version:
https://w3id.org/dpv
Latest editor's draft:
https://w3id.org/dpv/ed/dpv
Editor:
Harshvardhan J. Pandit (ADAPT Centre, Dublin City University)
Former editor:
Axel Polleres (Vienna University of Economics and Business) - Until
Authors:
Axel Polleres (Vienna University of Economics and Business)
Beatriz Esteves (Universidad Politécnica de Madrid)
Bert Bos (W3C/ERCIM)
Bud Bruegger (Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein)
Elmar Kiesling (Vienna University of Technology)
Eva Schlehahn (Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein)
David Hickey (Dublin City University)
Fajar J. Ekaputra (Vienna University of Technology)
Georg P. Krog (Signatu AS)
Harshvardhan J. Pandit (ADAPT Centre, Dublin City University)
Javier D. Fernández (Vienna University of Economics and Business)
Julian Flake (University of Koblenz-Landau)
Mark Lizar (OpenConsent/Kantara Initiative)
Paul Ryan (Uniphar PLC)
Piero Bonatti (Università di Napoli Federico II)
Ramisa Gachpaz Hamed (Trinity College Dublin)
Rigo Wenning (W3C/ERCIM)
Rob Brennan (University College Dublin)
Simon Steyskal (Siemens)
Feedback:
GitHub w3c/dpv (pull requests, new issue, open issues)

The Data Privacy Vocabulary [DPV] enables expressing machine-readable metadata about the use and processing of personal data based on legislative requirements such as the General Data Protection Regulation [GDPR]. This document describes the DPV specification along with its data model.

The canonical URL for DPV is https://w3id.org/dpv which contains (this) specification. The namespace for DPV terms is https://w3id.org/dpv#, the suggested prefix is dpv, and this document along with source and releases are available at https://github.com/w3c/dpv.

DPV Family of Documents

Related Links

Status of This Document

This specification was published by the Data Privacy Vocabularies and Controls Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Final Specification Agreement (FSA) other conditions apply. Learn more about W3C Community and Business Groups.

This document is published by the Data Privacy Vocabularies and Controls Community Group (DPVCG) as a deliverable and report of its work in creating and maintaining the Data Privacy Vocabulary (DPV).

Note

Contributing to the DPV and its extensions The DPVCG welcomes participation regarding the DPV, including expansion or refinement of its terms, addressing open issues, and welcomes suggestions on their resolution or mitigation. For further information, please see the contribution section.

GitHub Issues are preferred for discussion of this specification.

1. Introduction

This document assumes the reader is familiar with DPV through the Primer for Data Privacy Vocabulary, and thus focuses on providing a topically structured documentation of concepts defined by DPV.

1.1 Semantics

DPV's terms are defined using abstract semantic notions Concept and Relation derived from SKOS concepts and semantic relations respectively. The use of relations is bounded using hasDomain and hasRange. These enable representing DPV's concepts as a thesauri, i.e. a list of concepts using SKOS, and to serialise them for different semantic models. For a summary of how these are mapped to [RDFS] & [SKOS] in [DPV-SKOS], and [OWL] in [DPV-OWL] - see Appendix.

Concept A concept
Relation A relation between concepts
hasDomain The domain of a relation
hasRange The range of a relation
isSubTypeOf A relation indicating sub-category or sub-set
isInstanceOf A relation indicating type or instance

The interpretation of DPV's concept can be done through serialisation. DPV provides two such serialisations: [DPV-OWL] that uses OWL2 and [DPV-SKOS] that uses RDFS+SKOS. The DPV Family of Documents provides an overview of all serialisations related to the DPV.

DPV consists of certain 'core concept' that are intended to be independent representations of specific information, and are distinct from other core concepts. For example, the Purpose (e.g. Optimisation) refers only to the purpose of why personal data is processed and is independent as a concept from the PersonalData (e.g. Location) or the Processing activities (e.g. collect, store) involved to carry out that purpose.

The structuring of DPV is based on providing rich and comprehensive taxonomies that group concepts together based on each core concept, e.g. taxonomy of purposes, which is reflected in the serialisation and documentation (e.g. this document). Other extentions provide additional concepts that expand DPV's concept or complement them with separation and optionality through namespaces. For a list of all DPV related documents, see document family section.

1.2 Base Vocabulary

DPV base vocabulary
Figure 1 Overview of concepts in DPV

DPV can be viewed as a hierarchical taxonomy of concepts where each core concept represents the top-most abstract concept in a tree and each of its children provide a lesser abstract or more concrete concept. For example, consider the concept of PersonalData which is the abstract representation of personal data. It can be further refined or extended as SensitivePersonalData, and further as SpecialCategoryPersonalData and then as GeneticData and so on.

From this perspective, the top-most abstract concepts are collectively referred to as the core vocabulary within DPV. The goal of the DPV is to provide a rich collection of concepts for each of top concepts so as to enable their application within real-world use-cases. The identification of what constitutes a core concept is based on the need to represent information about it in a modular and independent form, such as that required for legal compliance.

The 'Base' or 'Core' concepts in DPV represent the most relevant concepts for representing information regarding the what, how, where, who, why of personal data and its processing. Each of these concepts is further elaborated as a taxonomy of concepts in a hierarchical fashion. The DPV provides the following as 'top-level' concepts and relations to associate them with other concepts:

Concept Relation
PersonalData hasPersonalData
Purpose hasPurpose
Processing hasProcessing
DataController hasDataController
DataSubject hasDataSubject
Recipient hasRecipient
TechnicalOrganisationalMeasure hasTechnicalOrganisationalMeasure
LegalBasis hasLegalBasis
Right hasRight
Risk hasRisk
PersonalDataHandling hasPersonalDataHandling

DPV provides taxonomies for all core concepts except for PersonalDataHandling which represents an abstract concept to aid in 'grouping' the concepts with one another. The relation hasPersonalDataHandling associates a PersonalDataHandling with other concepts including itself.

1.3 Taxonomies

The rest of the document expands on the core concepts through the following taxonomies.

Further to these, there are separate extensions that provide additional concepts. These are:

2. Entities

Figure 2

DPV relies on existing well-founded interpretations for its concepts, which in this case relate to Entity as a generic universal concept and LegalEntity specifically referring to roles defined legally or within legal norms. Expanding on these, DPV provides a taxonomy of entities based on their application within laws and use-cases in the form of Legal roles, such as DataController, DataSubject, and Authority. Later, these concepts are expanded into taxonomies for different kinds of entities categorised under a common concept. For example, categories of Data Subjects such as Adult, User, or Employee; or kinds of Authorities, or categories of Organisations.

2.1 Classes

Entity | Legal Entity | Natural Person | Representative |

2.1.1 Entity

IRI https://w3id.org/dpv#Entity
Term: Entity
Label: Entity
Description: A human or non-human 'thing' that constitutes as an entity
Created:
Contributor(s): Harshvardhan J. Pandit
Examples: dex:E0027 - Describing Entities

2.1.3 Natural Person

IRI https://w3id.org/dpv#NaturalPerson
Term: NaturalPerson
Label: Natural Person
Description: A human
SubType of: dpv:Entity
Created:
Contributor(s): Harshvardhan J. Pandit

2.1.4 Representative

IRI https://w3id.org/dpv#Representative
Term: Representative
Label: Representative
Description: A representative of a legal entity
SubType of: dpv:LegalEntity
Source: GDPR Art.27
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit, Paul Ryan

2.2 Properties

has address | has contact | has entity | has name | has representative | has responsible entity | is representative for |

2.2.1 has address

IRI https://w3id.org/dpv#hasAddress
Term: hasAddress
Label: has address
Description: Specifies address of a legal entity such as street address or pin code
Domain: dpv:Entity
Range: dpv:Concept
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J.Pandit, Paul Ryan

2.2.2 has contact

IRI https://w3id.org/dpv#hasContact
Term: hasContact
Label: has contact
Description: Specifies contact details of a legal entity such as phone or email
Domain: dpv:Entity
Range: dpv:Concept
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J.Pandit, Paul Ryan

2.2.3 has entity

IRI https://w3id.org/dpv#hasEntity
Term: hasEntity
Label: has entity
Description: Indicates inclusion or applicability of an entity to some concept
Domain: dpv:Concept
Range: dpv:Entity
Created:
Contributor(s): Harshvardhan J. Pandit

2.2.4 has name

IRI https://w3id.org/dpv#hasName
Term: hasName
Label: has name
Description: Specifies name of a legal entity
Domain: dpv:Entity
Range: dpv:Concept
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J.Pandit, Paul Ryan

2.2.5 has representative

IRI https://w3id.org/dpv#hasRepresentative
Term: hasRepresentative
Label: has representative
Description: Specifies representative of the legal entity
Domain: dpv:Entity
Range: dpv:Representative
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J.Pandit, Paul Ryan

2.2.6 has responsible entity

IRI https://w3id.org/dpv#hasResponsibleEntity
Term: hasResponsibleEntity
Label: has responsible entity
Description: Specifies the indicated entity is responsible within some context
Domain: dpv:Concept
Range: dpv:Entity
Created:
Contributor(s): Harshvardhan J. Pandit

2.2.7 is representative for

IRI https://w3id.org/dpv#isRepresentativeFor
Term: isRepresentativeFor
Label: is representative for
Description: Indicates the entity is a representative for specified entity
Domain: dpv:Representative
Range: dpv:Entity
Created:
Contributor(s): Harshvardhan J. Pandit

Legal Role is the role taken on by a legal entity based on definitions or criterias from laws, regulations, or other such normative sources. Legal roles assist in representing the role and responsibility of an entity within the context of processing, and from this to determine the requirements and obligations that should apply, and their compliance or conformance.

2.3.1 Classes

Data Controller | Data Exporter | Data Importer | Data Processor | Data Protection Officer | Data Sub-Processor | Joint Data Controllers | Recipient | Third Party |

2.3.1.1 Data Controller
IRI https://w3id.org/dpv#DataController
Term: DataController
Label: Data Controller
Description: The individual or organisation that decides (or controls) the purpose(s) of processing personal data.
SubType of: dpv:LegalEntity
Note: The terms 'Controller' is usually the more common form of indicating a Data Controller. In ISO/IEC the term 'PII Controller' is used.
Source: GDPR Art.4-7g
Created:
Modified:
Contributor(s): Axel Polleres, Javier Fernández
Examples: dex:E0019 - Consent record
2.3.1.2 Data Exporter
IRI https://w3id.org/dpv#DataExporter
Term: DataExporter
Label: Data Exporter
Description: An entity that 'exports' data where exporting is considered a form of data transfer
SubType of: dpv:LegalEntity
Note: The EU, in particular the EDPB, uses data exporter the context of cross-border data transfers/flows. These concepts are not bound by jurisdictional or geopolitical scopes within DPV and can thus be used for any notion of exporting
Source: EDPB Recommendations 01/2020 on Data Transfers
Created:
Contributor(s): David Hickey, Georg Krog, Harshvardhan Pandit, Paul Ryan
2.3.1.3 Data Importer
IRI https://w3id.org/dpv#DataImporter
Term: DataImporter
Label: Data Importer
Description: An entity that 'imports' data where importing is considered a form of data transfer
SubType of: dpv:Recipient
Note: The EU, in particular the EDPB, uses data importing the context of cross-border data transfers/flows. These concepts are not bound by jurisdictional or geopolitical scopes within DPV and can thus be used for any notion of importing
Source: EDPB Recommendations 01/2020 on Data Transfers
Created:
Contributor(s): David Hickey, Georg Krog, Harshvardhan Pandit, Paul Ryan
2.3.1.4 Data Processor
IRI https://w3id.org/dpv#DataProcessor
Term: DataProcessor
Label: Data Processor
Description: A ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
SubType of: dpv:Recipient
Source: GDPR Art.4-8
Created:
Contributor(s): Harshvardhan J. Pandit
Examples: dex:E0011 - Storage Conditions
2.3.1.5 Data Protection Officer
IRI https://w3id.org/dpv#DataProtectionOfficer
Term: DataProtectionOfficer
Label: Data Protection Officer
Description: An entity within or authorised by an organisation to monitor internal compliance, inform and advise on data protection obligations and act as a contact point for data subjects and the supervisory authority.
SubType of: dpv:Representative
Source: GDPR Art.37
Created:
Modified:
Contributor(s): Georg Krog, Paul Ryan
2.3.1.6 Data Sub-Processor
IRI https://w3id.org/dpv#DataSubProcessor
Term: DataSubProcessor
Label: Data Sub-Processor
Description: A 'sub-processor' is a processor engaged by another processor
SubType of: dpv:DataProcessor
Note: sub-processor' is a commonly used term similar to 'sub-contractor' and does not have a specific legal definition
Created:
Contributor(s): Harshvardhan J. Pandit
2.3.1.7 Joint Data Controllers
IRI https://w3id.org/dpv#JointDataControllers
Term: JointDataControllers
Label: Joint Data Controllers
Description: A group of Data Controllers that jointly determine the purposes and means of processing
SubType of: dpv:DataController
Note: To indicate the membership, hasDataController may be used
Created:
Contributor(s): Georg Krog, Harshvardhan Pandit
2.3.1.8 Recipient
IRI https://w3id.org/dpv#Recipient
Term: Recipient
Label: Recipient
Description: Entities that receive personal data
SubType of: dpv:LegalEntity
Note: A recipient of personal data can be used to indicate any entity that receives personal data. This can be a Third Party, Processor (GDPR), or even a Controller.
Source: GDPR Art.4-9g, SPECIAL Project
Created:
Modified:
Contributor(s): Axel Polleres, Javier Fernández
See Also: spl:AnyRecipient
Examples: dex:E0019 - Consent record
2.3.1.9 Third Party
IRI https://w3id.org/dpv#ThirdParty
Term: ThirdParty
Label: Third Party
Description: A ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and people who, under the direct authority of the controller or processor, are authorised to process personal data.
SubType of: dpv:Recipient
Source: GDPR Art.4-10
Created:
Contributor(s): Harshvardhan J. Pandit

2.3.2 Properties

has data controller | has data exporter | has data importer | has data processor | has data protection officer | has joint data controllers | has recipient | has recipient data controller | has recipient third party |

2.3.2.1 has data controller
IRI https://w3id.org/dpv#hasDataController
Term: hasDataController
Label: has data controller
Description: Indicates association with Data Controller
Domain: dpv:Concept
Range: dpv:DataController
Created:
Contributor(s): Axel Polleres, Bud Bruegger, Harshvardhan J. Pandit, Javier Fernández, Mark Lizar
2.3.2.2 has data exporter
IRI https://w3id.org/dpv#hasDataExporter
Term: hasDataExporter
Label: has data exporter
Description: Indiciates inclusion or applicability of a LegalEntity in the role of Data Exporter
Domain: dpv:Concept
Range: dpv:DataExporter
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
2.3.2.3 has data importer
IRI https://w3id.org/dpv#hasDataImporter
Term: hasDataImporter
Label: has data importer
Description: Indiciates inclusion or applicability of a LegalEntity in the role of Data Importer
Domain: dpv:Concept
Range: dpv:DataImporter
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
2.3.2.4 has data processor
IRI https://w3id.org/dpv#hasDataProcessor
Term: hasDataProcessor
Label: has data processor
Description: Indiciates inclusion or applicability of a Data Processor
Domain: dpv:Concept
Range: dpv:DataProcessor
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
2.3.2.5 has data protection officer
IRI https://w3id.org/dpv#hasDataProtectionOfficer
Term: hasDataProtectionOfficer
Label: has data protection officer
Description: Specifices an associated data protection officer
Domain: dpv:Concept
Range: dpv:DataProtectionOfficer
Created:
Contributor(s): Paul Ryan, Rob Brennan
2.3.2.6 has joint data controllers
IRI https://w3id.org/dpv#hasJointDataControllers
Term: hasJointDataControllers
Label: has joint data controllers
Description: Indicates inclusion or applicability of a Joint Data Controller
Domain: dpv:Concept
Range: dpv:JointDataControllers
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
2.3.2.7 has recipient
IRI https://w3id.org/dpv#hasRecipient
Term: hasRecipient
Label: has recipient
Description: Indicates Recipient of Personal Data
Domain: dpv:Concept
Range: dpv:Recipient
Source: SPECIAL Project
Created:
Contributor(s): Axel Polleres, Bud Bruegger, Harshvardhan J. Pandit, Javier Fernández, Mark Lizar
2.3.2.8 has recipient data controller
IRI https://w3id.org/dpv#hasRecipientDataController
Term: hasRecipientDataController
Label: has recipient data controller
Description: Indiciates inclusion or applicability of a Data Controller as a Recipient of persona data
Domain: dpv:Concept
Range: dpv:DataController
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
2.3.2.9 has recipient third party
IRI https://w3id.org/dpv#hasRecipientThirdParty
Term: hasRecipientThirdParty
Label: has recipient third party
Description: Indiciates inclusion or applicability of a Third Party as a Recipient of persona data
Domain: dpv:Concept
Range: dpv:ThirdParty
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan

2.4 Authorities

The concept Authority is a specific Governmental Organisation authorised to enforce a law or regulation. Authorities can be associated with a specific domain, topic, or jurisdiction. DPV currently defines regional authorities for NationalAuthority, RegionalAuthority, and SupraNationalAuthority, and DataProtectionAuthority represents authorities associated with data protection and privacy. To associate authorities with concepts, the relations hasAuthority and isAuthorityFor are provided.

2.4.1 Classes

Authority | Data Protection Authority | National Authority | Regional Authority | Supra-National Authority |

2.4.1.1 Authority
IRI https://w3id.org/dpv#Authority
Term: Authority
Label: Authority
Description: An authority with the power to create or enforce laws, or determine their compliance.
SubType of: dpv:GovernmentalOrganisation, dpv:LegalEntity
Created:
Contributor(s): Georg Krog, Harshvardhan Pandit, Paul Ryan
2.4.1.2 Data Protection Authority
IRI https://w3id.org/dpv#DataProtectionAuthority
Term: DataProtectionAuthority
Label: Data Protection Authority
Description: An authority tasked with overseeing legal compliance regarding privacy and data protection laws.
SubType of: dpv:Authority
Created:
Contributor(s): Georg Krog, Harshvardhan Pandit, Paul Ryan
2.4.1.3 National Authority
IRI https://w3id.org/dpv#NationalAuthority
Term: NationalAuthority
Label: National Authority
Description: An authority tasked with overseeing legal compliance for a nation
SubType of: dpv:Authority
Source: ADMS controlled vocabulary
Created:
Contributor(s): Harshvardhan J. Pandit
2.4.1.4 Regional Authority
IRI https://w3id.org/dpv#RegionalAuthority
Term: RegionalAuthority
Label: Regional Authority
Description: An authority tasked with overseeing legal compliance for a region
SubType of: dpv:Authority
Source: ADMS controlled vocabulary
Created:
Contributor(s): Harshvardhan J. Pandit
2.4.1.5 Supra-National Authority
IRI https://w3id.org/dpv#SupraNationalAuthority
Term: SupraNationalAuthority
Label: Supra-National Authority
Description: An authority tasked with overseeing legal compliance for a supra-national union e.g. EU
SubType of: dpv:Authority
Source: ADMS controlled vocabulary
Created:
Contributor(s): Harshvardhan J. Pandit

2.4.2 Properties

has authority | is authority for |

2.4.2.1 has authority
IRI https://w3id.org/dpv#hasAuthority
Term: hasAuthority
Label: has authority
Description: Indicates applicability of authority for a jurisdiction
Domain: dpv:Concept
Range: dpv:Authority
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit
2.4.2.2 is authority for
IRI https://w3id.org/dpv#isAuthorityFor
Term: isAuthorityFor
Label: is authority for
Description: Indicates area, scope, or applicability of an Authority
Domain: dpv:Authority
Range: dpv:Concept
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

2.5 Organisation

2.5.1 Classes

Academic or Scientific Organisation | For-Profit Organisation | Governmental Organisation | Industry Consortium | International Organisation | Non-Governmental Organisation | Non-Profit Organisation | Organisation | Organisational Unit |

2.5.1.1 Academic or Scientific Organisation
IRI https://w3id.org/dpv#AcademicScientificOrganisation
Term: AcademicScientificOrganisation
Label: Academic or Scientific Organisation
Description: Organisations related to academia or scientific pursuits e.g. Universities, Schools, Research Bodies
SubType of: dpv:Organisation
Source: ADMS controlled vocabulary
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
2.5.1.2 For-Profit Organisation
IRI https://w3id.org/dpv#ForProfitOrganisation
Term: ForProfitOrganisation
Label: For-Profit Organisation
Description: An organisation that aims to achieve profit as its primary goal
SubType of: dpv:Organisation
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
2.5.1.3 Governmental Organisation
IRI https://w3id.org/dpv#GovernmentalOrganisation
Term: GovernmentalOrganisation
Label: Governmental Organisation
Description: An organisation managed or part of government
SubType of: dpv:Organisation
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
2.5.1.4 Industry Consortium
IRI https://w3id.org/dpv#IndustryConsortium
Term: IndustryConsortium
Label: Industry Consortium
Description: A consortium established and comprising on industry organisations
SubType of: dpv:Organisation
Source: ADMS controlled vocabulary
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
2.5.1.5 International Organisation
IRI https://w3id.org/dpv#InternationalOrganisation
Term: InternationalOrganisation
Label: International Organisation
Description: An organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries
SubType of: dpv:Organisation
Source: GDPR Art.4-26
Created:
Modified:
Contributor(s): Georg P. Krog, Julian Flake
2.5.1.6 Non-Governmental Organisation
IRI https://w3id.org/dpv#NonGovernmentalOrganisation
Term: NonGovernmentalOrganisation
Label: Non-Governmental Organisation
Description: An organisation not part of or independent from the government
SubType of: dpv:Organisation
Source: ADMS controlled vocabulary
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
2.5.1.7 Non-Profit Organisation
IRI https://w3id.org/dpv#NonProfitOrganisation
Term: NonProfitOrganisation
Label: Non-Profit Organisation
Description: An organisation that does not aim to achieve profit as its primary goal
SubType of: dpv:Organisation
Source: ADMS controlled vocabulary
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
2.5.1.8 Organisation
IRI https://w3id.org/dpv#Organisation
Term: Organisation
Label: Organisation
Description: A general term reflecting a company or a business or a group acting as a unit
SubType of: dpv:LegalEntity
Created:
Contributor(s): Harshvardhan J. Pandit
2.5.1.9 Organisational Unit
IRI https://w3id.org/dpv#OrganisationalUnit
Term: OrganisationalUnit
Label: Organisational Unit
Description: Entity within an organisation that does not constitute as a separate legal entity
SubType of: dpv:Entity
Created:
Contributor(s): Harshvardhan J. Pandit, Paul Ryan

2.6 Data Subjects

DPV provides a taxonomy of data subject types to assist with describing what kind of individuals or groups are associated with an use-case. Some examples of such types are agency-based roles: Adult and Child, ParentOfDataSubject, GuardianOfDataSubject; those associated with vulnerability: VulnerableDataSubject, ElderlyDataSubject, AsylumSeeker; domain-specific roles such as Patient, Employee, Student, jurisdictional roles such as Citizen, NonCitizen, Immigrant; and general roles such as User, Member, Participant, and Client.

2.6.1 Classes

Adult | Applicant | Asylum Seeker | Child | Citizen | Client | Consumer | Customer | Data Subject | Elderly Data Subject | Employee | Guardian(s) of Data Subject | Immigrant | Job Applicant | Member | Mentally Vulnerable Data Subject | Non-Citizen | Parent(s) of Data Subject | Participant | Patient | Student | Subscriber | Tourist | User | Visitor | Vulnerable Data Subject |

2.6.1.1 Adult
IRI https://w3id.org/dpv#Adult
Term: Adult
Label: Adult
Description: A natural person that is not a child i.e. has attained some legally specified age of adulthood
SubType of: dpv:DataSubject
Created:
Contributor(s): Georg Krog
2.6.1.2 Applicant
IRI https://w3id.org/dpv#Applicant
Term: Applicant
Label: Applicant
Description: Data subjects that are applicants in some context
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.3 Asylum Seeker
IRI https://w3id.org/dpv#AsylumSeeker
Term: AsylumSeeker
Label: Asylum Seeker
Description: Data subjects that are asylum seekers
SubType of: dpv:VulnerableDataSubject
Created:
Contributor(s): Georg P Krog
2.6.1.4 Child
IRI https://w3id.org/dpv#Child
Term: Child
Label: Child
Description: A 'child' is a natural legal person who is below a certain legal age depending on the legal jurisdiction.
SubType of: dpv:DataSubject
Note: The legality of age defining a child varies by jurisdiction. In addition, 'child' is distinct from a 'minor'. For example, the legal age for consumption of alcohol can be 21, which makes a person of age 20 a 'minor' in this context. In other cases, 'minor' and 'child' are used interchangeably to refer to a person below some legally defined age.
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
2.6.1.5 Citizen
IRI https://w3id.org/dpv#Citizen
Term: Citizen
Label: Citizen
Description: Data subjects that are citizens (for a jurisdiction)
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.6 Client
IRI https://w3id.org/dpv#Client
Term: Client
Label: Client
Description: Data subjects that are clients or recipients of services
SubType of: dpv:Customer
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.7 Consumer
IRI https://w3id.org/dpv#Consumer
Term: Consumer
Label: Consumer
Description: Data subjects that consume goods or services for direct use
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.8 Customer
IRI https://w3id.org/dpv#Customer
Term: Customer
Label: Customer
Description: Data subjects that purchase goods or services
SubType of: dpv:DataSubject
Note: note: for B2B relations where customers are organisations, this concept only applies for data subjects
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.9 Data Subject
IRI https://w3id.org/dpv#DataSubject
Term: DataSubject
Label: Data Subject
Description: The individual (or category of individuals) whose personal data is being processed
SubType of: dpv:LegalEntity, dpv:NaturalPerson
Note: The term 'data subject' is specific to the GDPR, but is functionally equivalent to the term 'individual' and the ISO/IEC term 'PII Principle'.
Source: GDPR Art.4-1
Created:
Modified:
Contributor(s): Axel Polleres, Javier Fernández
2.6.1.10 Elderly Data Subject
IRI https://w3id.org/dpv#ElderlyDataSubject
Term: ElderlyDataSubject
Label: Elderly Data Subject
Description: Data subjects that are considered elderly (i.e. based on age)
SubType of: dpv:VulnerableDataSubject
Created:
Contributor(s): Georg P Krog
2.6.1.11 Employee
IRI https://w3id.org/dpv#Employee
Term: Employee
Label: Employee
Description: Data subjects that are employees
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.12 Guardian(s) of Data Subject
IRI https://w3id.org/dpv#GuardianOfDataSubject
Term: GuardianOfDataSubject
Label: Guardian(s) of Data Subject
Description: Guardian(s) of data subjects such as children
SubType of: dpv:DataSubject
Created:
Contributor(s): Georg P Krog
2.6.1.13 Immigrant
IRI https://w3id.org/dpv#Immigrant
Term: Immigrant
Label: Immigrant
Description: Data subjects that are immigrants (for a jurisdiction)
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.14 Job Applicant
IRI https://w3id.org/dpv#JobApplicant
Term: JobApplicant
Label: Job Applicant
Description: Data subjects that apply for jobs or employments
SubType of: dpv:Applicant
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.15 Member
IRI https://w3id.org/dpv#Member
Term: Member
Label: Member
Description: Data subjects that are members of a group, organisation, or other collectives
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.16 Mentally Vulnerable Data Subject
IRI https://w3id.org/dpv#MentallyVulnerableDataSubject
Term: MentallyVulnerableDataSubject
Label: Mentally Vulnerable Data Subject
Description: Data subjects that are considered mentally vulnerable
SubType of: dpv:VulnerableDataSubject
Created:
Contributor(s): Georg P Krog
2.6.1.17 Non-Citizen
IRI https://w3id.org/dpv#NonCitizen
Term: NonCitizen
Label: Non-Citizen
Description: Data subjects that are not citizens (for a jurisdiction)
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.18 Parent(s) of Data Subject
IRI https://w3id.org/dpv#ParentOfDataSubject
Term: ParentOfDataSubject
Label: Parent(s) of Data Subject
Description: Parent(s) of data subjects such as children
SubType of: dpv:DataSubject
Created:
Contributor(s): Georg P Krog
2.6.1.19 Participant
IRI https://w3id.org/dpv#Participant
Term: Participant
Label: Participant
Description: Data subjects that participate in some context such as volunteers in a function
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.20 Patient
IRI https://w3id.org/dpv#Patient
Term: Patient
Label: Patient
Description: Data subjects that receive medican attention, treatment, care, advice, or other health related services
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.21 Student
IRI https://w3id.org/dpv#Student
Term: Student
Label: Student
Description: Data subjects that are students
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.22 Subscriber
IRI https://w3id.org/dpv#Subscriber
Term: Subscriber
Label: Subscriber
Description: Data subjects that subscribe to service(s)
SubType of: dpv:DataSubject
Note: note: subscriber can be customer or consumer
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.23 Tourist
IRI https://w3id.org/dpv#Tourist
Term: Tourist
Label: Tourist
Description: Data subjects that are tourists i.e. not citizens and not immigrants
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.24 User
IRI https://w3id.org/dpv#User
Term: User
Label: User
Description: Data subjects that use service(s)
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.25 Visitor
IRI https://w3id.org/dpv#Visitor
Term: Visitor
Label: Visitor
Description: Data subjects that are temporary visitors
SubType of: dpv:DataSubject
Created:
Contributor(s): Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
2.6.1.26 Vulnerable Data Subject
IRI https://w3id.org/dpv#VulnerableDataSubject
Term: VulnerableDataSubject
Label: Vulnerable Data Subject
Description: Data Subjects which should be considered 'vulnerable' and therefore would require additional measures and safeguards
SubType of: dpv:DataSubject
Note: This concept denotes a Data Subject or a group are vulnerable, but not what vulnerability they possess or its context. This information can be provided additionally as comments, or as separate concepts and relations. Proposals for this are welcome.
Created:
Contributor(s): Georg Krog, Harshvardhan Pandit, Paul Ryan

2.6.2 Properties

has data subject | has relation with data subject |

2.6.2.1 has data subject
IRI https://w3id.org/dpv#hasDataSubject
Term: hasDataSubject
Label: has data subject
Description: Indicates association with Data Subject
Domain: dpv:Concept
Range: dpv:DataSubject
Created:
Contributor(s): Axel Polleres, Bud Bruegger, Harshvardhan J. Pandit, Javier Fernández, Mark Lizar
2.6.2.2 has relation with data subject
IRI https://w3id.org/dpv#hasRelationWithDataSubject
Term: hasRelationWithDataSubject
Label: has relation with data subject
Description: Indicates the relation between specified Entity and Data Subject
Domain: dpv:Entity
Range: dpv:Concept
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

3. Purposes

Figure 3 Overview of Purpose taxonomy in DPV (click to open in new window)

DPV’s taxonomy of purposes is used to represent the reason or justification for processing of personal data. For this, purposes are organised within DPV based on how they relate to the processing of personal data in terms of several factors, such as: management functions related to information (e.g. records, account, finance), fulfilment of objectives (e.g. delivery of goods), providing goods and services (e.g. service provision), intended benefits (e.g. optimisations for service provider or consumer), and legal compliance.

3.1 Classes

Academic Research | Account Management | Advertising | Anti-Terrorism Operations | Commercial Research | Communication for Customer Care | Communication Management | Counter Money Laundering | Credit Checking | Customer Care | Customer Claims Management | Customer Management | Customer Order Management | Customer Relationship Management | Customer Solvency Monitoring | Delivery of Goods | Direct Marketing | Dispute Management | Enforce Access Control | Enforce Security | Establish Contractual Agreement | Fraud Prevention and Detection | Fulfilment of Contractual Obligation | Fulfilment of Obligation | Human Resource Management | Identity Verification | Improve Existing Products and Services | Improve Internal CRM Processes | Increase Service Robustness | Internal Resource Optimisation | Legal Compliance | Maintain Credit Checking Database | Maintain Credit Rating Database | MaintainFraudDatabase | Marketing | Members and Partners Management | Non-Commercial Research | Optimisation for Consumer | Optimisation for Controller | Optimise User Interface | Organisation Compliance Management | Organisation Governance | Organisation Risk Management | Payment Management | Personalisation | Personalised Advertising | Personalised Benefits | Personnel Hiring | Personnel Management | Personnel Payment | Provide Event Recommendations | Provide Personalised Recommendations | Provide Product Recommendations | Public Relations | Purpose | Record Management | Repair Impairments | Requested Service Provision | Research and Development | Search Functionalities | Sector | Sell Data to Third Parties | Sell Insights from Data | Sell Products | Sell Products to Data Subject | Service Optimisation | Service Personalisation | Service Provision | Service Registration | Service Usage Analytics | Social Media Marketing | Targeted Advertising | Technical Service Provision | User Interface Personalisation | Vendor Management | Vendor Payment | Vendor Records Management | Vendor Selection Assessment |

3.1.1 Academic Research

IRI https://w3id.org/dpv#AcademicResearch
Term: AcademicResearch
Label: Academic Research
Description: Purposes associated with conducting or assisting with research conducted in an academic context e.g. within universities
SubType of: dpv:ResearchAndDevelopment
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
See Also: svpu:Education

3.1.2 Account Management

IRI https://w3id.org/dpv#AccountManagement
Term: AccountManagement
Label: Account Management
Description: Account Management refers to purposes associated with account management, such as to create, provide, maintain, and manage accounts
SubType of: dpv:Purpose
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.3 Advertising

IRI https://w3id.org/dpv#Advertising
Term: Advertising
Label: Advertising
Description: Purposes associated with conducting advertising i.e. process or artefact used to call attention to a product, service, etc. through announcements, notices, or other forms of communication
SubType of: dpv:Marketing
Note: Advertising is a subset of Marketing. Advertising by itself does not indicate 'personalisation' i.e. personalised ads.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.4 Anti-Terrorism Operations

IRI https://w3id.org/dpv#AntiTerrorismOperations
Term: AntiTerrorismOperations
Label: Anti-Terrorism Operations
Description: Purposes associated with activities that detect, prevent, mitigate, or perform other activities for anti-terrorism
SubType of: dpv:EnforceSecurity
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.5 Commercial Research

IRI https://w3id.org/dpv#CommercialResearch
Term: CommercialResearch
Label: Commercial Research
Description: Purposes associated with conducting research in a commercial setting or with intention to commercialise e.g. in a company or sponsored by a company
SubType of: dpv:ResearchAndDevelopment
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
See Also: svpu:Develop

3.1.6 Communication for Customer Care

IRI https://w3id.org/dpv#CommunicationForCustomerCare
Term: CommunicationForCustomerCare
Label: Communication for Customer Care
Description: Customer Care Communication refers to purposes associated with communicating with customers for assisting them, resolving issues, ensuring satisfaction, etc. in relation to services provided
SubType of: dpv:CommunicationManagement, dpv:CustomerCare
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.7 Communication Management

IRI https://w3id.org/dpv#CommunicationManagement
Term: CommunicationManagement
Label: Communication Management
Description: Communication Management refers to purposes associated with providing or managing communication activities e.g. to send an email for notifying some information
SubType of: dpv:Purpose
Note: This purpose by itself does not sufficiently and clearly indicate what the communication is about. As such, it is recommended to combine it with another purpose to indicate the application. For example, Communication of Payment.
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.8 Counter Money Laundering

IRI https://w3id.org/dpv#CounterMoneyLaundering
Term: CounterMoneyLaundering
Label: Counter Money Laundering
Description: Purposes associated with detection, prevention, and mitigation of mitigate money laundering
SubType of: dpv:FraudPreventionAndDetection
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.9 Credit Checking

IRI https://w3id.org/dpv#CreditChecking
Term: CreditChecking
Label: Credit Checking
Description: Purposes associated with monitoring, performing, or assessing credit worthiness or solvency
SubType of: dpv:CustomerSolvencyMonitoring
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.10 Customer Care

IRI https://w3id.org/dpv#CustomerCare
Term: CustomerCare
Label: Customer Care
Description: Customer Care refers to purposes associated with purposes for providing assistance, resolving issues, ensuring satisfaction, etc. in relation to services provided
SubType of: dpv:CustomerManagement
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
See Also: svpu:Feedback

3.1.11 Customer Claims Management

IRI https://w3id.org/dpv#CustomerClaimsManagement
Term: CustomerClaimsManagement
Label: Customer Claims Management
Description: Customer Claims Management refers to purposes associated with managing claims, including repayment of monies owed
SubType of: dpv:CustomerManagement
Source: Belgian DPA ROPA Template
Created:
Contributor(s): Beatriz, Georg P Krog, Harshvardhan J. Pandit

3.1.12 Customer Management

IRI https://w3id.org/dpv#CustomerManagement
Term: CustomerManagement
Label: Customer Management
Description: Customer Management refers to purposes associated with managing activities related with past, current, and future customers
SubType of: dpv:Purpose
Created:
Contributor(s): Beatriz, Georg P Krog, Harshvardhan J. Pandit

3.1.13 Customer Order Management

IRI https://w3id.org/dpv#CustomerOrderManagement
Term: CustomerOrderManagement
Label: Customer Order Management
Description: Customer Order Management refers to purposes associated with managing customer orders i.e. processing of an order related to customer's purchase of good or services
SubType of: dpv:CustomerManagement
Source: Belgian DPA ROPA Template
Created:
Contributor(s): Beatriz, Georg P Krog, Harshvardhan J. Pandit

3.1.14 Customer Relationship Management

IRI https://w3id.org/dpv#CustomerRelationshipManagement
Term: CustomerRelationshipManagement
Label: Customer Relationship Management
Description: Customer Relationship Management refers to purposes associated with managing and analysing interactions with past, current, and potential customers
SubType of: dpv:CustomerManagement
Created:
Contributor(s): Beatriz, Georg P Krog, Harshvardhan J. Pandit

3.1.15 Customer Solvency Monitoring

IRI https://w3id.org/dpv#CustomerSolvencyMonitoring
Term: CustomerSolvencyMonitoring
Label: Customer Solvency Monitoring
Description: Customer Solvency Monitoring refers to purposes associated with monitor solvency of customers for financial diligence
SubType of: dpv:CustomerManagement
Source: Belgian DPA ROPA Template
Created:
Contributor(s): Beatriz, Georg P Krog, Harshvardhan J. Pandit

3.1.16 Delivery of Goods

IRI https://w3id.org/dpv#DeliveryOfGoods
Term: DeliveryOfGoods
Label: Delivery of Goods
Description: Purposes associated with delivering goods and services requested or asked by consumer
SubType of: dpv:RequestedServiceProvision
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
See Also: svpu:Delivery

3.1.17 Direct Marketing

IRI https://w3id.org/dpv#DirectMarketing
Term: DirectMarketing
Label: Direct Marketing
Description: Purposes associated with conducting direct marketing i.e. marketing communicated directly to the individual
SubType of: dpv:Marketing
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.18 Dispute Management

IRI https://w3id.org/dpv#DisputeManagement
Term: DisputeManagement
Label: Dispute Management
Description: Purposes associated with activities that manage disputes by natural persons, private bodies, or public authorities relevant to organisation
SubType of: dpv:OrganisationGovernance
Source: Belgian DPA ROPA Template
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.19 Enforce Access Control

IRI https://w3id.org/dpv#EnforceAccessControl
Term: EnforceAccessControl
Label: Enforce Access Control
Description: Purposes associated with conducting or enforcing access control as a form of security
SubType of: dpv:EnforceSecurity
Note: Was previously "Access Control". Prefixed to distinguish from Technical Measure.
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
See Also: svpu:Login

3.1.20 Enforce Security

IRI https://w3id.org/dpv#EnforceSecurity
Term: EnforceSecurity
Label: Enforce Security
Description: Purposes associated with ensuring and enforcing security for data, personnel, or other related matters
SubType of: dpv:Purpose
Note: Was previous "Security". Prefixed to distinguish from TechOrg measures.
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.21 Establish Contractual Agreement

IRI https://w3id.org/dpv#EstablishContractualAgreement
Term: EstablishContractualAgreement
Label: Establish Contractual Agreement
Description: Purposes associated with carrying out data processing to establish an agreement, such as for entering into a contract
SubType of: dpv:Purpose
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

3.1.22 Fraud Prevention and Detection

IRI https://w3id.org/dpv#FraudPreventionAndDetection
Term: FraudPreventionAndDetection
Label: Fraud Prevention and Detection
Description: Purposes associated with fraud detection, prevention, and mitigation
SubType of: dpv:EnforceSecurity
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
See Also: svpu:Government

3.1.23 Fulfilment of Contractual Obligation

IRI https://w3id.org/dpv#FulfilmentOfContractualObligation
Term: FulfilmentOfContractualObligation
Label: Fulfilment of Contractual Obligation
Description: Purposes associated with carrying out data processing to fulfill a contractual obligation
SubType of: dpv:FulfilmentOfObligation
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

3.1.24 Fulfilment of Obligation

IRI https://w3id.org/dpv#FulfilmentOfObligation
Term: FulfilmentOfObligation
Label: Fulfilment of Obligation
Description: Purposes associated with carrying out data processing to fulfill an obligation
SubType of: dpv:Purpose
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

3.1.25 Human Resource Management

IRI https://w3id.org/dpv#HumanResourceManagement
Term: HumanResourceManagement
Label: Human Resource Management
Description: Purposes associated with managing humans and 'human resources' within the organisation for effective and efficient operations.
SubType of: dpv:Purpose
Note: HR is a broad concept. Its management includes, amongst others - recruiting employees and intermediaries e.g. brokers, independent representatives; payroll administration, remunerations, commissions, and wages; and application of social legislation.
Source: Belgian DPA ROPA Template
Created:
Contributor(s): Beatriz Esteves, David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.26 Identity Verification

IRI https://w3id.org/dpv#IdentityVerification
Term: IdentityVerification
Label: Identity Verification
Description: Purposes associated with verifying or authorising identity as a form of security
SubType of: dpv:EnforceSecurity
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.27 Improve Existing Products and Services

IRI https://w3id.org/dpv#ImproveExistingProductsAndServices
Term: ImproveExistingProductsAndServices
Label: Improve Existing Products and Services
Description: Purposes associated with improving existing products and services
SubType of: dpv:OptimisationForController
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.28 Improve Internal CRM Processes

IRI https://w3id.org/dpv#ImproveInternalCRMProcesses
Term: ImproveInternalCRMProcesses
Label: Improve Internal CRM Processes
Description: Purposes associated with improving customer-relationship management (CRM) processes
SubType of: dpv:CustomerRelationshipManagement, dpv:OptimisationForController
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.29 Increase Service Robustness

IRI https://w3id.org/dpv#IncreaseServiceRobustness
Term: IncreaseServiceRobustness
Label: Increase Service Robustness
Description: Purposes associated with improving robustness and resilience of services
SubType of: dpv:OptimisationForController
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.30 Internal Resource Optimisation

IRI https://w3id.org/dpv#InternalResourceOptimisation
Term: InternalResourceOptimisation
Label: Internal Resource Optimisation
Description: Purposes associated with optimisation of internal resource availability and usage for organisation
SubType of: dpv:OptimisationForController
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.32 Maintain Credit Checking Database

IRI https://w3id.org/dpv#MaintainCreditCheckingDatabase
Term: MaintainCreditCheckingDatabase
Label: Maintain Credit Checking Database
Description: Purposes associated with maintaining a Credit Checking Database
SubType of: dpv:CreditChecking
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

3.1.33 Maintain Credit Rating Database

IRI https://w3id.org/dpv#MaintainCreditRatingDatabase
Term: MaintainCreditRatingDatabase
Label: Maintain Credit Rating Database
Description: Purposes associated with maintaining a Credit Rating Database
SubType of: dpv:CreditChecking
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

3.1.34 MaintainFraudDatabase

IRI https://w3id.org/dpv#MaintainFraudDatabase
Term: MaintainFraudDatabase
Label: MaintainFraudDatabase
Description: Purposes associated with maintaining a database related to identifying and identified fraud risks and fraud incidents
SubType of: dpv:FraudPreventionAndDetection
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

3.1.35 Marketing

IRI https://w3id.org/dpv#Marketing
Term: Marketing
Label: Marketing
Description: Purposes associated with conducting marketing in relation to organisation or products or services e.g. promoting, selling, and distributing
SubType of: dpv:Purpose
Note: Was commercial interest, changed to consider Marketing a separate Purpose category by itself
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.36 Members and Partners Management

IRI https://w3id.org/dpv#MemberPartnerManagement
Term: MemberPartnerManagement
Label: Members and Partners Management
Description: Purposes associated with maintaining a registry of shareholders, members, or partners for governance, administration, and management functions
SubType of: dpv:OrganisationGovernance
Source: Belgian DPA ROPA Template
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.37 Non-Commercial Research

IRI https://w3id.org/dpv#NonCommercialResearch
Term: NonCommercialResearch
Label: Non-Commercial Research
Description: Purposes associated with conducting research in a non-commercial setting e.g. for a non-profit-organisation (NGO)
SubType of: dpv:ResearchAndDevelopment
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.38 Optimisation for Consumer

IRI https://w3id.org/dpv#OptimisationForConsumer
Term: OptimisationForConsumer
Label: Optimisation for Consumer
Description: Purposes associated with optimisation of activities and services for consumer or user
SubType of: dpv:ServiceOptimisation
Note: The term optmisation here refers to the efficiency of the service in terms of technical provision (or similar means) with benefits for everybody. Personalisation implies making changes that benefit the current user or persona.
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
See Also: svpu:Custom

3.1.39 Optimisation for Controller

IRI https://w3id.org/dpv#OptimisationForController
Term: OptimisationForController
Label: Optimisation for Controller
Description: Purposes associated with optimisation of activities and services for provider or controller
SubType of: dpv:ServiceOptimisation
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.40 Optimise User Interface

IRI https://w3id.org/dpv#OptimiseUserInterface
Term: OptimiseUserInterface
Label: Optimise User Interface
Description: Purposes associated with optimisation of interfaces presented to the user
SubType of: dpv:OptimisationForConsumer
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.41 Organisation Compliance Management

IRI https://w3id.org/dpv#OrganisationComplianceManagement
Term: OrganisationComplianceManagement
Label: Organisation Compliance Management
Description: Purposes associated with managing compliance for organisation in relation to internal policies
SubType of: dpv:OrganisationGovernance
Note: Note that this concept relates to internal organisational compliance. The concept LegalCompliance should be used for external legal or regulatory compliance.
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.42 Organisation Governance

IRI https://w3id.org/dpv#OrganisationGovernance
Term: OrganisationGovernance
Label: Organisation Governance
Description: Purposes associated with conducting activities and functions for governance of an organisation
SubType of: dpv:Purpose
Source: Belgian DPA ROPA Template
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.43 Organisation Risk Management

IRI https://w3id.org/dpv#OrganisationRiskManagement
Term: OrganisationRiskManagement
Label: Organisation Risk Management
Description: Purposes associated with managing risk for organisation's activities
SubType of: dpv:OrganisationGovernance
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.44 Payment Management

IRI https://w3id.org/dpv#PaymentManagement
Term: PaymentManagement
Label: Payment Management
Description: Purposes associated with processing and managing payment in relation to service, including invoicing and records
SubType of: dpv:ServiceProvision
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.45 Personalisation

IRI https://w3id.org/dpv#Personalisation
Term: Personalisation
Label: Personalisation
Description: Purposes associated with creating and providing customisation based on attributes and/or needs of person(s) or context(s).
SubType of: dpv:Purpose
Note: This term is a blanket purpose category for indicating personalisation of some other purpose, e.g. by creating a subclass of the other concept and Personalisation
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.46 Personalised Advertising

IRI https://w3id.org/dpv#PersonalisedAdvertising
Term: PersonalisedAdvertising
Label: Personalised Advertising
Description: Purposes associated with creating and providing personalised advertising
SubType of: dpv:Advertising, dpv:Personalisation
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.47 Personalised Benefits

IRI https://w3id.org/dpv#PersonalisedBenefits
Term: PersonalisedBenefits
Label: Personalised Benefits
Description: Purposes associated with creating and providing personalised benefits for a service
SubType of: dpv:ServicePersonalisation
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.48 Personnel Hiring

IRI https://w3id.org/dpv#PersonnelHiring
Term: PersonnelHiring
Label: Personnel Hiring
Description: Purposes associated with management and execution of hiring processes of personnel
SubType of: dpv:PersonnelManagement
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.49 Personnel Management

IRI https://w3id.org/dpv#PersonnelManagement
Term: PersonnelManagement
Label: Personnel Management
Description: Purposes associated with management of personnel associated with the organisation e.g. evaluation and management of employees and intermediaries
SubType of: dpv:HumanResourceManagement
Source: Belgian DPA ROPA Template
Created:
Contributor(s): Harshvardhan J. Pandit, Paul Ryan

3.1.50 Personnel Payment

IRI https://w3id.org/dpv#PersonnelPayment
Term: PersonnelPayment
Label: Personnel Payment
Description: Purposes associated with management and execution of payment of personnel
SubType of: dpv:PersonnelManagement
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.51 Provide Event Recommendations

IRI https://w3id.org/dpv#ProvideEventRecommendations
Term: ProvideEventRecommendations
Label: Provide Event Recommendations
Description: Purposes associated with creating and providing personalised recommendations for events
SubType of: dpv:ProvidePersonalisedRecommendations
Source: SPECIAL Project
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit, Rudy Jacob

3.1.52 Provide Personalised Recommendations

IRI https://w3id.org/dpv#ProvidePersonalisedRecommendations
Term: ProvidePersonalisedRecommendations
Label: Provide Personalised Recommendations
Description: Purposes associated with creating and providing personalised recommendations
SubType of: dpv:ServicePersonalisation
Source: SPECIAL Project
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit, Rudy Jacob

3.1.53 Provide Product Recommendations

IRI https://w3id.org/dpv#ProvideProductRecommendations
Term: ProvideProductRecommendations
Label: Provide Product Recommendations
Description: Purposes associated with creating and providing product recommendations e.g. suggest similar products
SubType of: dpv:ProvidePersonalisedRecommendations
Created:
Modified:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
See Also: svpu:Marketing

3.1.54 Public Relations

IRI https://w3id.org/dpv#PublicRelations
Term: PublicRelations
Label: Public Relations
Description: Purposes associated with managing and conducting public relations processes, including creating goodwill for the organisation
SubType of: dpv:Marketing
Source: Belgian DPA ROPA Template
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.55 Purpose

IRI https://w3id.org/dpv#Purpose
Term: Purpose
Label: Purpose
Description: The purpose of processing personal data
Source: SPECIAL Project
Created:
Modified:
Contributor(s): Axel Polleres, Javier Fernández
See Also: spl:AnyPurpose
Examples: dex:E0006 - Maintaining Interoperability between Use-Cases
dex:E0009 - Adding human-readable descriptions
dex:E0010 - Using NACE codes to restrict Purposes
dex:E0014 - Derivation and inference of personal data

3.1.56 Record Management

IRI https://w3id.org/dpv#RecordManagement
Term: RecordManagement
Label: Record Management
Description: Purposes associated with manage creation, storage, and use of records relevant to operations, events, and processes e.g. to store logs or access requests
SubType of: dpv:Purpose
Note: This purpose relates specifiaclly for record creation and management. This can be combined or used along with other purposes to express intentions such as records for legal compliance or vendor payments.
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.57 Repair Impairments

IRI https://w3id.org/dpv#RepairImpairments
Term: RepairImpairments
Label: Repair Impairments
Description: Purposes associated with identifying, rectifying, or otherwise undertaking activities intended to fix or repair impairments to existing functionalities
SubType of: dpv:ServiceProvision
Note: An example of identifying and rectifying impairments is the process of finding and fixing errors in products, commonly referred to as debugging
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.58 Requested Service Provision

IRI https://w3id.org/dpv#RequestedServiceProvision
Term: RequestedServiceProvision
Label: Requested Service Provision
Description: Purposes associated with delivering services as requested by user or consumer
SubType of: dpv:ServiceProvision
Note: The use of 'request' here includes where an user explicitly asks for the service and also when an established contract requires the provision of the service
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.59 Research and Development

IRI https://w3id.org/dpv#ResearchAndDevelopment
Term: ResearchAndDevelopment
Label: Research and Development
Description: Purposes associated with conducting research and development for new methods, products, or services
SubType of: dpv:Purpose
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.60 Search Functionalities

IRI https://w3id.org/dpv#SearchFunctionalities
Term: SearchFunctionalities
Label: Search Functionalities
Description: Purposes associated with providing searching, querying, or other forms of information retrieval related functionalities
SubType of: dpv:ServiceProvision
Created:
Contributor(s): Georg P Krog

3.1.61 Sector

IRI https://w3id.org/dpv#Sector
Term: Sector
Label: Sector
Description: Sector describes the area of application or domain that indicates or restricts scope for interpretation and application of purpose e.g. Agriculture, Banking
Note: There are various sector codes used commonly to indicate the domain of an organisation or business. Examples include NACE (EU), ISIC (UN), SIC and NAICS (USA).
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
Examples: dex:E0010 - Using NACE codes to restrict Purposes

3.1.62 Sell Data to Third Parties

IRI https://w3id.org/dpv#SellDataToThirdParties
Term: SellDataToThirdParties
Label: Sell Data to Third Parties
Description: Purposes associated with selling or sharing data or information to third parties
SubType of: dpv:SellProducts
Note: Sell here means exchange, submit, or provide in return for direct or indirect compensation. Was subclass of commercial interest, changed to reflect selling something
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.63 Sell Insights from Data

IRI https://w3id.org/dpv#SellInsightsFromData
Term: SellInsightsFromData
Label: Sell Insights from Data
Description: Purposes associated with selling or sharing insights obtained from analysis of data
SubType of: dpv:SellProducts
Note: Sell here means exchange, submit, or provide in return for direct or indirect compensation. Was subclass of commercial interest, changed to reflect selling something
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.64 Sell Products

IRI https://w3id.org/dpv#SellProducts
Term: SellProducts
Label: Sell Products
Description: Purposes associated with selling products or services
SubType of: dpv:ServiceProvision
Note: Sell here means exchange, submit, or provide in return for direct or indirect compensation.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.65 Sell Products to Data Subject

IRI https://w3id.org/dpv#SellProductsToDataSubject
Term: SellProductsToDataSubject
Label: Sell Products to Data Subject
Description: Purposes associated with selling products or services to the user, consumer, or data subjects
SubType of: dpv:SellProducts
Note: Sell Products here refers to processing necessary to provide and complete a sale to customers. It should not be confused with providing services with a cost based on an established agreement.
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.66 Service Optimisation

IRI https://w3id.org/dpv#ServiceOptimisation
Term: ServiceOptimisation
Label: Service Optimisation
Description: Purposes associated with optimisation of services or activities
SubType of: dpv:ServiceProvision
Note: Subclass of ServiceProvision since optimisation is usually considered part of providing services
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.67 Service Personalisation

IRI https://w3id.org/dpv#ServicePersonalisation
Term: ServicePersonalisation
Label: Service Personalisation
Description: Purposes associated with providing personalisation within services or product or activities
SubType of: dpv:Personalisation, dpv:ServiceProvision
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.68 Service Provision

IRI https://w3id.org/dpv#ServiceProvision
Term: ServiceProvision
Label: Service Provision
Description: Purposes associated with providing service or product or activities
SubType of: dpv:Purpose
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
Examples: dex:E0018 - Notice used in an activity

3.1.69 Service Registration

IRI https://w3id.org/dpv#ServiceRegistration
Term: ServiceRegistration
Label: Service Registration
Description: Purposes associated with registering users and collecting information required for providing a service
SubType of: dpv:ServiceProvision
Note: An example of service registration is to provide a form that collects information such as preferred language or media format for downloading a movie
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.70 Service Usage Analytics

IRI https://w3id.org/dpv#ServiceUsageAnalytics
Term: ServiceUsageAnalytics
Label: Service Usage Analytics
Description: Purposes associated with conducting analysis and reporting related to usage of services or products
SubType of: dpv:ServiceProvision
Note: Was "UsageAnalytics", prefixed with Service to better reflect scope
Created:
Modified:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.71 Social Media Marketing

IRI https://w3id.org/dpv#SocialMediaMarketing
Term: SocialMediaMarketing
Label: Social Media Marketing
Description: Purposes associated with conducting marketing through social media
SubType of: dpv:Marketing
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit

3.1.72 Targeted Advertising

IRI https://w3id.org/dpv#TargetedAdvertising
Term: TargetedAdvertising
Label: Targeted Advertising
Description: Purposes associated with creating and providing pesonalised advertisement where the personalisation is targeted to a specific individual or group of individuals
SubType of: dpv:PersonalisedAdvertising
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.73 Technical Service Provision

IRI https://w3id.org/dpv#TechnicalServiceProvision
Term: TechnicalServiceProvision
Label: Technical Service Provision
Description: Purposes associated with managing and providing technical processes and functions necessary for delivering services
SubType of: dpv:ServiceProvision
Created:
Contributor(s): Harshvardhan J. Pandit

3.1.74 User Interface Personalisation

IRI https://w3id.org/dpv#UserInterfacePersonalisation
Term: UserInterfacePersonalisation
Label: User Interface Personalisation
Description: Purposes associated with personalisation of interfaces presented to the user
SubType of: dpv:ServicePersonalisation
Note: Examples of user-interface personalisation include changing the language to match the locale
Created:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal

3.1.75 Vendor Management

IRI https://w3id.org/dpv#VendorManagement
Term: VendorManagement
Label: Vendor Management
Description: Purposes associated with manage orders, payment, evaluation, and prospecting related to vendors
SubType of: dpv:Purpose
Source: Belgian DPA ROPA Template
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.76 Vendor Payment

IRI https://w3id.org/dpv#VendorPayment
Term: VendorPayment
Label: Vendor Payment
Description: Purposes associated with managing payment of vendors
SubType of: dpv:VendorManagement
Source: Belgian DPA ROPA Template
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.77 Vendor Records Management

IRI https://w3id.org/dpv#VendorRecordsManagement
Term: VendorRecordsManagement
Label: Vendor Records Management
Description: Purposes associated with managing records and orders related to vendors
SubType of: dpv:VendorManagement
Source: Belgian DPA ROPA Template
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.1.78 Vendor Selection Assessment

IRI https://w3id.org/dpv#VendorSelectionAssessment
Term: VendorSelectionAssessment
Label: Vendor Selection Assessment
Description: Purposes associated with managing selection, assessment, and evaluation related to vendors
SubType of: dpv:VendorManagement
Source: Belgian DPA ROPA Template
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

3.2 Properties

has purpose | has sector |

3.2.1 has purpose

IRI https://w3id.org/dpv#hasPurpose
Term: hasPurpose
Label: has purpose
Description: Indicates association with Purpose
Domain: dpv:Concept
Range: dpv:Purpose
Source: SPECIAL Project
Created:
Contributor(s): Axel Polleres, Bud Bruegger, Harshvardhan J. Pandit, Javier Fernández, Mark Lizar

3.2.2 has sector

IRI https://w3id.org/dpv#hasSector
Term: hasSector
Label: has sector
Description: Indicates the purpose is associated with activities in the indicated (Economic) Sector(s)
Domain: dpv:Concept
Range: dpv:Sector
Created:

4. Processing

Figure 4

DPV’s taxonomy of processing concepts reflects the variety of terms used to denote processing activities or operations involving personal data, such as those from [GDPR] Article.4-2 definition of processing. Real-world use of terms associated with processing rarely uses this same wording or terms, except in cases of specific domains and in legal documentation. On the other hand, common terms associated with processing are generally restricted to: collect, use, store, share, and delete.

DPV provides a taxonomy that aligns both the legal terminologies such as those defined by GDPR with those commonly used. For this, concepts are organised based on whether they subsume other concepts, e.g. Use is a broad concept indicating data is used, which DPV extends to define specific processing concepts for Analyse, Consult, Profiling, and Retrieving. Through this mechanism, whenever an use-case indicates it consults some data, it can be inferred that it also uses that data.

For concepts related to expressing contextual information associated with processing, such as storage conditions, automation, scale, see Processing Context and Processing Scale sections.

4.1 Classes

Access | Acquire | Adapt | Align | Alter | Analyse | Anonymise | Assess | Collect | Combine | Consult | Copy | Derive | Destruct | Disclose | Disclose by Transmission | Disseminate | Erase | Filter | Generate | Infer | Make Available | Match | Modify | Monitor | Move | Observe | Obtain | Organise | Processing | Profiling | Pseudonymise | Query | Record | Remove | Restrict | Retrieve | Screen | Share | Store | Structure | Transfer | Transform | Transmit | Use |

4.1.1 Access

IRI https://w3id.org/dpv#Access
Term: Access
Label: Access
Description: to access data
SubType of: dpv:Use
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

4.1.2 Acquire

IRI https://w3id.org/dpv#Acquire
Term: Acquire
Label: Acquire
Description: to come into possession or control of the data
SubType of: dpv:Obtain
Source: GDPR Art.4-2
Created:

4.1.3 Adapt

IRI https://w3id.org/dpv#Adapt
Term: Adapt
Label: Adapt
Description: to modify the data, often rewritten into a new form for a new use
SubType of: dpv:Transform
Source: GDPR Art.4-2
Created:

4.1.4 Align

IRI https://w3id.org/dpv#Align
Term: Align
Label: Align
Description: to adjust the data to be in relation to another data
SubType of: dpv:Transform
Source: GDPR Art.4-2
Created:

4.1.5 Alter

IRI https://w3id.org/dpv#Alter
Term: Alter
Label: Alter
Description: to change the data without changing it into something else
SubType of: dpv:Transform
Source: GDPR Art.4-2
Created:

4.1.6 Analyse

IRI https://w3id.org/dpv#Analyse
Term: Analyse
Label: Analyse
Description: to study or examine the data in detail
SubType of: dpv:Use
Source: SPECIAL Project
Created:
See Also: svpr:Analyse

4.1.7 Anonymise

IRI https://w3id.org/dpv#Anonymise
Term: Anonymise
Label: Anonymise
Description: to irreversibly alter personal data in such a way that an unique data subject can no longer be identified directly or indirectly or in combination with other data
SubType of: dpv:Transform
Source: SPECIAL Project
Created:
See Also: svpr:Anonymise

4.1.8 Assess

IRI https://w3id.org/dpv#Assess
Term: Assess
Label: Assess
Description: to assess data for some criteria
SubType of: dpv:Use
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

4.1.9 Collect

IRI https://w3id.org/dpv#Collect
Term: Collect
Label: Collect
Description: to gather data from someone
SubType of: dpv:Obtain
Source: GDPR Art.4-2, SPECIAL Project
Created:
See Also: svpr:Collect
Examples: dex:E0018 - Notice used in an activity

4.1.10 Combine

IRI https://w3id.org/dpv#Combine
Term: Combine
Label: Combine
Description: to join or merge data
SubType of: dpv:Transform
Source: GDPR Art.4-2, SPECIAL Project
Created:
See Also: svpr:Aggregate

4.1.11 Consult

IRI https://w3id.org/dpv#Consult
Term: Consult
Label: Consult
Description: to consult or query data
SubType of: dpv:Use
Source: GDPR Art.4-2, SPECIAL Project
Created:
See Also: svpr:Query

4.1.12 Copy

IRI https://w3id.org/dpv#Copy
Term: Copy
Label: Copy
Description: to produce an exact reprodution of the data
SubType of: dpv:Processing
Source: SPECIAL Project
Created:
See Also: svpr:Copy

4.1.13 Derive

IRI https://w3id.org/dpv#Derive
Term: Derive
Label: Derive
Description: to create new derivative data from the original data
SubType of: dpv:Obtain
Note: Derive indicates data is present or obtainable from existing data. For data that is created without such existence, see Infer.
Source: SPECIAL Project
Created:
See Also: svpr:Derive
Examples: dex:E0014 - Derivation and inference of personal data

4.1.14 Destruct

IRI https://w3id.org/dpv#Destruct
Term: Destruct
Label: Destruct
Description: to process data in a way it no longer exists or cannot be repaired
SubType of: dpv:Remove
Source: GDPR Art.4-2
Created:

4.1.15 Disclose

IRI https://w3id.org/dpv#Disclose
Term: Disclose
Label: Disclose
Description: to make data known
SubType of: dpv:Processing
Source: GDPR Art.4-2
Created:

4.1.16 Disclose by Transmission

IRI https://w3id.org/dpv#DiscloseByTransmission
Term: DiscloseByTransmission
Label: Disclose by Transmission
Description: to disclose data by means of transmission
SubType of: dpv:Disclose
Source: GDPR Art.4-2
Created:

4.1.17 Disseminate

IRI https://w3id.org/dpv#Disseminate
Term: Disseminate
Label: Disseminate
Description: to spread data throughout
SubType of: dpv:Disclose
Source: GDPR Art.4-2
Created:

4.1.18 Erase

IRI https://w3id.org/dpv#Erase
Term: Erase
Label: Erase
Description: to delete data
SubType of: dpv:Remove
Source: GDPR Art.4-2
Created:

4.1.19 Filter

IRI https://w3id.org/dpv#Filter
Term: Filter
Label: Filter
Description: to filter or keep data for some criteria
SubType of: dpv:Transform
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

4.1.20 Generate

IRI https://w3id.org/dpv#Generate
Term: Generate
Label: Generate
Description: to generate or create data
SubType of: dpv:Obtain
Created:
Contributor(s): Harshvardhan J. Pandit

4.1.21 Infer

IRI https://w3id.org/dpv#Infer
Term: Infer
Label: Infer
Description: to infer data from existing data
SubType of: dpv:Derive
Note: Infer indicates data that is derived without it being present or obtainable from existing data. For data that is presented, and is 'extracted' or 'obtained' from existing data, see Derive.
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
Examples: dex:E0014 - Derivation and inference of personal data

4.1.22 Make Available

IRI https://w3id.org/dpv#MakeAvailable
Term: MakeAvailable
Label: Make Available
Description: to transform or publish data to be used
SubType of: dpv:Disclose
Source: GDPR Art.4-2
Created:

4.1.23 Match

IRI https://w3id.org/dpv#Match
Term: Match
Label: Match
Description: to combine, compare, or match data from different sources
SubType of: dpv:Use
Source: A29WP WP 248 rev.01 Guideliens on DPIA
Created:
Contributor(s): Harshvardhan J. Pandit

4.1.24 Modify

IRI https://w3id.org/dpv#Modify
Term: Modify
Label: Modify
Description: to modify or change data
SubType of: dpv:Alter
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

4.1.25 Monitor

IRI https://w3id.org/dpv#Monitor
Term: Monitor
Label: Monitor
Description: to monitor data for some criteria
SubType of: dpv:Consult
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

4.1.26 Move

IRI https://w3id.org/dpv#Move
Term: Move
Label: Move
Description: to move data from one location to another including deleting the original copy
SubType of: dpv:Transfer
Source: SPECIAL Project
Created:
See Also: svpr:Move

4.1.27 Observe

IRI https://w3id.org/dpv#Observe
Term: Observe
Label: Observe
Description: to obtain data through observation
SubType of: dpv:Obtain
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

4.1.28 Obtain

IRI https://w3id.org/dpv#Obtain
Term: Obtain
Label: Obtain
Description: to solicit or gather data from someone
SubType of: dpv:Processing
Source: GDPR Art.4-2
Created:

4.1.29 Organise

IRI https://w3id.org/dpv#Organise
Term: Organise
Label: Organise
Description: to organize data for arranging or classifying
SubType of: dpv:Processing
Source: GDPR Art.4-2
Created:

4.1.30 Processing

IRI https://w3id.org/dpv#Processing
Term: Processing
Label: Processing
Description: The processing performed on personal data
Source: SPECIAL Project
Created:
Modified:
Contributor(s): Axel Polleres, Javier Fernández
See Also: spl:AnyProcessing
Examples: dex:E0005 - Combining concepts to indicate they always occur together
dex:E0011 - Storage Conditions
dex:E0014 - Derivation and inference of personal data

4.1.31 Profiling

IRI https://w3id.org/dpv#Profiling
Term: Profiling
Label: Profiling
Description: to create a profile that describes or represents a person
SubType of: dpv:Use
Source: GDPR Art.4-2
Created:

4.1.32 Pseudonymise

IRI https://w3id.org/dpv#Pseudonymise
Term: Pseudonymise
Label: Pseudonymise
Description: to replace personal identifiable information by artificial identifiers
SubType of: dpv:Transform
Source: GDPR Art.4-2
Created:
Contributor(s): 2022-10-14

4.1.33 Query

IRI https://w3id.org/dpv#Query
Term: Query
Label: Query
Description: to query or make enquiries over data
SubType of: dpv:Consult
Created:
Contributor(s): Harshvardhan J. Pandit

4.1.34 Record

IRI https://w3id.org/dpv#Record
Term: Record
Label: Record
Description: to make a record (especially media)
SubType of: dpv:Obtain
Source: GDPR Art.4-2
Created:

4.1.35 Remove

IRI https://w3id.org/dpv#Remove
Term: Remove
Label: Remove
Description: to destruct or erase data
SubType of: dpv:Processing
Source: GDPR Art.4-2
Created:

4.1.36 Restrict

IRI https://w3id.org/dpv#Restrict
Term: Restrict
Label: Restrict
Description: to apply a restriction on the processsing of specific records
SubType of: dpv:Transform
Source: GDPR Art.4-2
Created:

4.1.37 Retrieve

IRI https://w3id.org/dpv#Retrieve
Term: Retrieve
Label: Retrieve
Description: to retrieve data, often in an automated manner
SubType of: dpv:Use
Source: GDPR Art.4-2
Created:

4.1.38 Screen

IRI https://w3id.org/dpv#Screen
Term: Screen
Label: Screen
Description: to remove data for some criteria
SubType of: dpv:Transform
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

4.1.39 Share

IRI https://w3id.org/dpv#Share
Term: Share
Label: Share
Description: to give data (or a portion of it) to others
SubType of: dpv:Disclose
Source: GDPR Art.4-2
Created:

4.1.40 Store

IRI https://w3id.org/dpv#Store
Term: Store
Label: Store
Description: to keep data for future use
SubType of: dpv:Processing
Source: GDPR Art.4-2
Created:

4.1.41 Structure

IRI https://w3id.org/dpv#Structure
Term: Structure
Label: Structure
Description: to arrange data according to a structure
SubType of: dpv:Organise
Source: GDPR Art.4-2
Created:

4.1.42 Transfer

IRI https://w3id.org/dpv#Transfer
Term: Transfer
Label: Transfer
Description: to move data from one place to another
SubType of: dpv:Processing
Source: SPECIAL Project
Created:
See Also: svpr:Transfer
Examples: dex:E0020 - Controller-Processor agreement

4.1.43 Transform

IRI https://w3id.org/dpv#Transform
Term: Transform
Label: Transform
Description: to change the form or nature of data
SubType of: dpv:Processing
Source: GDPR Art.4-2
Created:

4.1.44 Transmit

IRI https://w3id.org/dpv#Transmit
Term: Transmit
Label: Transmit
Description: to send out data
SubType of: dpv:Disclose
Source: GDPR Art.4-2
Created:

4.1.45 Use

IRI https://w3id.org/dpv#Use
Term: Use
Label: Use
Description: to use data
SubType of: dpv:Processing
Source: GDPR Art.4-2
Created:

4.2 Properties

has processing |

4.2.1 has processing

IRI https://w3id.org/dpv#hasProcessing
Term: hasProcessing
Label: has processing
Description: Indicates association with Processing
Domain: dpv:Concept
Range: dpv:Processing
Source: SPECIAL Project
Created:
Contributor(s): Axel Polleres, Bud Bruegger, Harshvardhan J. Pandit, Javier Fernández, Mark Lizar

5. Personal Data

Figure 5

DPV provides the concept PersonalData and the relation hasPersonalData to indicate what categories or instances of personal data are being processed. The DPV specification only provides a structure for describing personal data, e.g. as being sensitive. For specific categories of personal data for use-cases, DPV-PD: Extension providing Personal Data Categories provides additional concepts that extend the DPV's personal data taxonomy. This separation is to enable adopters to decide whether the extension's concepts are useful to them, or to use other external vocabularies, or define their own.

In addition to Personal Data, there may be a need to represent Non-Personal Data within the same contextual use-cases. For this, DPV provides the concepts Data, NonPersonalData and SyntheticData.

To indicate data categorised based on DataSource, e.g. as "collected personal data", DPV provides: CollectedPersonalData, DerivedPersonalData, InferredPersonalData, GeneratedPersonalData, and ObservedPersonalData.

For indicating personal data which is sensitive, the concept SensitivePersonalData is provided. For indicating special categories of data, the concept SpecialCategoryPersonalData is provided. In this, the concept sensitive indicates that the data needs additional considerations (and perhaps caution) when processing, such as by increasing its security, reducing usage, or performing impact assessments. Special categories, by contrast, are a 'special' type of sensitive personal data requiring additional considerations or obligations defined in laws (or through other forms) that regulate how they should be used or prohibit their use until specific obligations are met.

To specify data is anonymised, DPV provides two concepts. AnonymisedData for when data is completely anonymised and cannot be de-anonymised, which is a subtype of NonPersonalData. And, PseudonymisedData for when data has only been partially anonymised or de-anonymisation is possible, which is a subtype of PersonalData.

5.1 Classes

Anonymised Data | Collected Personal Data | Data | Derived Personal Data | Generated Personal Data | Incorrect Data | Inferred Personal Data | Non-Personal Data | Observed Personal Data | Personal Data | Pseudonymised Data | Sensitive Personal Data | Special Category Personal Data | Synthetic Data | Unverified Data | Verified Data |

5.1.1 Anonymised Data

IRI https://w3id.org/dpv#AnonymisedData
Term: AnonymisedData
Label: Anonymised Data
Description: Personal Data that has been (fully and completely) anonymised so that it is no longer considered Personal Data
SubType of: dpv:NonPersonalData
Note: It is advised to carefully consider indicating data is fully or completely anonymised by determining whether the data by itself or in combination with other data can identify a person. Failing this condition, the data should be denoted as PseudonymisedData. To indicate data is anonymised only for a specified entity (e.g. within an organisation), the concept ContextuallyAnonymisedData (as subclass of PseudonymisedData) should be used instead of AnonymisedData.
Created:
Contributor(s): Piero Bonatti

5.1.2 Collected Personal Data

IRI https://w3id.org/dpv#CollectedPersonalData
Term: CollectedPersonalData
Label: Collected Personal Data
Description: Personal Data that has been collected from another source such as the Data Subject
SubType of: dpv:PersonalData
Note: To indicate the source of data, use the DataSource concept with the hasDataSource relation
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.3 Data

IRI https://w3id.org/dpv#Data
Term: Data
Label: Data
Description: A broad concept representing 'data' or 'information'
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.4 Derived Personal Data

IRI https://w3id.org/dpv#DerivedPersonalData
Term: DerivedPersonalData
Label: Derived Personal Data
Description: Personal Data that is obtained or derived from other data
SubType of: dpv:PersonalData
Note: Derived Data is data that is obtained through processing of existing data, e.g. deriving first name from full name. To indicate data that is derived but which was not present or evident within the source data, InferredPersonalData should be used.
Source: DPVCG
Created:
Modified:
Contributor(s): Elmar Kiesling; Harshvardhan J. Pandit, Fajar Ekaputra
See Also: svd:Derived

5.1.5 Generated Personal Data

IRI https://w3id.org/dpv#GeneratedPersonalData
Term: GeneratedPersonalData
Label: Generated Personal Data
Description: Personal Data that is generated or brought into existence without relation to existing data i.e. it is not derived or inferred from other data
SubType of: dpv:PersonalData
Note: Generated Data is used to indicate data that is produced and is not derived or inferred from other data
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.6 Incorrect Data

IRI https://w3id.org/dpv#IncorrectData
Term: IncorrectData
Label: Incorrect Data
Description: Data that is known to be incorrect or inconsistent with some quality requirements
SubType of: dpv:Data
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.7 Inferred Personal Data

IRI https://w3id.org/dpv#InferredPersonalData
Term: InferredPersonalData
Label: Inferred Personal Data
Description: Personal Data that is obtained through inference from other data
SubType of: dpv:DerivedPersonalData, dpv:GeneratedPersonalData
Note: Inferred Data is derived data generated from existing data, but which did not originally exist within it, e.g. inferring demographics from browsing history.
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.8 Non-Personal Data

IRI https://w3id.org/dpv#NonPersonalData
Term: NonPersonalData
Label: Non-Personal Data
Description: Data that is not Personal Data
SubType of: dpv:Data
Note: The term NonPersonalData is provided to distinguish between PersonalData and other data, e.g. for indicating which data is regulated by privacy laws. To specify personal data that has been anonymised, the concept AnonymisedData should be used.
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.9 Observed Personal Data

IRI https://w3id.org/dpv#ObservedPersonalData
Term: ObservedPersonalData
Label: Observed Personal Data
Description: Personal Data that has been collected through observation of the Data Subject(s)
SubType of: dpv:CollectedPersonalData
Created:
Contributor(s): Georg P Krog

5.1.10 Personal Data

IRI https://w3id.org/dpv#PersonalData
Term: PersonalData
Label: Personal Data
Description: Data directly or indirectly associated or related to an individual.
SubType of: dpv:Data
Note: This definition of personal data encompasses the concepts used in GDPR Art.4-1 for 'personal data' and ISO/IEC 2700 for 'personally identifiable information (PII)'.
Source: GDPR Art.4-1
Created:
Modified:
Contributor(s): Harshvardhan Pandit
See Also: spl:AnyData

5.1.11 Pseudonymised Data

IRI https://w3id.org/dpv#PseudonymisedData
Term: PseudonymisedData
Label: Pseudonymised Data
Description: Personal Data that has undergone a pseudonymisation process or a partial (incomplete) anonymisation process such that it is still considered Personal Data
SubType of: dpv:PersonalData
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.12 Sensitive Personal Data

IRI https://w3id.org/dpv#SensitivePersonalData
Term: SensitivePersonalData
Label: Sensitive Personal Data
Description: Personal data that is considered 'sensitive' in terms of privacy and/or impact, and therefore requires additional considerations and/or protection
SubType of: dpv:PersonalData
Note: Sensitivity' is a matter of context, and may be defined within legal frameworks. For GDPR, Special categories of personal data are considered a subset of sensitive data. To illustrate the difference between the two, consider the situation where Location data is collected, and which is considered 'sensitive' but not 'special'. As a probable rule, sensitive data require additional considerations whereas special category data requires additional legal basis / justifications.
Created:
Contributor(s): Harshvardhan J. Pandit
Examples: dex:E0015 - Indicating personal data is sensitive or special category

5.1.13 Special Category Personal Data

IRI https://w3id.org/dpv#SpecialCategoryPersonalData
Term: SpecialCategoryPersonalData
Label: Special Category Personal Data
Description: Sensitive Personal Data whose use requires specific legal permission or justification
SubType of: dpv:SensitivePersonalData
Note: The term 'special category' is based on GDPR Art.9, but should not be considered as exlusive to it. DPV considers all Special Categories to also be Sensitive, but whose use is either prohibited or regulated and therefore requires additional legal basis for justification.
Source: GDPR Art.9-1
Created:
Modified:
Contributor(s): Elmar Kiesling; Harshvardhan J. Pandit, Fajar Ekaputra
Examples: dex:E0015 - Indicating personal data is sensitive or special category

5.1.14 Synthetic Data

IRI https://w3id.org/dpv#SyntheticData
Term: SyntheticData
Label: Synthetic Data
Description: Synthetic data reffers to artificially created data such that it is intended to resemble real data (personal or non-personal), but does not refer to any specific identified or identifiable individual, or to the real measure of an observable parameter in the case of non-personal data
SubType of: dpv:Data
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.15 Unverified Data

IRI https://w3id.org/dpv#UnverifiedData
Term: UnverifiedData
Label: Unverified Data
Description: Data that has not been verified in terms of accuracy, inconsistency, or quality
SubType of: dpv:Data
Created:
Contributor(s): Harshvardhan J. Pandit

5.1.16 Verified Data

IRI https://w3id.org/dpv#VerifiedData
Term: VerifiedData
Label: Verified Data
Description: Data that has been verified in terms of accuracy, inconsistency, or quality
SubType of: dpv:Data
Created:
Contributor(s): Harshvardhan J. Pandit

5.2 Properties

has data | has personal data |

5.2.1 has data

IRI https://w3id.org/dpv#hasData
Term: hasData
Label: has data
Description: Indicates associated with Data (may or may not be personal)
Domain: dpv:Concept
Range: dpv:Data
Created:
Contributor(s): Harshvardhan J. Pandit

5.2.2 has personal data

IRI https://w3id.org/dpv#hasPersonalData
Term: hasPersonalData
Label: has personal data
Description: Indicates association with Personal Data
Domain: dpv:Concept
Range: dpv:PersonalData
Created:
Contributor(s): Harshvardhan J. Pandit

6. Tech/Org Measures

Figure 6 Overview of Technical & Organisational Measures taxonomy in DPV (click to open in new window)

DPV's taxonomy of tech/org measures are structured into two groups representing and TechnicalMeasure and OrganisationalMeasure along with specific properties for each. Each term has a dedicated taxonomy that expands upon the core idea to provide a rich list of technial and organisational measures that are intended to protect personal data (and its associated entities and consequences).

This taxonomy also includes relations that are associated with measures, such as hasNotice or hasPolicy, which are generic and can be applied to other contexts (e.g. notice for consent, policy for data storage).

6.1 Classes

Organisational Measure | Technical Measure | Technical and Organisational Measure |

6.1.1 Organisational Measure

IRI https://w3id.org/dpv#OrganisationalMeasure
Term: OrganisationalMeasure
Label: Organisational Measure
Description: Organisational measures required/followed when processing data of the declared category
SubType of: dpv:TechnicalOrganisationalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
Examples: dex:E0017 - Indicating staff training for use of Credentials

6.1.2 Technical Measure

IRI https://w3id.org/dpv#TechnicalMeasure
Term: TechnicalMeasure
Label: Technical Measure
Description: Technical measures required/followed when processing data of the declared category
SubType of: dpv:TechnicalOrganisationalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
Examples: dex:E0016 - Protecting data using encryption and access control

6.1.3 Technical and Organisational Measure

IRI https://w3id.org/dpv#TechnicalOrganisationalMeasure
Term: TechnicalOrganisationalMeasure
Label: Technical and Organisational Measure
Description: The Technical and Organisational measures used.
Created:
Modified:
Contributor(s): Bud Bruegger

6.2 Properties

has notice | has organisational measure | has policy | has technical measure | has technical and organisational measure | is policy for |

6.2.1 has notice

IRI https://w3id.org/dpv#hasNotice
Term: hasNotice
Label: has notice
Description: Indicates the use or applicability of a Notice for the specified context
Domain: dpv:Concept
Range: dpv:Notice
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

6.2.2 has organisational measure

IRI https://w3id.org/dpv#hasOrganisationalMeasure
Term: hasOrganisationalMeasure
Label: has organisational measure
Description: Indicates use or applicability of Organisational measure
Domain: dpv:Concept
Range: dpv:OrganisationalMeasure
Created:
Contributor(s): Harshvardhan J. Pandit

6.2.3 has policy

IRI https://w3id.org/dpv#hasPolicy
Term: hasPolicy
Label: has policy
Description: Indicates policy applicable or used
Domain: dpv:Concept
Range: dpv:Policy
Created:
Contributor(s): Harshvardhan J. Pandit

6.2.4 has technical measure

IRI https://w3id.org/dpv#hasTechnicalMeasure
Term: hasTechnicalMeasure
Label: has technical measure
Description: Indicates use or applicability of Technical measure
Domain: dpv:Concept
Range: dpv:TechnicalMeasure
Created:
Contributor(s): Harshvardhan J. Pandit

6.2.5 has technical and organisational measure

IRI https://w3id.org/dpv#hasTechnicalOrganisationalMeasure
Term: hasTechnicalOrganisationalMeasure
Label: has technical and organisational measure
Description: Indicates use or applicability of Technical or Organisational measure
Domain: dpv:Concept
Range: dpv:TechnicalOrganisationalMeasure
Created:
Contributor(s): Axel Polleres, Bud Bruegger, Harshvardhan J. Pandit, Javier Fernández, Mark Lizar

6.2.6 is policy for

IRI https://w3id.org/dpv#isPolicyFor
Term: isPolicyFor
Label: is policy for
Description: Indicates the context or application of policy
Domain: dpv:Policy
Range: dpv:Concept
Created:
Contributor(s): Harshvardhan J. Pandit

6.3 Technical Measures

Figure 7 Overview of Technical Measures taxonomy in DPV (click to open in new window)

Access Control Method | Activity Monitoring | Anonymisation | Asymmetric Cryptography | Asymmetric Encryption | Authentication using ABC | Authentication using PABC | Authentication Protocols | Authorisation Protocols | Biometric Authentication | Cryptographic Authentication | Cryptographic Key Management | Cryptographic Methods | Data Backup Protocols | Data Redaction | Data Sanitisation Technique | De-Identification | Deterministic Pseudonymisation | Differential Privacy | Digital Rights Management | Digital Signatures | Distributed System Security | Document Randomised Pseudonymisation | Document Security | Encryption | Encryption at Rest | Encryption in Transfer | Encryption in Use | End-to-End Encryption (E2EE) | File System Security | Fully Randomised Pseudonymisation | Hardware Security Protocols | Hash Functions | Hash-based Message Authentication Code (HMAC) | Homomorphic Encryption | Information Flow Control | Intrusion Detection System | Message Authentication Codes (MAC) | Mobile Platform Security | Monotonic Counter Pseudonymisation | Multi-Factor Authentication (MFA) | Network Proxy Routing | Network Security Protocols | Operating System Security | Password Authentication | Penetration Testing Methods | Physical Access Control Method | Post-Quantum Cryptography | Privacy Preserving Protocol | Private Information Retrieval | Pseudonymisation | Quantum Cryptography | RNG Pseudonymisation | Secret Sharing Schemes | Secure Multi-Party Computation | Security Method | Single Sign On | Symmetric Cryptography | Symmetric Encryption | Trusted Computing | Trusted Execution Environments | Usage Control | Use of Synthetic Data | Virtualisation Security | Vulnerability Testing Methods | WebBrowser Security | Web Security Protocols | Wireless Security Protocols | Zero Knowledge Authentication |

6.3.1 Access Control Method

IRI https://w3id.org/dpv#AccessControlMethod
Term: AccessControlMethod
Label: Access Control Method
Description: Methods which restrict access to a place or resource
SubType of: dpv:TechnicalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
Examples: dex:E0016 - Protecting data using encryption and access control

6.3.2 Activity Monitoring

IRI https://w3id.org/dpv#ActivityMonitoring
Term: ActivityMonitoring
Label: Activity Monitoring
Description: Monitoring of activities including assessing whether they have been successfully initiated and completed
SubType of: dpv:TechnicalMeasure
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.3 Anonymisation

IRI https://w3id.org/dpv#Anonymisation
Term: Anonymisation
Label: Anonymisation
Description: Anonymisation is the process by which data is irreversibly altered in such a way that a data subject can no longer be identified directly or indirectly, either by the entity holding the data alone or in collaboration with other entities and information sources
SubType of: dpv:Deidentification
Source: ISO 29100:2011
Created:
Modified:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.3.4 Asymmetric Cryptography

IRI https://w3id.org/dpv#AsymmetricCryptography
Term: AsymmetricCryptography
Label: Asymmetric Cryptography
Description: Use of public-key cryptography or asymmetric cryptography involving a public and private pair of keys
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.5 Asymmetric Encryption

IRI https://w3id.org/dpv#AsymmetricEncryption
Term: AsymmetricEncryption
Label: Asymmetric Encryption
Description: Use of asymmetric cryptography to encrypt data
SubType of: dpv:Encryption
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.6 Authentication using ABC

IRI https://w3id.org/dpv#Authentication-ABC
Term: Authentication-ABC
Label: Authentication using ABC
Description: Use of Attribute Based Credentials (ABC) to perform and manage authentication
SubType of: dpv:CryptographicAuthentication
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.7 Authentication using PABC

IRI https://w3id.org/dpv#Authentication-PABC
Term: Authentication-PABC
Label: Authentication using PABC
Description: Use of Privacy-enhacing Attribute Based Credentials (ABC) to perform and manage authentication
SubType of: dpv:CryptographicAuthentication
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.8 Authentication Protocols

IRI https://w3id.org/dpv#AuthenticationProtocols
Term: AuthenticationProtocols
Label: Authentication Protocols
Description: Protocols involving validation of identity i.e. authentication of a person or information
SubType of: dpv:TechnicalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.3.9 Authorisation Protocols

IRI https://w3id.org/dpv#AuthorisationProtocols
Term: AuthorisationProtocols
Label: Authorisation Protocols
Description: Protocols involving authorisation of roles or profiles to determine permission, rights, or privileges
SubType of: dpv:TechnicalMeasure
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.10 Biometric Authentication

IRI https://w3id.org/dpv#BiometricAuthentication
Term: BiometricAuthentication
Label: Biometric Authentication
Description: Use of biometric data for authentication
SubType of: dpv:AuthenticationProtocols
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.11 Cryptographic Authentication

IRI https://w3id.org/dpv#CryptographicAuthentication
Term: CryptographicAuthentication
Label: Cryptographic Authentication
Description: Use of cryptography for authentication
SubType of: dpv:AuthenticationProtocols, dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.12 Cryptographic Key Management

IRI https://w3id.org/dpv#CryptographicKeyManagement
Term: CryptographicKeyManagement
Label: Cryptographic Key Management
Description: Management of cryptographic keys, including their generation, storage, assessment, and safekeeping
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.13 Cryptographic Methods

IRI https://w3id.org/dpv#CryptographicMethods
Term: CryptographicMethods
Label: Cryptographic Methods
Description: Use of cryptographic methods to perform tasks
SubType of: dpv:TechnicalMeasure
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.14 Data Backup Protocols

IRI https://w3id.org/dpv#DataBackupProtocols
Term: DataBackupProtocols
Label: Data Backup Protocols
Description: Protocols or plans for backing up of data
SubType of: dpv:TechnicalMeasure
Created:
Contributor(s): Georg P Krog

6.3.15 Data Redaction

IRI https://w3id.org/dpv#DataRedaction
Term: DataRedaction
Label: Data Redaction
Description: Removal of sensitive information from a data or document
SubType of: dpv:DataSanitisationTechnique
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.16 Data Sanitisation Technique

IRI https://w3id.org/dpv#DataSanitisationTechnique
Term: DataSanitisationTechnique
Label: Data Sanitisation Technique
Description: Cleaning or any removal or re-organisation of elements in data based on selective criteria
SubType of: dpv:TechnicalMeasure
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.17 De-Identification

IRI https://w3id.org/dpv#Deidentification
Term: Deidentification
Label: De-Identification
Description: Removal of identity or information to reduce identifiability
SubType of: dpv:DataSanitisationTechnique
Source: NISTIR 8053
Created:
Modified:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.3.18 Deterministic Pseudonymisation

IRI https://w3id.org/dpv#DeterministicPseudonymisation
Term: DeterministicPseudonymisation
Label: Deterministic Pseudonymisation
Description: Pseudonymisation achieved through a deterministic function
SubType of: dpv:Pseudonymisation
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.19 Differential Privacy

IRI https://w3id.org/dpv#DifferentialPrivacy
Term: DifferentialPrivacy
Label: Differential Privacy
Description: Utilisation of differential privacy where information is shared as patterns or groups to withold individual elements
SubType of: dpv:CryptographicMethods
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.20 Digital Rights Management

IRI https://w3id.org/dpv#DigitalRightsManagement
Term: DigitalRightsManagement
Label: Digital Rights Management
Description: Management of access, use, and other operations associated with digital content
SubType of: dpv:TechnicalMeasure
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.21 Digital Signatures

IRI https://w3id.org/dpv#DigitalSignatures
Term: DigitalSignatures
Label: Digital Signatures
Description: Expression and authentication of identity through digital information containing cryptographic signatures
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.22 Distributed System Security

IRI https://w3id.org/dpv#DistributedSystemSecurity
Term: DistributedSystemSecurity
Label: Distributed System Security
Description: Security implementations provided using or over a distributed system
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.23 Document Randomised Pseudonymisation

IRI https://w3id.org/dpv#DocumentRandomisedPseudonymisation
Term: DocumentRandomisedPseudonymisation
Label: Document Randomised Pseudonymisation
Description: Use of randomised pseudonymisation where the same elements are assigned different values in the same document or database
SubType of: dpv:Pseudonymisation
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.24 Document Security

IRI https://w3id.org/dpv#DocumentSecurity
Term: DocumentSecurity
Label: Document Security
Description: Security measures enacted over documents to protect against tampering or restrict access
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.25 Encryption

IRI https://w3id.org/dpv#Encryption
Term: Encryption
Label: Encryption
Description: Technical measures consisting of encryption
SubType of: dpv:TechnicalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
Examples: dex:E0016 - Protecting data using encryption and access control

6.3.26 Encryption at Rest

IRI https://w3id.org/dpv#EncryptionAtRest
Term: EncryptionAtRest
Label: Encryption at Rest
Description: Encryption of data when being stored (persistent encryption)
SubType of: dpv:Encryption
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.3.27 Encryption in Transfer

IRI https://w3id.org/dpv#EncryptionInTransfer
Term: EncryptionInTransfer
Label: Encryption in Transfer
Description: Encryption of data in transit e.g. when being transferred from one location to another, including sharing
SubType of: dpv:Encryption
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.3.28 Encryption in Use

IRI https://w3id.org/dpv#EncryptionInUse
Term: EncryptionInUse
Label: Encryption in Use
Description: Encryption of data when it is being used
SubType of: dpv:Encryption
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.29 End-to-End Encryption (E2EE)

IRI https://w3id.org/dpv#EndToEndEncryption
Term: EndToEndEncryption
Label: End-to-End Encryption (E2EE)
Description: Encrypted communications where data is encrypted by the sender and decrypted by the intended receiver to prevent access to any third party
SubType of: dpv:Encryption
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.30 File System Security

IRI https://w3id.org/dpv#FileSystemSecurity
Term: FileSystemSecurity
Label: File System Security
Description: Security implemented over a file system
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.31 Fully Randomised Pseudonymisation

IRI https://w3id.org/dpv#FullyRandomisedPseudonymisation
Term: FullyRandomisedPseudonymisation
Label: Fully Randomised Pseudonymisation
Description: Use of randomised pseudonymisation where the same elements are assigned different values each time they occur
SubType of: dpv:Pseudonymisation
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.32 Hardware Security Protocols

IRI https://w3id.org/dpv#HardwareSecurityProtocols
Term: HardwareSecurityProtocols
Label: Hardware Security Protocols
Description: Security protocols implemented at or within hardware
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.33 Hash Functions

IRI https://w3id.org/dpv#HashFunctions
Term: HashFunctions
Label: Hash Functions
Description: Use of hash functions to map information or to retrieve a prior categorisation
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.34 Hash-based Message Authentication Code (HMAC)

IRI https://w3id.org/dpv#HashMessageAuthenticationCode
Term: HashMessageAuthenticationCode
Label: Hash-based Message Authentication Code (HMAC)
Description: Use of HMAC where message authentication code (MAC) utilise a cryptographic hash function and a secret cryptographic key
SubType of: dpv:CryptographicAuthentication
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.35 Homomorphic Encryption

IRI https://w3id.org/dpv#HomomorphicEncryption
Term: HomomorphicEncryption
Label: Homomorphic Encryption
Description: Use of Homomorphic encryption that permits computations on encrypted data without decrypting it
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.36 Information Flow Control

IRI https://w3id.org/dpv#InformationFlowControl
Term: InformationFlowControl
Label: Information Flow Control
Description: Use of measures to control information flows
SubType of: dpv:TechnicalMeasure
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.37 Intrusion Detection System

IRI https://w3id.org/dpv#IntrusionDetectionSystem
Term: IntrusionDetectionSystem
Label: Intrusion Detection System
Description: Use of measures to detect intrusions and other unauthorised attempts to gain access to a system
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.38 Message Authentication Codes (MAC)

IRI https://w3id.org/dpv#MessageAuthenticationCodes
Term: MessageAuthenticationCodes
Label: Message Authentication Codes (MAC)
Description: Use of cryptographic methods to authenticate messages
SubType of: dpv:CryptographicAuthentication
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.39 Mobile Platform Security

IRI https://w3id.org/dpv#MobilePlatformSecurity
Term: MobilePlatformSecurity
Label: Mobile Platform Security
Description: Security implemented over a mobile platform
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.40 Monotonic Counter Pseudonymisation

IRI https://w3id.org/dpv#MonotonicCounterPseudonymisation
Term: MonotonicCounterPseudonymisation
Label: Monotonic Counter Pseudonymisation
Description: A simple pseudonymisation method where identifiers are substituted by a number chosen by a monotonic counter
SubType of: dpv:Pseudonymisation
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

6.3.41 Multi-Factor Authentication (MFA)

IRI https://w3id.org/dpv#MultiFactorAuthentication
Term: MultiFactorAuthentication
Label: Multi-Factor Authentication (MFA)
Description: An authentication system that uses two or more methods to authenticate
SubType of: dpv:AuthenticationProtocols
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.42 Network Proxy Routing

IRI https://w3id.org/dpv#NetworkProxyRouting
Term: NetworkProxyRouting
Label: Network Proxy Routing
Description: Use of network routing using proxy
SubType of: dpv:SecurityMethod
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.43 Network Security Protocols

IRI https://w3id.org/dpv#NetworkSecurityProtocols
Term: NetworkSecurityProtocols
Label: Network Security Protocols
Description: Security implemented at or over networks protocols
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.44 Operating System Security

IRI https://w3id.org/dpv#OperatingSystemSecurity
Term: OperatingSystemSecurity
Label: Operating System Security
Description: Security implemented at or through operating systems
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.45 Password Authentication

IRI https://w3id.org/dpv#PasswordAuthentication
Term: PasswordAuthentication
Label: Password Authentication
Description: Use of passwords to perform authentication
SubType of: dpv:AuthenticationProtocols
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.46 Penetration Testing Methods

IRI https://w3id.org/dpv#PenetrationTestingMethods
Term: PenetrationTestingMethods
Label: Penetration Testing Methods
Description: Use of penetration testing to identity weaknessess and vulnerabilities through simulations
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.47 Physical Access Control Method

IRI https://w3id.org/dpv#PhysicalAccessControlMethod
Term: PhysicalAccessControlMethod
Label: Physical Access Control Method
Description: Access control applied for physical access e.g. premises or equipement
SubType of: dpv:AccessControlMethod
Created:
Contributor(s): Georg P Krog

6.3.48 Post-Quantum Cryptography

IRI https://w3id.org/dpv#PostQuantumCryptography
Term: PostQuantumCryptography
Label: Post-Quantum Cryptography
Description: Use of algorithms that are intended to be secure against cryptanalytic attack by a quantum computer
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.49 Privacy Preserving Protocol

IRI https://w3id.org/dpv#PrivacyPreservingProtocol
Term: PrivacyPreservingProtocol
Label: Privacy Preserving Protocol
Description: Use of protocols designed with the intention of provided additional guarentees regarding privacy
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.50 Private Information Retrieval

IRI https://w3id.org/dpv#PrivateInformationRetrieval
Term: PrivateInformationRetrieval
Label: Private Information Retrieval
Description: Use of cryptographic methods to retrieve a record from a system without revealing which record is retrieved
SubType of: dpv:CryptographicMethods
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.51 Pseudonymisation

IRI https://w3id.org/dpv#Pseudonymisation
Term: Pseudonymisation
Label: Pseudonymisation
Description: Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
SubType of: dpv:Deidentification
Source: GDPR Art.4-5
Created:
Modified:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.3.52 Quantum Cryptography

IRI https://w3id.org/dpv#QuantumCryptography
Term: QuantumCryptography
Label: Quantum Cryptography
Description: Cryptographic methods that utilise quantum mechanical properties to perform cryptographic tasks
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.53 RNG Pseudonymisation

IRI https://w3id.org/dpv#RNGPseudonymisation
Term: RNGPseudonymisation
Label: RNG Pseudonymisation
Description: A pseudonymisation method where identifiers are substituted by a number chosen by a Random Number Generator (RNG)
SubType of: dpv:Pseudonymisation
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

6.3.54 Secret Sharing Schemes

IRI https://w3id.org/dpv#SecretSharingSchemes
Term: SecretSharingSchemes
Label: Secret Sharing Schemes
Description: Use of secret sharing schemes where the secret can only be reconstructed through combination of sufficient number of individuals
SubType of: dpv:CryptographicMethods
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.55 Secure Multi-Party Computation

IRI https://w3id.org/dpv#SecureMultiPartyComputation
Term: SecureMultiPartyComputation
Label: Secure Multi-Party Computation
Description: Use of cryptographic methods for entities to jointly compute functions without revealing inputs
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.56 Security Method

IRI https://w3id.org/dpv#SecurityMethod
Term: SecurityMethod
Label: Security Method
Description: Methods that relate to creating and providing security
SubType of: dpv:TechnicalMeasure
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.57 Single Sign On

IRI https://w3id.org/dpv#SingleSignOn
Term: SingleSignOn
Label: Single Sign On
Description: Use of credentials or processes that enable using one set of credentials to authenticate multiple contexts.
SubType of: dpv:AuthenticationProtocols
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.3.58 Symmetric Cryptography

IRI https://w3id.org/dpv#SymmetricCryptography
Term: SymmetricCryptography
Label: Symmetric Cryptography
Description: Use of cryptography where the same keys are utilised for encryption and descryption of information
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.59 Symmetric Encryption

IRI https://w3id.org/dpv#SymmetricEncryption
Term: SymmetricEncryption
Label: Symmetric Encryption
Description: Use of symmetric cryptography to encrypt data
SubType of: dpv:Encryption
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.60 Trusted Computing

IRI https://w3id.org/dpv#TrustedComputing
Term: TrustedComputing
Label: Trusted Computing
Description: Use of cryptographic methods to restrict access and execution to trusted parties and code
SubType of: dpv:CryptographicMethods
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.61 Trusted Execution Environments

IRI https://w3id.org/dpv#TrustedExecutionEnvironments
Term: TrustedExecutionEnvironments
Label: Trusted Execution Environments
Description: Use of cryptographic methods to restrict access and execution to trusted parties and code within a dedicated execution environment
SubType of: dpv:CryptographicMethods
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.62 Usage Control

IRI https://w3id.org/dpv#UsageControl
Term: UsageControl
Label: Usage Control
Description: Management of usage, which is intended to be broader than access control and may cover trust, digital rights, or other relevant controls
SubType of: dpv:AccessControlMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.63 Use of Synthetic Data

IRI https://w3id.org/dpv#UseSyntheticData
Term: UseSyntheticData
Label: Use of Synthetic Data
Description: Use of synthetic data to preserve privacy, security, or other effects and side-effects
SubType of: dpv:SecurityMethod
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.64 Virtualisation Security

IRI https://w3id.org/dpv#VirtualisationSecurity
Term: VirtualisationSecurity
Label: Virtualisation Security
Description: Security implemented at or through virtualised environments
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.65 Vulnerability Testing Methods

IRI https://w3id.org/dpv#VulnerabilityTestingMethods
Term: VulnerabilityTestingMethods
Label: Vulnerability Testing Methods
Description: Methods that assess or discover vulnerabilities in a system
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.66 WebBrowser Security

IRI https://w3id.org/dpv#WebBrowserSecurity
Term: WebBrowserSecurity
Label: WebBrowser Security
Description: Security implemented at or over web browsers
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.67 Web Security Protocols

IRI https://w3id.org/dpv#WebSecurityProtocols
Term: WebSecurityProtocols
Label: Web Security Protocols
Description: Security implemented at or over web-based protocols
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.68 Wireless Security Protocols

IRI https://w3id.org/dpv#WirelessSecurityProtocols
Term: WirelessSecurityProtocols
Label: Wireless Security Protocols
Description: Security implemented at or over wireless communication protocols
SubType of: dpv:SecurityMethod
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.3.69 Zero Knowledge Authentication

IRI https://w3id.org/dpv#ZeroKnowledgeAuthentication
Term: ZeroKnowledgeAuthentication
Label: Zero Knowledge Authentication
Description: Authentication using Zero-Knowledge proofs
SubType of: dpv:AuthenticationProtocols, dpv:CryptographicMethods
Source: ENISA Data Protection Engineering
Created:
Contributor(s): Harshvardhan J. Pandit

6.4 Organisational Measures

Figure 8 Overview of Organisational Measures taxonomy in DPV (click to open in new window)

Assessment | Asset Management Procedures | Authorisation Procedure | Background Checks | Certification | Certification and Seal | Code of Conduct | Compliance Monitoring | Consent Notice | Consent Record | Consultation | Consultation with Authority | Consultation with Data Subject | Consultation with Data Subject Representative | Consultation with DPO | Contractual Terms | Controller-Processor Agreement | Credential Management | Cybersecurity Assessment | Cybersecurity Training | Data Processing Agreement | Data Processing Record | Data Protection Training | Data Transfer Impact Assessment | Design Standard | Disaster Recovery Procedures | Data Protection Impact Assessment (DPIA) | Educational Training | Effectiveness Determination Procedures | Governance Procedures | GuidelinesPrinciple | Identity Management Method | Impact Assessment | Incident Management Procedures | Incident Reporting Communication | Information Security Policy | Joint Data Controllers Agreement | Legal Agreement | Legitimate Interest Assessment | Logging Policies | Monitoring Policies | Non-Disclosure Agreement (NDA) | Notice | Privacy Impact Assessment | Policy | Privacy by Default | Privacy by Design | Privacy Notice | Professional Training | Records of Activities | Register of Processing Activities | Regularity of Re-certification | Review Impact Assessment | Review Procedure | Risk Management Plan | Risk Management Policy | Safeguard | Safeguard for Data Transfer | Seal | Security Assessment | Security Knowledge Training | Security Procedure | Security Role Procedures | Staff Training | Sub-Processor Agreement | Third-Party Agreement | Third Party Security Procedures | Trusted Third Party Utilisation |

6.4.1 Assessment

IRI https://w3id.org/dpv#Assessment
Term: Assessment
Label: Assessment
Description: The document, plan, or process for assessment or determination towards a purpose e.g. assessment of legality or impact assessments
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.2 Asset Management Procedures

IRI https://w3id.org/dpv#AssetManagementProcedures
Term: AssetManagementProcedures
Label: Asset Management Procedures
Description: Procedures related to management of assets
SubType of: dpv:GovernanceProcedures
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.3 Authorisation Procedure

IRI https://w3id.org/dpv#AuthorisationProcedure
Term: AuthorisationProcedure
Label: Authorisation Procedure
Description: Procedures for determining authorisation through permission or authority
SubType of: dpv:OrganisationalMeasure
Note: non-technical authorisation procedures: How is it described on an organisational level, who gets access to the data
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.4 Background Checks

IRI https://w3id.org/dpv#BackgroundChecks
Term: BackgroundChecks
Label: Background Checks
Description: Procedure where the background of an entity is assessed to identity vulnerabilities and threats due to their current or intended role
SubType of: dpv:SecurityProcedure
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.5 Certification

IRI https://w3id.org/dpv#Certification
Term: Certification
Label: Certification
Description: Certification mechanisms, seals, and marks for the purpose of demonstrating compliance
SubType of: dpv:CertificationSeal
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.6 Certification and Seal

IRI https://w3id.org/dpv#CertificationSeal
Term: CertificationSeal
Label: Certification and Seal
Description: Certifications, seals, and marks indicating compliance to regulations or practices
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.7 Code of Conduct

IRI https://w3id.org/dpv#CodeOfConduct
Term: CodeOfConduct
Label: Code of Conduct
Description: A set of rules or procedures outlining the norms and practices for conducting activities
SubType of: dpv:GuidelinesPrinciple
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.8 Compliance Monitoring

IRI https://w3id.org/dpv#ComplianceMonitoring
Term: ComplianceMonitoring
Label: Compliance Monitoring
Description: Monitoring of compliance (e.g. internal policy, regulations)
SubType of: dpv:GovernanceProcedures
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.11 Consultation

IRI https://w3id.org/dpv#Consultation
Term: Consultation
Label: Consultation
Description: Consultation is a process of receiving feedback, advice, or opinion from an external agency
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.12 Consultation with Authority

IRI https://w3id.org/dpv#ConsultationWithAuthority
Term: ConsultationWithAuthority
Label: Consultation with Authority
Description: Consultation with an authority or authoritative entity
SubType of: dpv:Consultation
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.13 Consultation with Data Subject

IRI https://w3id.org/dpv#ConsultationWithDataSubject
Term: ConsultationWithDataSubject
Label: Consultation with Data Subject
Description: Consultation with data subject(s) or their representative(s)
SubType of: dpv:Consultation
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

6.4.14 Consultation with Data Subject Representative

IRI https://w3id.org/dpv#ConsultationWithDataSubjectRepresentative
Term: ConsultationWithDataSubjectRepresentative
Label: Consultation with Data Subject Representative
Description: Consultation with representative of data subject(s)
SubType of: dpv:ConsultationWithDataSubject
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

6.4.15 Consultation with DPO

IRI https://w3id.org/dpv#ConsultationWithDPO
Term: ConsultationWithDPO
Label: Consultation with DPO
Description: Consultation with Data Protection Officer(s)
SubType of: dpv:Consultation
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

6.4.16 Contractual Terms

IRI https://w3id.org/dpv#ContractualTerms
Term: ContractualTerms
Label: Contractual Terms
Description: Contractual terms governing data handling within or with an entity
SubType of: dpv:LegalAgreement
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.17 Controller-Processor Agreement

IRI https://w3id.org/dpv#ControllerProcessorAgreement
Term: ControllerProcessorAgreement
Label: Controller-Processor Agreement
Description: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of personal data between a Data Controller and a Data Processor
SubType of: dpv:DataProcessingAgreement
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
Examples: dex:E0020 - Controller-Processor agreement
dex:E0021 - Data transfer safeguards

6.4.18 Credential Management

IRI https://w3id.org/dpv#CredentialManagement
Term: CredentialManagement
Label: Credential Management
Description: Management of credentials and their use in authorisations
SubType of: dpv:AuthorisationProcedure
Created:
Contributor(s): Georg P Krog

6.4.19 Cybersecurity Assessment

IRI https://w3id.org/dpv#CybersecurityAssessment
Term: CybersecurityAssessment
Label: Cybersecurity Assessment
Description: Assessment of cybersecurity capabilities in terms of vulnerabilities and effectiveness of controls
SubType of: dpv:Assessment, dpv:SecurityAssessment
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.20 Cybersecurity Training

IRI https://w3id.org/dpv#CybersecurityTraining
Term: CybersecurityTraining
Label: Cybersecurity Training
Description: Training methods related to cybersecurity
SubType of: dpv:StaffTraining
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.21 Data Processing Agreement

IRI https://w3id.org/dpv#DataProcessingAgreement
Term: DataProcessingAgreement
Label: Data Processing Agreement
Description: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of personal data
SubType of: dpv:LegalAgreement
Note: For specific role-based data processing agreements, see concepts for Processors and JointDataController agreements.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

6.4.22 Data Processing Record

IRI https://w3id.org/dpv#DataProcessingRecord
Term: DataProcessingRecord
Label: Data Processing Record
Description: Record of personal data processing, whether ex-ante or ex-post
SubType of: dpv:RecordsOfActivities
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.23 Data Protection Training

IRI https://w3id.org/dpv#DataProtectionTraining
Term: DataProtectionTraining
Label: Data Protection Training
Description: Training intended to increase knowledge regarding data protection
SubType of: dpv:StaffTraining
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.24 Data Transfer Impact Assessment

IRI https://w3id.org/dpv#DataTransferImpactAssessment
Term: DataTransferImpactAssessment
Label: Data Transfer Impact Assessment
Description: Impact Assessment for conducting data transfers
SubType of: dpv:ImpactAssessment
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.25 Design Standard

IRI https://w3id.org/dpv#DesignStandard
Term: DesignStandard
Label: Design Standard
Description: A set of rules or guidelines outlining criterias for design
SubType of: dpv:GuidelinesPrinciple
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.26 Disaster Recovery Procedures

IRI https://w3id.org/dpv#DisasterRecoveryProcedures
Term: DisasterRecoveryProcedures
Label: Disaster Recovery Procedures
Description: Procedures related to management of disasters and recovery
SubType of: dpv:GovernanceProcedures
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.27 Data Protection Impact Assessment (DPIA)

IRI https://w3id.org/dpv#DPIA
Term: DPIA
Label: Data Protection Impact Assessment (DPIA)
Description: A DPIA involves determining the potential and actual impact of processing activities on individuals or groups of individuals
SubType of: dpv:ImpactAssessment
Note: Top class: Impact Assessment, and DPIA is sub-class
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.28 Educational Training

IRI https://w3id.org/dpv#EducationalTraining
Term: EducationalTraining
Label: Educational Training
Description: Training methods that are intended to provide education on topic(s)
SubType of: dpv:StaffTraining
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.29 Effectiveness Determination Procedures

IRI https://w3id.org/dpv#EffectivenessDeterminationProcedures
Term: EffectivenessDeterminationProcedures
Label: Effectiveness Determination Procedures
Description: Procedures intended to determine effectiveness of other measures
SubType of: dpv:Assessment
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.30 Governance Procedures

IRI https://w3id.org/dpv#GovernanceProcedures
Term: GovernanceProcedures
Label: Governance Procedures
Description: Procedures related to governance (e.g. organisation, unit, team, process, system)
SubType of: dpv:OrganisationalMeasure
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.31 GuidelinesPrinciple

IRI https://w3id.org/dpv#GuidelinesPrinciple
Term: GuidelinesPrinciple
Label: GuidelinesPrinciple
Description: Guidelines or Principles regarding processing and operational measures
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.32 Identity Management Method

IRI https://w3id.org/dpv#IdentityManagementMethod
Term: IdentityManagementMethod
Label: Identity Management Method
Description: Management of identity and identity-based processes
SubType of: dpv:AuthorisationProcedure
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.33 Impact Assessment

IRI https://w3id.org/dpv#ImpactAssessment
Term: ImpactAssessment
Label: Impact Assessment
Description: Calculating or determining the likelihood of impact of an existing or proposed process, which can involve risks or detriments.
SubType of: dpv:Assessment
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.34 Incident Management Procedures

IRI https://w3id.org/dpv#IncidentManagementProcedures
Term: IncidentManagementProcedures
Label: Incident Management Procedures
Description: Procedures related to management of incidents
SubType of: dpv:GovernanceProcedures
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.35 Incident Reporting Communication

IRI https://w3id.org/dpv#IncidentReportingCommunication
Term: IncidentReportingCommunication
Label: Incident Reporting Communication
Description: Procedures related to management of incident reporting
SubType of: dpv:GovernanceProcedures
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.36 Information Security Policy

IRI https://w3id.org/dpv#InformationSecurityPolicy
Term: InformationSecurityPolicy
Label: Information Security Policy
Description: Policy regarding security of information
SubType of: dpv:Policy
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.37 Joint Data Controllers Agreement

IRI https://w3id.org/dpv#JointDataControllersAgreement
Term: JointDataControllersAgreement
Label: Joint Data Controllers Agreement
Description: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of personal data between Controllers within a Joint Controllers relationship
SubType of: dpv:DataProcessingAgreement
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

6.4.39 Legitimate Interest Assessment

IRI https://w3id.org/dpv#LegitimateInterestAssessment
Term: LegitimateInterestAssessment
Label: Legitimate Interest Assessment
Description: Indicates an assessment regarding the use of legitimate interest as a lawful basis by the data controller
SubType of: dpv:Assessment
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.40 Logging Policies

IRI https://w3id.org/dpv#LoggingPolicies
Term: LoggingPolicies
Label: Logging Policies
Description: Policy for logging of information
SubType of: dpv:GovernanceProcedures
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.41 Monitoring Policies

IRI https://w3id.org/dpv#MonitoringPolicies
Term: MonitoringPolicies
Label: Monitoring Policies
Description: Policy for monitoring (e.g. progress, performance)
SubType of: dpv:GovernanceProcedures
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.42 Non-Disclosure Agreement (NDA)

IRI https://w3id.org/dpv#NDA
Term: NDA
Label: Non-Disclosure Agreement (NDA)
Description: Non-disclosure Agreements e.g. preserving confidentiality of information
SubType of: dpv:LegalAgreement
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.43 Notice

IRI https://w3id.org/dpv#Notice
Term: Notice
Label: Notice
Description: A notice is an artefact for providing information, choices, or controls
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan
Examples: dex:E0025 - Consent Notice

6.4.44 Privacy Impact Assessment

IRI https://w3id.org/dpv#PIA
Term: PIA
Label: Privacy Impact Assessment
Description: Carrying out an impact assessment regarding privacy risks
SubType of: dpv:ImpactAssessment
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.45 Policy

IRI https://w3id.org/dpv#Policy
Term: Policy
Label: Policy
Description: A guidance document outlining any of: procedures, plans, principles, decisions, intent, or protocols.
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan
Examples: dex:E0017 - Indicating staff training for use of Credentials

6.4.46 Privacy by Default

IRI https://w3id.org/dpv#PrivacyByDefault
Term: PrivacyByDefault
Label: Privacy by Default
Description: Practices regarding selecting appropriate data protection and privacy measures as the 'default' in an activity or service
SubType of: dpv:GuidelinesPrinciple
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.47 Privacy by Design

IRI https://w3id.org/dpv#PrivacyByDesign
Term: PrivacyByDesign
Label: Privacy by Design
Description: Practices regarding incorporating data protection and privacy in the design of information and services
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.48 Privacy Notice

IRI https://w3id.org/dpv#PrivacyNotice
Term: PrivacyNotice
Label: Privacy Notice
Description: Represents a notice or document outlining information regarding privacy
SubType of: dpv:Notice
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan
Examples: dex:E0018 - Notice used in an activity
dex:E0025 - Consent Notice

6.4.49 Professional Training

IRI https://w3id.org/dpv#ProfessionalTraining
Term: ProfessionalTraining
Label: Professional Training
Description: Training methods that are intended to provide professional knowledge and expertise
SubType of: dpv:StaffTraining
Source: ENISA Reference Incident Classification Taxonomy 2018
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.50 Records of Activities

IRI https://w3id.org/dpv#RecordsOfActivities
Term: RecordsOfActivities
Label: Records of Activities
Description: Records of activities within some context such as maintainence tasks or governance functions
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.51 Register of Processing Activities

IRI https://w3id.org/dpv#RegisterOfProcessingActivities
Term: RegisterOfProcessingActivities
Label: Register of Processing Activities
Description: A ROPA is a document maintained by Data Controllers detailing processing activities carried out under their responsibility
SubType of: dpv:DataProcessingRecord
Note: Tied to compliance processes and documents, decide how to specify those
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.52 Regularity of Re-certification

IRI https://w3id.org/dpv#RegularityOfRecertification
Term: RegularityOfRecertification
Label: Regularity of Re-certification
Description: Policy regarding repetition or renewal of existing certification(s)
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.53 Review Impact Assessment

IRI https://w3id.org/dpv#ReviewImpactAssessment
Term: ReviewImpactAssessment
Label: Review Impact Assessment
Description: Procedures to review impact assessments in terms of continued validity, adequacy for intended purposes, and conformance of processes with findings
SubType of: dpv:ImpactAssessment, dpv:ReviewProcedure
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

6.4.54 Review Procedure

IRI https://w3id.org/dpv#ReviewProcedure
Term: ReviewProcedure
Label: Review Procedure
Description: A procedure or process that reviews the correctness and validity of other measures and processes
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

6.4.55 Risk Management Plan

IRI https://w3id.org/dpv#RiskManagementPlan
Term: RiskManagementPlan
Label: Risk Management Plan
Description: A scheme within the risk management framework specifying the approach, the management components, and resources to be applied to the management of risk
SubType of: dpv:SecurityProcedure
Source: ISO 31073:2022
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.56 Risk Management Policy

IRI https://w3id.org/dpv#RiskManagementPolicy
Term: RiskManagementPolicy
Label: Risk Management Policy
Description: A policy or statement of the overall intentions and direction of an organisation related to risk management
SubType of: dpv:Policy, dpv:SecurityProcedure
Source: ISO 31073:2022
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.57 Safeguard

IRI https://w3id.org/dpv#Safeguard
Term: Safeguard
Label: Safeguard
Description: A safeguard is a precautionary measure for the protection against or mitigation of negative effects
SubType of: dpv:OrganisationalMeasure
Note: This concept is relevant given the requirement to assert safeguards in cross-border data transfers
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.58 Safeguard for Data Transfer

IRI https://w3id.org/dpv#SafeguardForDataTransfer
Term: SafeguardForDataTransfer
Label: Safeguard for Data Transfer
Description: Represents a safeguard used for data transfer. Can include technical or organisational measures.
SubType of: dpv:Safeguard
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

6.4.59 Seal

IRI https://w3id.org/dpv#Seal
Term: Seal
Label: Seal
Description: A seal or a mark indicating proof of certification to some certification or standard
SubType of: dpv:CertificationSeal
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

6.4.60 Security Assessment

IRI https://w3id.org/dpv#SecurityAssessment
Term: SecurityAssessment
Label: Security Assessment
Description: Assessment of security intended to identity gaps, vulnerabilities, risks, and effectiveness of controls
SubType of: dpv:Assessment, dpv:SecurityProcedure
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.61 Security Knowledge Training

IRI https://w3id.org/dpv#SecurityKnowledgeTraining
Term: SecurityKnowledgeTraining
Label: Security Knowledge Training
Description: Training intended to increase knowledge regarding security
SubType of: dpv:StaffTraining
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.62 Security Procedure

IRI https://w3id.org/dpv#SecurityProcedure
Term: SecurityProcedure
Label: Security Procedure
Description: Procedures associated with assessing, implementing, and evaluating security
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.63 Security Role Procedures

IRI https://w3id.org/dpv#SecurityRoleProcedures
Term: SecurityRoleProcedures
Label: Security Role Procedures
Description: Procedures related to security roles
SubType of: dpv:SecurityProcedure
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.64 Staff Training

IRI https://w3id.org/dpv#StaffTraining
Term: StaffTraining
Label: Staff Training
Description: Practices and policies regarding training of staff members
SubType of: dpv:OrganisationalMeasure
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
Examples: dex:E0017 - Indicating staff training for use of Credentials

6.4.65 Sub-Processor Agreement

IRI https://w3id.org/dpv#SubProcessorAgreement
Term: SubProcessorAgreement
Label: Sub-Processor Agreement
Description: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of personal data between a Data Processor and a Data (Sub-)Processor
SubType of: dpv:DataProcessingAgreement
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

6.4.66 Third-Party Agreement

IRI https://w3id.org/dpv#ThirdPartyAgreement
Term: ThirdPartyAgreement
Label: Third-Party Agreement
Description: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of personal data between a Data Controller or Processor and a Third Party
SubType of: dpv:DataProcessingAgreement
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.67 Third Party Security Procedures

IRI https://w3id.org/dpv#ThirdPartySecurityProcedures
Term: ThirdPartySecurityProcedures
Label: Third Party Security Procedures
Description: Procedures related to security associated with Third Parties
SubType of: dpv:SecurityProcedure
Source: ENISA 5G Cybersecurity Standards
Created:
Contributor(s): Harshvardhan J. Pandit

6.4.68 Trusted Third Party Utilisation

IRI https://w3id.org/dpv#TrustedThirdPartyUtilisation
Term: TrustedThirdPartyUtilisation
Label: Trusted Third Party Utilisation
Description: Utilisation of a trusted third party to provide or carry out a measure
SubType of: dpv:SecurityProcedure
Source: ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Created:
Contributor(s): Harshvardhan J. Pandit

8. Context of Processing

Figure 11

8.1 Storage Conditions, Automation

This taxonomy provides concepts for representing information about storage conditions, e.g. how long the data will be stored for, its erasure, or its restoration. It also enables representing the source(s) of data, the use of automation, and the extent of human involvement within the automation.

The processing taxonomy uses the concept Store to indicate data is being stored. To specify additionally information such as its location, erasure or deletion, the generic concepts and relations associated with processing (i.e. location and duration) can be used. However, to emphasise that information about storage - such as policies, conditions, rules, or documentation - are critical on considerations of data protection and privacy as well as legal compliance, DPV provide specific concepts related to these.

The concept StorageCondition and the relation hasStorageCondition represent the general or abstract conditions associated with storage of data. This is specialised to indicate StorageDuration, StorageDeletion, StorageRestoration, and StorageLocation. This enables a document to directly specify information such as: "storage duration is 6 months" or "storage restoration uses 3 geo-distinct backup servers".

For declaring the source of data, the DataSource concept along with hasDataSource relationship is provided to indicate where the data is collected or acquired from. For example, data can be obtained from the data subject directly (e.g. given via forms) or indirectly (e.g observed from activity, or inferred from existing data), or from another entity such as a third party.

DPV provides AutomationOfProcessing to represent the degree of automation, and the relation hasProcessingAutomation to associate it with contextual concepts. The degrees of automation are represented by FullyAutomatedProcessing, PartiallyAutomatedProcessing, and CompletelyManualProcessing.

To represent how humans are involved, the concept HumanInvolvement and relation hasHumanInvolvement are provided. Specific types of HumanInvolvement include HumanInvolvementForOversight, and HumanInvolvementForVerification.

To indicate more specific applications: DecisionMaking and AutomatedDecisionMaking refer to use of processing to make decisions, AlgorithmicLogic for explaining the use of algorithms and specifics of processing logic, EvaluationScoring to indicate the processing evaluates or assigns scores (or metrics), InnovativeUseOfNewTechnologies to indicate there are innovative uses of novel technologies, and SystematicMonitoring to indicate the processing performs a systematic (or systemic) monitoring. These additional concepts are intended to model areas or topics that are considered sensitive or high-risk or require caution.

8.1.1 Classes

Algorithmic Logic | Automated Decision Making | Automated Processing with Human Input | Automated Processing with Human Oversight | Automated Processing with Human Review | Automation of Processing | Completely Manual Processing | dpv:DataController | Data published by Data Subject | Data Source | dpv:DataSubject | Decision Making | Evaluation of Individuals | Evaluation and Scoring | Fully Automated Processing | Human Involvement | Human Involvement for Input | Human Involvement for Oversight | Human Involvement for Verification | Innovative Use of New Technologies | Non-Public Data Source | Partially Automated Processing | Processing Context | Public Data Source | Scoring of Individuals | Storage Condition | Storage Deletion | Storage Duration | Storage Location | Storage Restoration | Systematic Monitoring | dpv:ThirdParty |

8.1.1.1 Algorithmic Logic
IRI https://w3id.org/dpv#AlgorithmicLogic
Term: AlgorithmicLogic
Label: Algorithmic Logic
Description: The algorithmic logic applied or used
SubType of: dpv:AutomationOfProcessing
Note: Algorithmic Logic is intended as a broad concept for explaining the use of algorithms and automated decisions making within Processing. To describe the actual algorithm, see the Algorithm concept.
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
8.1.1.2 Automated Decision Making
IRI https://w3id.org/dpv#AutomatedDecisionMaking
Term: AutomatedDecisionMaking
Label: Automated Decision Making
Description: Processing that involves automated decision making
SubType of: dpv:AutomationOfProcessing, dpv:DecisionMaking
Note: Automated decision making can be defined as “the ability to make decisions by technological means without human involvement.” (“Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01)”, 2018, p. 8)
Source: GDPR Art.4-2
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit, Piero Bonatti
8.1.1.3 Automated Processing with Human Input
IRI https://w3id.org/dpv#AutomatedProcessingWithHumanInput
Term: AutomatedProcessingWithHumanInput
Label: Automated Processing with Human Input
Description: Processing that is automated and involves inputs by Humans
Instance of: dpv:AutomationOfProcessing, dpv:HumanInvolvementForInput
Note: For example, an algorithm that takes inputs from humans and performs operations based on them
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
8.1.1.4 Automated Processing with Human Oversight
IRI https://w3id.org/dpv#AutomatedProcessingWithHumanOversight
Term: AutomatedProcessingWithHumanOversight
Label: Automated Processing with Human Oversight
Description: Processing that is automated and involves oversight by Humans
Instance of: dpv:AutomationOfProcessing, dpv:HumanInvolvementForOversight
Note: For example, a human watching metrics to ensure correctness of procedural values and outputs as processing takes place
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
8.1.1.5 Automated Processing with Human Review
IRI https://w3id.org/dpv#AutomatedProcessingWithHumanReview
Term: AutomatedProcessingWithHumanReview
Label: Automated Processing with Human Review
Description: Processing that is automated and involves review by Humans
Instance of: dpv:AutomationOfProcessing, dpv:HumanInvolvementForVerification
Note: For example, a human verifying outputs of an algorithm for correctness or impact to individuals
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
8.1.1.6 Automation of Processing
IRI https://w3id.org/dpv#AutomationOfProcessing
Term: AutomationOfProcessing
Label: Automation of Processing
Description: Contextual information about the degree of automation and human involvement associated with Processing
SubType of: dpv:ProcessingContext
Note: It is difficult to provide a formal definition of automation since any and all processing may be considered automation. This concept instead is intended to explicitly signal the utilisation of automation and its extent towards some context - such as decision making, and to indicate the involvement of humans.
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.7 Completely Manual Processing
IRI https://w3id.org/dpv#CompletelyManualProcessing
Term: CompletelyManualProcessing
Label: Completely Manual Processing
Description: Processing that is completely un-automated or fully manual
Instance of: dpv:AutomationOfProcessing
Note: For example, a human performing some processing operation
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.8 dpv:DataController
IRI https://w3id.org/dpv#DataController
Term: dpv:DataController
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:An Data Controller can be a Data Source, e.g. a Controller inferring data or generating data
8.1.1.9 Data published by Data Subject
IRI https://w3id.org/dpv#DataPublishedByDataSubject
Term: DataPublishedByDataSubject
Label: Data published by Data Subject
Description: Data is published by the data subject
Instance of: dpv:DataSource
Note: This refers to where that data was made publicly available by the data subject. An example of this would be a social media profile that the data subject has made publicly accessible.
Created:
Contributor(s): Julian Flake
8.1.1.10 Data Source
IRI https://w3id.org/dpv#DataSource
Term: DataSource
Label: Data Source
Description: The source or origin of data
SubType of: dpv:ProcessingContext
Note: Source' is the direct point of data collection; 'origin' would indicate the original/others points of where the data originates from.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit
Examples: dex:E0012 - Data Sources
dex:E0020 - Controller-Processor agreement
8.1.1.11 dpv:DataSubject
IRI https://w3id.org/dpv#DataSubject
Term: dpv:DataSubject
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:A Data Subject as a Data Source, e.g. when data is collected via a form or observed from their activities
8.1.1.12 Decision Making
IRI https://w3id.org/dpv#DecisionMaking
Term: DecisionMaking
Label: Decision Making
Description: Processing that involves decision making
SubType of: dpv:ProcessingContext
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.13 Evaluation of Individuals
IRI https://w3id.org/dpv#EvaluationOfIndividuals
Term: EvaluationOfIndividuals
Label: Evaluation of Individuals
Description: Processing that involves evaluation of individuals
SubType of: dpv:EvaluationScoring
Source: GDPR Art.4-2
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
8.1.1.14 Evaluation and Scoring
IRI https://w3id.org/dpv#EvaluationScoring
Term: EvaluationScoring
Label: Evaluation and Scoring
Description: Processing that involves evaluation and scoring of individuals
SubType of: dpv:ProcessingContext
Source: GDPR Art.4-2
Created:
Contributor(s): Harshvardhan J. Pandit, Piero Bonatti
8.1.1.15 Fully Automated Processing
IRI https://w3id.org/dpv#FullyAutomatedProcessing
Term: FullyAutomatedProcessing
Label: Fully Automated Processing
Description: Processing that is fully automated
Instance of: dpv:AutomationOfProcessing
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.16 Human Involvement
IRI https://w3id.org/dpv#HumanInvolvement
Term: HumanInvolvement
Label: Human Involvement
Description: The involvement of humans in specified context
SubType of: dpv:AutomationOfProcessing
Note: Human Involvement here broadly refers to any involvement by a human in the context of carrying out processing. This may include verification of outcomes, providing input data for making decisions, or overseeing activities.
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
8.1.1.17 Human Involvement for Input
IRI https://w3id.org/dpv#HumanInvolvementForInput
Term: HumanInvolvementForInput
Label: Human Involvement for Input
Description: Human involvement for the purposes of providing inputs
Instance of: dpv:HumanInvolvement
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.18 Human Involvement for Oversight
IRI https://w3id.org/dpv#HumanInvolvementForOversight
Term: HumanInvolvementForOversight
Label: Human Involvement for Oversight
Description: Human involvement for the purposes of having oversight over a system, its operations, inputs, or outputs
Instance of: dpv:HumanInvolvement
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.19 Human Involvement for Verification
IRI https://w3id.org/dpv#HumanInvolvementForVerification
Term: HumanInvolvementForVerification
Label: Human Involvement for Verification
Description: Human involvement for the purposes of verification of a system, its operations, inputs, or outputs
Instance of: dpv:HumanInvolvement
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.20 Innovative Use of New Technologies
IRI https://w3id.org/dpv#InnovativeUseOfNewTechnologies
Term: InnovativeUseOfNewTechnologies
Label: Innovative Use of New Technologies
Description: Processing that involves use of innovative and new technologies
SubType of: dpv:ProcessingContext
Source: GDPR Art.4-2
Created:
Contributor(s): Harshvardhan J. Pandit, Piero Bonatti
8.1.1.21 Non-Public Data Source
IRI https://w3id.org/dpv#NonPublicDataSource
Term: NonPublicDataSource
Label: Non-Public Data Source
Description: A source of data that is not publicly accessible or available
Instance of: dpv:DataSource
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
8.1.1.22 Partially Automated Processing
IRI https://w3id.org/dpv#PartiallyAutomatedProcessing
Term: PartiallyAutomatedProcessing
Label: Partially Automated Processing
Description: Processing that is partially automated or semi-automated
Instance of: dpv:AutomationOfProcessing
Note: For example, a series of distinct processing operations that are automated individually or have some human involvement
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.23 Processing Context
IRI https://w3id.org/dpv#ProcessingContext
Term: ProcessingContext
Label: Processing Context
Description: Context or conditions within which processing takes place
SubType of: dpv:Context
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.1.24 Public Data Source
IRI https://w3id.org/dpv#PublicDataSource
Term: PublicDataSource
Label: Public Data Source
Description: A source of data that is publicly accessible or available
Instance of: dpv:DataSource
Note: The term 'Public' is used here in a broad sense. Actual consideration of what is 'Public Data' can vary based on several contextual or jurisdictional factors such as definition of open, methods of access, permissions and licenses.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
8.1.1.25 Scoring of Individuals
IRI https://w3id.org/dpv#ScoringOfIndividuals
Term: ScoringOfIndividuals
Label: Scoring of Individuals
Description: Processing that involves scoring of individuals
SubType of: dpv:EvaluationScoring
Source: GDPR Art.4-2
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
8.1.1.26 Storage Condition
IRI https://w3id.org/dpv#StorageCondition
Term: StorageCondition
Label: Storage Condition
Description: Conditions required or followed regarding storage of data
SubType of: dpv:ProcessingContext
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
Examples: dex:E0011 - Storage Conditions
8.1.1.27 Storage Deletion
IRI https://w3id.org/dpv#StorageDeletion
Term: StorageDeletion
Label: Storage Deletion
Description: Deletion or Erasure of data including any deletion guarantees
SubType of: dpv:StorageCondition
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
8.1.1.28 Storage Duration
IRI https://w3id.org/dpv#StorageDuration
Term: StorageDuration
Label: Storage Duration
Description: Duration or temporal limitation on storage of personal data
SubType of: dpv:Duration, dpv:StorageCondition
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
8.1.1.29 Storage Location
IRI https://w3id.org/dpv#StorageLocation
Term: StorageLocation
Label: Storage Location
Description: Location or geospatial scope where the data is stored
SubType of: dpv:Location, dpv:StorageCondition
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
8.1.1.30 Storage Restoration
IRI https://w3id.org/dpv#StorageRestoration
Term: StorageRestoration
Label: Storage Restoration
Description: Regularity and temporal span of data restoration/backup mechanisms that guarantee that data is preserved
SubType of: dpv:StorageCondition
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
8.1.1.31 Systematic Monitoring
IRI https://w3id.org/dpv#SystematicMonitoring
Term: SystematicMonitoring
Label: Systematic Monitoring
Description: Processing that involves systematic monitoring of individuals
SubType of: dpv:ProcessingContext
Source: GDPR Art.4-2
Created:
Contributor(s): Harshvardhan J. Pandit, Piero Bonatti
8.1.1.32 dpv:ThirdParty
IRI https://w3id.org/dpv#ThirdParty
Term: dpv:ThirdParty
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:A Third Party can be a Data Source, e.g. when data is collected from an entity that is neither the Controller nor the Data Subject

8.1.2 Properties

has algorithmic logic | has data source | has human involvement | has processing automation | has storage condition |

8.1.2.1 has algorithmic logic
IRI https://w3id.org/dpv#hasAlgorithmicLogic
Term: hasAlgorithmicLogic
Label: has algorithmic logic
Description: Indicates the logic used in processing such as for automated decision making
Domain: dpv:Concept
Range: dpv:AlgorithmicLogic
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
8.1.2.2 has data source
IRI https://w3id.org/dpv#hasDataSource
Term: hasDataSource
Label: has data source
Description: Indicates the source or origin of data being processed
Domain: dpv:Concept
Range: dpv:DataSource
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
8.1.2.3 has human involvement
IRI https://w3id.org/dpv#hasHumanInvolvement
Term: hasHumanInvolvement
Label: has human involvement
Description: Indicates Involvement of humans in processing such as within automated decision making process
Domain: dpv:Concept
Range: dpv:HumanInvolvement
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
8.1.2.4 has processing automation
IRI https://w3id.org/dpv#hasProcessingAutomation
Term: hasProcessingAutomation
Label: has processing automation
Description: Indicates the use or extent of automation associated with processing
Domain: dpv:Concept
Range: dpv:AutomationOfProcessing
Created:
Contributor(s): Harshvardhan J. Pandit
8.1.2.5 has storage condition
IRI https://w3id.org/dpv#hasStorageCondition
Term: hasStorageCondition
Label: has storage condition
Description: Indicates information about storage condition
Domain: dpv:Concept
Range: dpv:StorageCondition
Source: SPECIAL Project
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

8.2 Scale of Processing

DPV provides (qualitative) scales for expressing Data Volume, Data subjects, and Geographical Coverage of processing. Along with these, DPV also provides a Processing Scale to express combinations of these. NOTE: The actual meaning or quantified amounts for each concept are not defined due to their interpretation based on contextual factors such as legislations, guidelines, domains, and variations across industries.

8.2.1 Classes

Data Subject Scale | Data Volume | Geographic Coverage | Global Scale | Huge Data Volume | Huge Scale Of Data Subjects | Large Data Volume | Large Scale Of Data Subjects | Large Scale Processing | Local Environment Scale | Locality Scale | Medium Data Volume | Medium Scale Of Data Subjects | Medium Scale Processing | Multi National Scale | National Scale | Nearly Global Scale | Processing Scale | Regional Scale | Scale | Singular Data Volume | Singular Scale Of Data Subjects | Small Data Volume | Small Scale Of Data Subjects | Small Scale Processing | Sporadic Data Volume | Sporadic Scale Of Data Subjects |

8.2.1.1 Data Subject Scale
IRI https://w3id.org/dpv#DataSubjectScale
Term: DataSubjectScale
Label: Data Subject Scale
Description: Scale of Data Subject(s)
SubType of: dpv:Scale
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Rana Saniei
8.2.1.2 Data Volume
IRI https://w3id.org/dpv#DataVolume
Term: DataVolume
Label: Data Volume
Description: Volume or Scale of Data
SubType of: dpv:Scale
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Rana Saniei
8.2.1.3 Geographic Coverage
IRI https://w3id.org/dpv#GeographicCoverage
Term: GeographicCoverage
Label: Geographic Coverage
Description: Indicate of scale in terms of geographic coverage
SubType of: dpv:Scale
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan
8.2.1.4 Global Scale
IRI https://w3id.org/dpv#GlobalScale
Term: GlobalScale
Label: Global Scale
Description: Geographic coverage spanning the entire globe
Instance of: dpv:GeographicCoverage
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.5 Huge Data Volume
IRI https://w3id.org/dpv#HugeDataVolume
Term: HugeDataVolume
Label: Huge Data Volume
Description: Data volume that is considered huge or more than large within the context
Instance of: dpv:DataVolume
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.6 Huge Scale Of Data Subjects
IRI https://w3id.org/dpv#HugeScaleOfDataSubjects
Term: HugeScaleOfDataSubjects
Label: Huge Scale Of Data Subjects
Description: Scale of data subjects considered huge or more than large within the context
Instance of: dpv:DataSubjectScale
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.7 Large Data Volume
IRI https://w3id.org/dpv#LargeDataVolume
Term: LargeDataVolume
Label: Large Data Volume
Description: Data volume that is considered large within the context
Instance of: dpv:DataVolume
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.8 Large Scale Of Data Subjects
IRI https://w3id.org/dpv#LargeScaleOfDataSubjects
Term: LargeScaleOfDataSubjects
Label: Large Scale Of Data Subjects
Description: Scale of data subjects considered large within the context
Instance of: dpv:DataSubjectScale
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.9 Large Scale Processing
IRI https://w3id.org/dpv#LargeScaleProcessing
Term: LargeScaleProcessing
Label: Large Scale Processing
Description: Processing that takes place at large scales (as specified by some criteria)
Instance of: dpv:ProcessingScale
Note: The exact definition of what constitutes "large scale" depends on use of jurisdictional, domain-specific, or other forms of externally defined criterias. Where possible, this should be reflected by extending this term with the appropriate context.
Source: GDPR Art.4-2
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit, Piero Bonatti
8.2.1.10 Local Environment Scale
IRI https://w3id.org/dpv#LocalEnvironmentScale
Term: LocalEnvironmentScale
Label: Local Environment Scale
Description: Geographic coverage spanning a specific environment within the locality
Instance of: dpv:GeographicCoverage
Note: For example, geographic scale of an event take place in a specific building or room
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.11 Locality Scale
IRI https://w3id.org/dpv#LocalityScale
Term: LocalityScale
Label: Locality Scale
Description: Geographic coverage spanning a specific locality
Instance of: dpv:GeographicCoverage
Note: For example, geographic scale of a city or an area within a city
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.12 Medium Data Volume
IRI https://w3id.org/dpv#MediumDataVolume
Term: MediumDataVolume
Label: Medium Data Volume
Description: Data volume that is considered medium i.e. neither large nor small within the context
Instance of: dpv:DataVolume
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan
8.2.1.13 Medium Scale Of Data Subjects
IRI https://w3id.org/dpv#MediumScaleOfDataSubjects
Term: MediumScaleOfDataSubjects
Label: Medium Scale Of Data Subjects
Description: Scale of data subjects considered medium i.e. neither large nor small within the context
Instance of: dpv:DataSubjectScale
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan
8.2.1.14 Medium Scale Processing
IRI https://w3id.org/dpv#MediumScaleProcessing
Term: MediumScaleProcessing
Label: Medium Scale Processing
Description: Processing that takes place at medium scales (as specified by some criteria)
Instance of: dpv:ProcessingScale
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.15 Multi National Scale
IRI https://w3id.org/dpv#MultiNationalScale
Term: MultiNationalScale
Label: Multi National Scale
Description: Geographic coverage spanning multiple nations
Instance of: dpv:GeographicCoverage
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.16 National Scale
IRI https://w3id.org/dpv#NationalScale
Term: NationalScale
Label: National Scale
Description: Geographic coverage spanning a nation
Instance of: dpv:GeographicCoverage
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.17 Nearly Global Scale
IRI https://w3id.org/dpv#NearlyGlobalScale
Term: NearlyGlobalScale
Label: Nearly Global Scale
Description: Geographic coverage nearly spanning the entire globe
Instance of: dpv:GeographicCoverage
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.18 Processing Scale
IRI https://w3id.org/dpv#ProcessingScale
Term: ProcessingScale
Label: Processing Scale
Description: Scale of Processing
SubType of: dpv:Scale
Note: The exact definition of what constitutes "scale" depends on use of jurisdictional, domain-specific, or other forms of externally defined criterias. Where possible, this should be reflected by extending the scales provided with the appropriate context.
Created:
Contributor(s): Harshvardhan J. Pandit, Piero Bonatti
8.2.1.19 Regional Scale
IRI https://w3id.org/dpv#RegionalScale
Term: RegionalScale
Label: Regional Scale
Description: Geographic coverage spanning a specific region or regions
Instance of: dpv:GeographicCoverage
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.20 Scale
IRI https://w3id.org/dpv#Scale
Term: Scale
Label: Scale
Description: A measurement along some dimension
SubType of: dpv:ProcessingContext
Note: Scales are subjective concepts that need to be defined and interpreted within the context of their application. For example, what would be small within one context could be large within another.
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Rana Saniei
8.2.1.21 Singular Data Volume
IRI https://w3id.org/dpv#SingularDataVolume
Term: SingularDataVolume
Label: Singular Data Volume
Description: Data volume that is considered singular i.e. a specific instance or single item
Instance of: dpv:DataVolume
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.22 Singular Scale Of Data Subjects
IRI https://w3id.org/dpv#SingularScaleOfDataSubjects
Term: SingularScaleOfDataSubjects
Label: Singular Scale Of Data Subjects
Description: Scale of data subjects considered singular i.e. a specific data subject
Instance of: dpv:DataSubjectScale
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.23 Small Data Volume
IRI https://w3id.org/dpv#SmallDataVolume
Term: SmallDataVolume
Label: Small Data Volume
Description: Data volume that is considered small or limited within the context
Instance of: dpv:DataVolume
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.24 Small Scale Of Data Subjects
IRI https://w3id.org/dpv#SmallScaleOfDataSubjects
Term: SmallScaleOfDataSubjects
Label: Small Scale Of Data Subjects
Description: Scale of data subjects considered small or limited within the context
Instance of: dpv:DataSubjectScale
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.25 Small Scale Processing
IRI https://w3id.org/dpv#SmallScaleProcessing
Term: SmallScaleProcessing
Label: Small Scale Processing
Description: Processing that takes place at small scales (as specified by some criteria)
Instance of: dpv:ProcessingScale
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.26 Sporadic Data Volume
IRI https://w3id.org/dpv#SporadicDataVolume
Term: SporadicDataVolume
Label: Sporadic Data Volume
Description: Data volume that is considered sporadic or sparse within the context
Instance of: dpv:DataVolume
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.1.27 Sporadic Scale Of Data Subjects
IRI https://w3id.org/dpv#SporadicScaleOfDataSubjects
Term: SporadicScaleOfDataSubjects
Label: Sporadic Scale Of Data Subjects
Description: Scale of data subjects considered sporadic or sparse within the context
Instance of: dpv:DataSubjectScale
Created:
Contributor(s): Harshvardhan J. Pandit

8.2.2 Properties

has data subject scale | has data volume | has geographic coverage | has scale |

8.2.2.1 has data subject scale
IRI https://w3id.org/dpv#hasDataSubjectScale
Term: hasDataSubjectScale
Label: has data subject scale
Description: Indicates the scale of data subjects
Domain: dpv:Concept
Range: dpv:DataSubjectScale
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.2.2 has data volume
IRI https://w3id.org/dpv#hasDataVolume
Term: hasDataVolume
Label: has data volume
Description: Indicates the volume of data
Domain: dpv:Concept
Range: dpv:DataVolume
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.2.3 has geographic coverage
IRI https://w3id.org/dpv#hasGeographicCoverage
Term: hasGeographicCoverage
Label: has geographic coverage
Description: Indicate the geographic coverage (of specified context)
Domain: dpv:Concept
Range: dpv:GeographicCoverage
Created:
Contributor(s): Harshvardhan J. Pandit
8.2.2.4 has scale
IRI https://w3id.org/dpv#hasScale
Term: hasScale
Label: has scale
Description: Indicates the scale of specified concept
Domain: dpv:Concept
Range: dpv:Scale
Created:
Contributor(s): Harshvardhan J. Pandit

9. General Context

Figure 12

9.1 Duration and Frequency

To express the duration of events or operations, such as how long processing will take or the validity of consent, the concept Duration can be used. Duration is indicated using the relation hasDuration, and has the following subtypes:

Frequency indicates how frequently something occurs. Statistically, this can be expressed as the combination of number of occurences and a time period, which can further be expressed as a probabilitic value or a percentage. For example, for something occuring once every year, the frequency is: 1 or 100% for 1 year. While such quantified representations are important for determining metrics and performing operations, DPV focuses on the qualitative labelling of such representations within a specific context.

The relation hasFrequency associates a frequency with a context, and can be expressed using the following subtypes:

DPV provides two subtypes of concepts to denote contextual - Importance and Necessity, which can be applied to specific contexts such as PersonalDataHandling, Purpose, PersonalData.

Importance is similar in application to Necessity, and provides a way to indicate how central or significant the indicated operation(s) are to the context (e.g. to the Controller). Subtypes of importance are PrimaryImportance to indicate 'main' or 'central' or 'primary' importance, and SecondaryImportance to indicate 'auxiliary' or 'peripheral' or 'secondary' importance.

Necessity enables specifying whether the contextual information is Required, is Optional, or is NotRequired. These can be used to indicate, for example, which parts of processing operations (e.g. purposes, personal data) are optional, and whether a particular processing operation is required to be carried out.

9.1.1 Classes

Context | Continous Frequency | Duration | Endless Duration | Fixed Occurences Duration | Frequency | Importance | Indeterminate Duration | Justification | Necessity | Not Required | Often Frequency | Optional | Primary Importance | Required | Scope | Secondary Importance | Singular Frequency | Sporadic Frequency | Technology | Temporal Duration | Until Event Duration | Until Time Duration |

9.1.1.1 Context
IRI https://w3id.org/dpv#Context
Term: Context
Label: Context
Description: Contextually relevant information not possible to represent through other core concepts
Created:
Modified:
Contributor(s): Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Harshvardhan J. Pandit, Javier Fernandez, Simon Steyskal
Examples: dex:E0028 - Contextual Necessity
9.1.1.2 Continous Frequency
IRI https://w3id.org/dpv#ContinousFrequency
Term: ContinousFrequency
Label: Continous Frequency
Description: Frequency where occurences are continous
SubType of: dpv:Frequency
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.1.1.3 Duration
IRI https://w3id.org/dpv#Duration
Term: Duration
Label: Duration
Description: The duration or temporal limitation
SubType of: dpv:Context
Created:
Contributor(s): Harshvardhan J. Pandit
Examples: dex:E0011 - Storage Conditions
dex:E0019 - Consent record
9.1.1.4 Endless Duration
IRI https://w3id.org/dpv#EndlessDuration
Term: EndlessDuration
Label: Endless Duration
Description: Duration that is (known or intended to be) open ended or without an end
Instance of: dpv:Duration
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.1.1.5 Fixed Occurences Duration
IRI https://w3id.org/dpv#FixedOccurencesDuration
Term: FixedOccurencesDuration
Label: Fixed Occurences Duration
Description: Duration that takes place a fixed number of times e.g. 3 times
SubType of: dpv:Duration
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.1.1.6 Frequency
IRI https://w3id.org/dpv#Frequency
Term: Frequency
Label: Frequency
Description: The frequency or information about periods and repetitions in terms of recurrence.
SubType of: dpv:Context
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.1.7 Importance
IRI https://w3id.org/dpv#Importance
Term: Importance
Label: Importance
Description: An indication of 'importance' within a context
SubType of: dpv:Context
Note: Importance can be used to express importance, desirability, relevance, or significance as a context.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
9.1.1.8 Indeterminate Duration
IRI https://w3id.org/dpv#IndeterminateDuration
Term: IndeterminateDuration
Label: Indeterminate Duration
Description: Duration that is indeterminate or cannot be determined
Instance of: dpv:Duration
Note: Indeterminate means (exact or otherwise) information about the duration cannot be determined, which is distinct from 'EndlessDuration' where it is known (or decided) that the duration is open-ended or without an end.
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.1.9 Justification
IRI https://w3id.org/dpv#Justification
Term: Justification
Label: Justification
Description: A form of documentation providing reaosns, explanations, or justifications
SubType of: dpv:Context
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.1.10 Necessity
IRI https://w3id.org/dpv#Necessity
Term: Necessity
Label: Necessity
Description: An indication of 'necessity' within a context
SubType of: dpv:Context
Note: Necessity can be used to express need, essentiality, requirement, or compulsion.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
Examples: dex:E0028 - Contextual Necessity
9.1.1.11 Not Required
IRI https://w3id.org/dpv#NotRequired
Term: NotRequired
Label: Not Required
Description: Indication of neither being required nor optional i.e. not relevant or needed
Instance of: dpv:Necessity
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
9.1.1.12 Often Frequency
IRI https://w3id.org/dpv#OftenFrequency
Term: OftenFrequency
Label: Often Frequency
Description: Frequency where occurences are often or frequent, but not continous
SubType of: dpv:Frequency
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.1.1.13 Optional
IRI https://w3id.org/dpv#Optional
Term: Optional
Label: Optional
Description: Indication of 'optional' or 'voluntary'
Instance of: dpv:Necessity
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
9.1.1.14 Primary Importance
IRI https://w3id.org/dpv#PrimaryImportance
Term: PrimaryImportance
Label: Primary Importance
Description: Indication of 'primary' or 'main' or 'core' importance
Instance of: dpv:Importance
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
9.1.1.15 Required
IRI https://w3id.org/dpv#Required
Term: Required
Label: Required
Description: Indication of 'required' or 'necessary'
Instance of: dpv:Necessity
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
9.1.1.16 Scope
IRI https://w3id.org/dpv#Scope
Term: Scope
Label: Scope
Description: Indication of the extent or range or boundaries associated with(in) a context
SubType of: dpv:Context
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.1.17 Secondary Importance
IRI https://w3id.org/dpv#SecondaryImportance
Term: SecondaryImportance
Label: Secondary Importance
Description: Indication of 'secondary' or 'minor' or 'auxiliary' importance
Instance of: dpv:Importance
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
9.1.1.18 Singular Frequency
IRI https://w3id.org/dpv#SingularFrequency
Term: SingularFrequency
Label: Singular Frequency
Description: Frequency where occurences are singular i.e. they take place only once
SubType of: dpv:Frequency
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.1.1.19 Sporadic Frequency
IRI https://w3id.org/dpv#SporadicFrequency
Term: SporadicFrequency
Label: Sporadic Frequency
Description: Frequency where occurences are sporadic or infrequent or sparse
SubType of: dpv:Frequency
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.1.1.20 Technology
IRI https://w3id.org/dpv#Technology
Term: Technology
Label: Technology
Description: The technology, technological implementation, or any techniques, skills, methods, and processes used or applied
Note: Examples (non-exhaustive) include: Algorithm, Process, Method, Skill, Database, Cookies, Server, Device
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.1.21 Temporal Duration
IRI https://w3id.org/dpv#TemporalDuration
Term: TemporalDuration
Label: Temporal Duration
Description: Duration that has a fixed temporal duration e.g. 6 months
SubType of: dpv:Duration
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.1.1.22 Until Event Duration
IRI https://w3id.org/dpv#UntilEventDuration
Term: UntilEventDuration
Label: Until Event Duration
Description: Duration that takes place until a specific event occurs e.g. Account Closure
SubType of: dpv:Duration
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.1.1.23 Until Time Duration
IRI https://w3id.org/dpv#UntilTimeDuration
Term: UntilTimeDuration
Label: Until Time Duration
Description: Duration that has a fixed end date e.g. 2022-12-31
SubType of: dpv:Duration
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

9.1.2 Properties

has context | has duration | has frequency | has identifier | has justification | has outcome | has scope | is after | is before | is implemented by entity | is implemented using technology |

9.1.2.1 has context
IRI https://w3id.org/dpv#hasContext
Term: hasContext
Label: has context
Description: Indicates a purpose is restricted to the specified context(s)
Domain: dpv:Concept
Range: dpv:Context
Created:
9.1.2.2 has duration
IRI https://w3id.org/dpv#hasDuration
Term: hasDuration
Label: has duration
Description: Indicates information about duration
Domain: dpv:Concept
Range: dpv:Duration
Source: SPECIAL Project
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan
9.1.2.3 has frequency
IRI https://w3id.org/dpv#hasFrequency
Term: hasFrequency
Label: has frequency
Description: Indicates the frequency with which something takes place
Domain: dpv:Concept
Range: dpv:Frequency
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.2.4 has identifier
IRI https://w3id.org/dpv#hasIdentifier
Term: hasIdentifier
Label: has identifier
Description: Indicates an identifier associated for identification or reference
Domain: dpv:Concept
Range: dpv:Concept
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J.Pandit, Paul Ryan
9.1.2.5 has justification
IRI https://w3id.org/dpv#hasJustification
Term: hasJustification
Label: has justification
Description: Indicates a justification for specified concept or context
Domain: dpv:Concept
Range: dpv:Justification
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.2.6 has outcome
IRI https://w3id.org/dpv#hasOutcome
Term: hasOutcome
Label: has outcome
Description: Indicates an outcome of specified concept or context
Domain: dpv:Concept
Range: dpv:Concept
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.2.7 has scope
IRI https://w3id.org/dpv#hasScope
Term: hasScope
Label: has scope
Description: Indicates the scope of specified concept or context
Domain: dpv:Concept
Range: dpv:Scope
Created:
Contributor(s): Harshvardhan J. Pandit
9.1.2.8 is after
IRI https://w3id.org/dpv#isAfter
Term: isAfter
Label: is after
Description: Indicates the specified concepts is 'after' this concept in some context
Domain: dpv:Concept
Range: dpv:Concept
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
9.1.2.9 is before
IRI https://w3id.org/dpv#isBefore
Term: isBefore
Label: is before
Description: Indicates the specified concepts is 'before' this concept in some context
Domain: dpv:Concept
Range: dpv:Concept
Created:
Contributor(s): Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
9.1.2.10 is implemented by entity
IRI https://w3id.org/dpv#isImplementedByEntity
Term: isImplementedByEntity
Label: is implemented by entity
Description: Indicates implementation details such as entities or agents
Domain: dpv:Concept
Range: dpv:Entity
Created:
Contributor(s): Axel Polleres, Beatriz Esteves, Harshvardhan J. Pandit, Julian Flake, Paul Ryan
9.1.2.11 is implemented using technology
IRI https://w3id.org/dpv#isImplementedUsingTechnology
Term: isImplementedUsingTechnology
Label: is implemented using technology
Description: Indicates implementation details such as technologies or processes
Domain: dpv:Concept
Range: dpv:Technology
Created:
Contributor(s): Beatriz Esteves, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

9.2 Status

To assist with expressing the state or status associated with various activities, DPV provides the Status concept that can be associated contextually using the hasStatus relation. Specific subtypes are provided as ActivityStatus, ComplianceStatus including Lawfulness, AuditStatus, ConformanceStatus, and RequestStatus.

ActivityStatus represents a state or status of an activity's operations and lifecycle, which includes ActivityProposed, ActivityOngoing, ActivityHalted, ActivityCompleted, and ActivityNotCompleted.

ComplianceStatus represents status associated with compliance with some norms, objectives, or requirements. Types include Compliant, PartiallyCompliant, NonCompliant, ComplianceViolation, ComplianceUnknown, ComplianceIndeterminate. The association with a law or objective can be specified using hasApplicableLaw or hasPolicy directly for the status or indirectly through the concept whose status is being represented.

Lawfulness represents a special type of ComplianceStatus which relates to legal compliance, or lawfulness, and has types Lawful, Unlawful, and LawfulnessUnkown.

AuditStatus represents the state or status of an audit, where the term audit is loosely defined, and may or may not relate to legal compliance - for e.g. for impact assessments, or as part of certification, or organisational quality assurance processes. Types of audits include AuditApproved, AuditConditionallyApproved, AuditRejected, AuditRequested, AuditNotRequired, and AuditRequired.

ConformanceStatus represents the status of conformance, which is defined distinctly from compliance by considering voluntary association or following of a guideline, requirement, standard, or policy, and where compliance is related to the (legal or other systematically defined) conformity of a given system or use-case with rules which may dictate obligations and prohibitions that must be followed. To provide an illustrative example, consider conformance with a standard on best practices regarding security may assist in the demonstration of compliance with a legal norm requiring organisational measures of security. Types of conformance defined are: Conformant and NonConformant.

RequestStatus represents the state or status of requests, which can be between entities such as data subjects and controllers regarding exercising of rights, or between controllers and processors regarding processing operations, or between authorities and controllers regarding compliance related communications. Types of request statues are: RequestInitiated, RequestAcknowledged, RequestAccepted, RequestRejected, RequestFulfilled, RequestUnfulfilled, RequestRequiresAction, RequestRequiredActionPerformed, RequestActionDelayed, and RequestStatusQuery.

9.2.1 Classes

Activity Completed | Activity Halted | Acitivity Not Completed | Activity Ongoing | Activity Proposed | Activity Status | Audit Approved | Audit Conditionally Approved | Audit Not Required | Audit Rejected | Audit Requested | Audit Required | Audit Status | Compliance Indeterminate | Compliance Status | Compliance Unknown | Compliance Violation | Compliant | Conformance Status | Conformant | Lawful | Lawfulness | Lawfulness Unknown | Non Compliant | NonConformant | Partially Compliant | Request Accepted | Request Acknowledged | Request Action Delayed | Request Fulfilled | Request Initiated | Request Rejected | Request Required Action Performed | Request Requires Action | Request Status | Request Status Query | Request Unfulfilled | Status | Unlawful |

9.2.1.1 Activity Completed
IRI https://w3id.org/dpv#ActivityCompleted
Term: ActivityCompleted
Label: Activity Completed
Description: State of an activity that has completed i.e. is fully in the past
Instance of: dpv:ActivityStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.2 Activity Halted
IRI https://w3id.org/dpv#ActivityHalted
Term: ActivityHalted
Label: Activity Halted
Description: State of an activity that was occuring in the past, and has been halted or paused or stoped
Instance of: dpv:ActivityStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.3 Acitivity Not Completed
IRI https://w3id.org/dpv#ActivityNotCompleted
Term: ActivityNotCompleted
Label: Acitivity Not Completed
Description: State of an activity that could not be completed, but has reached some end state
Instance of: dpv:ActivityStatus
Note: This relates to a 'Stop' state as distinct from a 'Halt' state. It makes no comments on whether the Acitivity can be resumed or continued towards completion.
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.4 Activity Ongoing
IRI https://w3id.org/dpv#ActivityOngoing
Term: ActivityOngoing
Label: Activity Ongoing
Description: State of an activity occuring in continuation i.e. currently ongoing
Instance of: dpv:ActivityStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.5 Activity Proposed
IRI https://w3id.org/dpv#ActivityProposed
Term: ActivityProposed
Label: Activity Proposed
Description: State of an activity being proposed or planned i.e. yet to occur
Instance of: dpv:ActivityStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.6 Activity Status
IRI https://w3id.org/dpv#ActivityStatus
Term: ActivityStatus
Label: Activity Status
Description: Status associated with activity operations and lifecycles
SubType of: dpv:Status
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.7 Audit Approved
IRI https://w3id.org/dpv#AuditApproved
Term: AuditApproved
Label: Audit Approved
Description: State of being approved through the audit
Instance of: dpv:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.8 Audit Conditionally Approved
IRI https://w3id.org/dpv#AuditConditionallyApproved
Term: AuditConditionallyApproved
Label: Audit Conditionally Approved
Description: State of being conditionally approved through the audit
Instance of: dpv:AuditStatus
Note: A "conditional approval" is intended to reflect states where the audit has identified further changes which must be implemented before considering the audit has been 'passed', without requiring another audit to validate them. This is distinct from the case where an audit has state 'rejected', which means changes must be made and submitted for review. The requirements of a 'conditional acceptance' are expected to be minor or not significant enough to warrant another audit to review them.
Created:
Contributor(s): Paul Ryan
9.2.1.9 Audit Not Required
IRI https://w3id.org/dpv#AuditNotRequired
Term: AuditNotRequired
Label: Audit Not Required
Description: State where an audit is determined as not being required
Instance of: dpv:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.10 Audit Rejected
IRI https://w3id.org/dpv#AuditRejected
Term: AuditRejected
Label: Audit Rejected
Description: State of not being approved or being rejected through the audit
Instance of: dpv:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.11 Audit Requested
IRI https://w3id.org/dpv#AuditRequested
Term: AuditRequested
Label: Audit Requested
Description: State of an audit being requested whose outcome is not yet known
Instance of: dpv:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.12 Audit Required
IRI https://w3id.org/dpv#AuditRequired
Term: AuditRequired
Label: Audit Required
Description: State where an audit is determined as being required but has not been conducted
Instance of: dpv:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.13 Audit Status
IRI https://w3id.org/dpv#AuditStatus
Term: AuditStatus
Label: Audit Status
Description: Status associated with Auditing or Investigation
SubType of: dpv:Status
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.14 Compliance Indeterminate
IRI https://w3id.org/dpv#ComplianceIndeterminate
Term: ComplianceIndeterminate
Label: Compliance Indeterminate
Description: State where the status of compliance has not been fully assessed, evaluated, or determined
Instance of: dpv:ComplianceStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.15 Compliance Status
IRI https://w3id.org/dpv#ComplianceStatus
Term: ComplianceStatus
Label: Compliance Status
Description: Status associated with Compliance with some norms, objectives, or requirements
SubType of: dpv:Status
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.16 Compliance Unknown
IRI https://w3id.org/dpv#ComplianceUnknown
Term: ComplianceUnknown
Label: Compliance Unknown
Description: State where the status of compliance is unknown
Instance of: dpv:ComplianceStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.17 Compliance Violation
IRI https://w3id.org/dpv#ComplianceViolation
Term: ComplianceViolation
Label: Compliance Violation
Description: State where compliance cannot be achieved due to requirements being violated
Instance of: dpv:ComplianceStatus
Note: Changed from "violation of compliance" for consistency with other terms
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.2.1.18 Compliant
IRI https://w3id.org/dpv#Compliant
Term: Compliant
Label: Compliant
Description: State of being fully compliant
Instance of: dpv:ComplianceStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.19 Conformance Status
IRI https://w3id.org/dpv#ConformanceStatus
Term: ConformanceStatus
Label: Conformance Status
Description: Status associated with conformance to a standard, guideline, code, or recommendation
SubType of: dpv:Status
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.20 Conformant
IRI https://w3id.org/dpv#Conformant
Term: Conformant
Label: Conformant
Description: State of being conformant
Instance of: dpv:ConformanceStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.21 Lawful
IRI https://w3id.org/dpv#Lawful
Term: Lawful
Label: Lawful
Description: State of being lawful or legally compliant
Instance of: dpv:Lawfulness
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.22 Lawfulness
IRI https://w3id.org/dpv#Lawfulness
Term: Lawfulness
Label: Lawfulness
Description: Status associated with expressing lawfullness or legal compliance
SubType of: dpv:ComplianceStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.23 Lawfulness Unknown
IRI https://w3id.org/dpv#LawfulnessUnkown
Term: LawfulnessUnkown
Label: Lawfulness Unknown
Description: State of the lawfulness not being known
Instance of: dpv:Lawfulness
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.24 Non Compliant
IRI https://w3id.org/dpv#NonCompliant
Term: NonCompliant
Label: Non Compliant
Description: State of non-compliance where objectives have not been met, but have not been violated
Instance of: dpv:ComplianceStatus
Note: Changed from not compliant for consistency in commonly used terms
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit
9.2.1.25 NonConformant
IRI https://w3id.org/dpv#NonConformant
Term: NonConformant
Label: NonConformant
Description: State of being non-conformant
Instance of: dpv:ConformanceStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.26 Partially Compliant
IRI https://w3id.org/dpv#PartiallyCompliant
Term: PartiallyCompliant
Label: Partially Compliant
Description: State of partially being compliant i.e. only some objectives have been met, and others have not been in violation
Instance of: dpv:ComplianceStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.27 Request Accepted
IRI https://w3id.org/dpv#RequestAccepted
Term: RequestAccepted
Label: Request Accepted
Description: State of a request being accepted towards fulfilment
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.28 Request Acknowledged
IRI https://w3id.org/dpv#RequestAcknowledged
Term: RequestAcknowledged
Label: Request Acknowledged
Description: State of a request being acknowledged
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.29 Request Action Delayed
IRI https://w3id.org/dpv#RequestActionDelayed
Term: RequestActionDelayed
Label: Request Action Delayed
Description: State of a request being delayed towards fulfilment
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.30 Request Fulfilled
IRI https://w3id.org/dpv#RequestFulfilled
Term: RequestFulfilled
Label: Request Fulfilled
Description: State of a request being fulfilled
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.31 Request Initiated
IRI https://w3id.org/dpv#RequestInitiated
Term: RequestInitiated
Label: Request Initiated
Description: State of a request being initiated
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.32 Request Rejected
IRI https://w3id.org/dpv#RequestRejected
Term: RequestRejected
Label: Request Rejected
Description: State of a request being rejected towards non-fulfilment
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.33 Request Required Action Performed
IRI https://w3id.org/dpv#RequestRequiredActionPerformed
Term: RequestRequiredActionPerformed
Label: Request Required Action Performed
Description: State of a request's required action having been performed by the other party
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.34 Request Requires Action
IRI https://w3id.org/dpv#RequestRequiresAction
Term: RequestRequiresAction
Label: Request Requires Action
Description: State of a request requiring an action to be performed from another party
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.35 Request Status
IRI https://w3id.org/dpv#RequestStatus
Term: RequestStatus
Label: Request Status
Description: Status associated with requests
SubType of: dpv:Status
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.36 Request Status Query
IRI https://w3id.org/dpv#RequestStatusQuery
Term: RequestStatusQuery
Label: Request Status Query
Description: State of a request's status being queried
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.37 Request Unfulfilled
IRI https://w3id.org/dpv#RequestUnfulfilled
Term: RequestUnfulfilled
Label: Request Unfulfilled
Description: State of a request being unfulfilled
Instance of: dpv:RequestStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.38 Status
IRI https://w3id.org/dpv#Status
Term: Status
Label: Status
Description: The status or state of something
SubType of: dpv:Context
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.1.39 Unlawful
IRI https://w3id.org/dpv#Unlawful
Term: Unlawful
Label: Unlawful
Description: State of being unlawful or legally non-compliant
Instance of: dpv:Lawfulness
Created:
Contributor(s): Harshvardhan J. Pandit

9.2.2 Properties

has activity status | has audit status | has compliance status | has lawfulness | has status |

9.2.2.1 has activity status
IRI https://w3id.org/dpv#hasActivityStatus
Term: hasActivityStatus
Label: has activity status
Description: Indicates the status of activity of specified concept
Domain: dpv:Concept
Range: dpv:ActivityStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.2.2 has audit status
IRI https://w3id.org/dpv#hasAuditStatus
Term: hasAuditStatus
Label: has audit status
Description: Indicates the status of audit associated with specified concept
Domain: dpv:Concept
Range: dpv:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.2.3 has compliance status
IRI https://w3id.org/dpv#hasComplianceStatus
Term: hasComplianceStatus
Label: has compliance status
Description: Indicates the status of compliance of specified concept
Domain: dpv:Concept
Range: dpv:ComplianceStatus
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.2.4 has lawfulness
IRI https://w3id.org/dpv#hasLawfulness
Term: hasLawfulness
Label: has lawfulness
Description: Indicates the status of being lawful or legally compliant
Domain: dpv:Concept
Range: dpv:Lawfulness
Created:
Contributor(s): Harshvardhan J. Pandit
9.2.2.5 has status
IRI https://w3id.org/dpv#hasStatus
Term: hasStatus
Label: has status
Description: Indicates the status of specified concept
Domain: dpv:Concept
Range: dpv:Status
Created:
Contributor(s): Harshvardhan J. Pandit

10. Location & Jurisdiction

Figure 13

To represent location, the concept Location along with relations hasLocation is provided. For geo-political locations, the concepts such as Country and SupraNationalUnion are subtyped, with hasCountry and ThirdCountry with hasThirdCountry provided for convenience in common uses (e.g. data storage, transfers).

To define contextual location concepts, such as there being several locations, or that the location is 'local' to an event, DPV provides two concepts. LocationFixture specifies whether the location is 'fixed' or 'deterministic', with subtypes for fixed single, fixed multiple, and variable locations. LocationLocality specifies whether the location is 'local' within the context, with subtypes for local, remote, within a device, or in cloud.

To represent locations as jurisdictions, the relation hasJurisdiction is provided. The concept Law represents an official or authoritative law or regulation created by a government or an authority. To indicate applicability of laws within a jurisdiction, the relation hasApplicableLaw is provided.

The DPV-LEGAL: Extension providing Jurisdiction-relevant concepts provides taxonomies extending these concepts, such as to represent specific countries, their laws, authorities, memberships, adequacy decisions, and other information.

10.1 Classes

City | Cloud Location | Country | Decentralised Locations | Economic Union | Federated Locations | Fixed Location | Fixed Multiple Locations | Fixed Singular Location | Law | Local Location | Location | Location Fixture | Location Locality | Private Location | Public Location | Random Location | Region | Remote Location | Supranational Union | Third Country | Variable Location | Within Device | Within Physical Environment | Within Virtual Environment |

10.1.1 City

IRI https://w3id.org/dpv#City
Term: City
Label: City
Description: A region consisting of urban population and commerce
SubType of: dpv:Location
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.2 Cloud Location

IRI https://w3id.org/dpv#CloudLocation
Term: CloudLocation
Label: Cloud Location
Description: Location that is in the 'cloud' i.e. a logical location operated over the internet
SubType of: dpv:RemoteLocation
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.3 Country

IRI https://w3id.org/dpv#Country
Term: Country
Label: Country
Description: A political entity indicative of a sovereign or non-sovereign territorial state comprising of distinct geographical areas
SubType of: dpv:Location
Note: The definition of country is not intended for political interpretation. DPVCG welcomes alternate definitions based in existing sources with global scope, such as UN or ISO.
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

10.1.4 Decentralised Locations

IRI https://w3id.org/dpv#DecentralisedLocations
Term: DecentralisedLocations
Label: Decentralised Locations
Description: Location that is spread across multiple separate areas with no distinction between their importance
SubType of: dpv:LocationFixture
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.5 Economic Union

IRI https://w3id.org/dpv#EconomicUnion
Term: EconomicUnion
Label: Economic Union
Description: A political union of two or more countries based on economic or trade agreements
SubType of: dpv:Location
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.6 Federated Locations

IRI https://w3id.org/dpv#FederatedLocations
Term: FederatedLocations
Label: Federated Locations
Description: Location that is federated across multiple separate areas with designation of a primary or central location
SubType of: dpv:LocationFixture
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.7 Fixed Location

IRI https://w3id.org/dpv#FixedLocation
Term: FixedLocation
Label: Fixed Location
Description: Location that is fixed i.e. known to occur at a specific place
SubType of: dpv:LocationFixture
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.8 Fixed Multiple Locations

IRI https://w3id.org/dpv#FixedMultipleLocations
Term: FixedMultipleLocations
Label: Fixed Multiple Locations
Description: Location that is fixed with multiple places e.g. multiple cities
SubType of: dpv:FixedLocation
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.9 Fixed Singular Location

IRI https://w3id.org/dpv#FixedSingularLocation
Term: FixedSingularLocation
Label: Fixed Singular Location
Description: Location that is fixed at a specific place e.g. a city
SubType of: dpv:FixedLocation
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.10 Law

IRI https://w3id.org/dpv#Law
Term: Law
Label: Law
Description: A law is a set of rules created by government or authorities
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.11 Local Location

IRI https://w3id.org/dpv#LocalLocation
Term: LocalLocation
Label: Local Location
Description: Location is local
SubType of: dpv:LocationLocality
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.12 Location

IRI https://w3id.org/dpv#Location
Term: Location
Label: Location
Description: A location is a position, site, or area where something is located
Note: Location may be geographic, physical, or virtual.
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit
Examples: dex:E0011 - Storage Conditions

10.1.13 Location Fixture

IRI https://w3id.org/dpv#LocationFixture
Term: LocationFixture
Label: Location Fixture
Description: The fixture of location refers to whether the location is fixed
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.14 Location Locality

IRI https://w3id.org/dpv#LocationLocality
Term: LocationLocality
Label: Location Locality
Description: Locality refers to whether the specified location is local within some context, e.g. for the user
SubType of: dpv:Location
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.15 Private Location

IRI https://w3id.org/dpv#PrivateLocation
Term: PrivateLocation
Label: Private Location
Description: Location that is not or cannot be accessed by the public and is controlled as a private space
SubType of: dpv:LocalLocation
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.16 Public Location

IRI https://w3id.org/dpv#PublicLocation
Term: PublicLocation
Label: Public Location
Description: Location that is or can be accessed by the public
SubType of: dpv:LocalLocation
Created:
Contributor(s): Georg P Krog

10.1.17 Random Location

IRI https://w3id.org/dpv#RandomLocation
Term: RandomLocation
Label: Random Location
Description: Location that is random or unknown
Instance of: dpv:LocationFixture
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.18 Region

IRI https://w3id.org/dpv#Region
Term: Region
Label: Region
Description: A region is an area or site that is considered a location
SubType of: dpv:Location
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.19 Remote Location

IRI https://w3id.org/dpv#RemoteLocation
Term: RemoteLocation
Label: Remote Location
Description: Location is remote i.e. not local
SubType of: dpv:LocationLocality
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.20 Supranational Union

IRI https://w3id.org/dpv#SupraNationalUnion
Term: SupraNationalUnion
Label: Supranational Union
Description: A political union of two or more countries with an establishment of common authority
SubType of: dpv:Location
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.21 Third Country

IRI https://w3id.org/dpv#ThirdCountry
Term: ThirdCountry
Label: Third Country
Description: Represents a country outside applicable or compatible jurisdiction as outlined in law
SubType of: dpv:Country
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.22 Variable Location

IRI https://w3id.org/dpv#VariableLocation
Term: VariableLocation
Label: Variable Location
Description: Location that is known but is variable e.g. somewhere within a given area
SubType of: dpv:LocationFixture
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.23 Within Device

IRI https://w3id.org/dpv#WithinDevice
Term: WithinDevice
Label: Within Device
Description: Location is local and entirely within a device, such as a smartphone
SubType of: dpv:LocalLocation
Created:
Modified:
Contributor(s): Harshvardhan J. Pandit

10.1.24 Within Physical Environment

IRI https://w3id.org/dpv#WithinPhysicalEnvironment
Term: WithinPhysicalEnvironment
Label: Within Physical Environment
Description: Location is local and entirely within a physical environment, such as a room
SubType of: dpv:LocalLocation
Created:
Contributor(s): Harshvardhan J. Pandit

10.1.25 Within Virtual Environment

IRI https://w3id.org/dpv#WithinVirtualEnvironment
Term: WithinVirtualEnvironment
Label: Within Virtual Environment
Description: Location is local and entirely within a virtual environment, such as a shared network directory
SubType of: dpv:LocalLocation
Created:
Contributor(s): Harshvardhan J. Pandit

10.2 Properties

has applicable law | has country | has jurisdiction | has location | has third country |

10.2.1 has applicable law

IRI https://w3id.org/dpv#hasApplicableLaw
Term: hasApplicableLaw
Label: has applicable law
Description: Indicates applicability of a Law
Domain: dpv:Concept
Range: dpv:Law
Created:
Contributor(s): Harshvardhan J. Pandit

10.2.2 has country

IRI https://w3id.org/dpv#hasCountry
Term: hasCountry
Label: has country
Description: Indicates applicability of specified country
Domain: dpv:Concept
Range: dpv:Country
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

10.2.3 has jurisdiction

IRI https://w3id.org/dpv#hasJurisdiction
Term: hasJurisdiction
Label: has jurisdiction
Description: Indicates applicability of specified jurisdiction
Domain: dpv:Concept
Range: dpv:Location
Created:
Contributor(s): Harshvardhan J. Pandit

10.2.4 has location

IRI https://w3id.org/dpv#hasLocation
Term: hasLocation
Label: has location
Description: Indicates information about location
Domain: dpv:Concept
Range: dpv:Location
Source: SPECIAL Project
Created:
Contributor(s): Axel Polleres, Harshvardhan J. Pandit, Mark Lizar, Rob Brennan

10.2.5 has third country

IRI https://w3id.org/dpv#hasThirdCountry
Term: hasThirdCountry
Label: has third country
Description: Indicates applicability or relevance of a 'third country'
Domain: dpv:Concept
Range: dpv:ThirdCountry
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

11. Risk and Impacts

Figure 14

For risk management, DPV's provides a lightweight risk ontology based on commonly utilised concepts regarding risk mitigation and risk management. While these concepts permit rudimentary association of risks and mitigations within a use-case, it is important to note that DPV (currently) does not provide comprehensive concepts for risk management.

For more developed representations of risk assessment, mitigation, and management vocabularies, we suggest the adoption of relevant standards, such as the ISO/IEC 31000 series, and welcome contribution for their representation within DPV through Risk Extension for DPV.

11.1 Classes

Benefit | Consequence | Consequence as Side-Effect | Consequence of Failure | Consequence of Success | Damage | Detriment | Harm | Impact | Likelihood | Material Damage | Non-Material Damage | Risk | Risk Level | Risk Management Process | Risk Mitigation Measure | Severity |

11.1.1 Benefit

IRI https://w3id.org/dpv#Benefit
Term: Benefit
Label: Benefit
Description: Impact(s) that acts as or causes benefits
SubType of: dpv:Impact
Created:
Contributor(s): Axel Polleres, Beatriz Esteves, Fajar Ekaputra, Georg P Krog, Harshvardhan J. Pandit, Julian Flake

11.1.2 Consequence

IRI https://w3id.org/dpv#Consequence
Term: Consequence
Label: Consequence
Description: The consequence(s) possible or arising from specified context
Created:
Contributor(s): Harshvardhan J. Pandit
Examples: dex:E0029 - Risk and Consequence

11.1.3 Consequence as Side-Effect

IRI https://w3id.org/dpv#ConsequenceAsSideEffect
Term: ConsequenceAsSideEffect
Label: Consequence as Side-Effect
Description: The consequence(s) possible or arising as a side-effect of specified context
SubType of: dpv:Consequence
Created:
Contributor(s): Harshvardhan J. Pandit

11.1.4 Consequence of Failure

IRI https://w3id.org/dpv#ConsequenceOfFailure
Term: ConsequenceOfFailure
Label: Consequence of Failure
Description: The consequence(s) possible or arising from failure of specified context
SubType of: dpv:Consequence
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

11.1.5 Consequence of Success

IRI https://w3id.org/dpv#ConsequenceOfSuccess
Term: ConsequenceOfSuccess
Label: Consequence of Success
Description: The consequence(s) possible or arising from success of specified context
SubType of: dpv:Consequence
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

11.1.6 Damage

IRI https://w3id.org/dpv#Damage
Term: Damage
Label: Damage
Description: Impact that acts as or causes damages
SubType of: dpv:Impact
Created:
Contributor(s): Harshvardhan J. Pandit

11.1.7 Detriment

IRI https://w3id.org/dpv#Detriment
Term: Detriment
Label: Detriment
Description: Impact that acts as or causes detriments
SubType of: dpv:Impact
Created:
Contributor(s): Beatriz Esteves, Fajar Ekaputra, Georg P Krog, Harshvardhan J. Pandit, Julian Flake

11.1.8 Harm

IRI https://w3id.org/dpv#Harm
Term: Harm
Label: Harm
Description: Impact that acts as or causes harms
SubType of: dpv:Damage
Created:
Contributor(s): Beatriz Esteves, Fajar Ekaputra, Georg P Krog, Harshvardhan J. Pandit, Julian Flake
Examples: dex:E0029 - Risk and Consequence

11.1.9 Impact

IRI https://w3id.org/dpv#Impact
Term: Impact
Label: Impact
Description: The impact(s) possible or arising as a consequence from specified context
SubType of: dpv:Consequence
Note: Impact is a stronger notion of consequence in terms of influence, change, or effect on something e.g. for impact assessments
Created:
Contributor(s): Beatriz Esteves, Fajar Ekaputra, Georg P Krog, Harshvardhan J. Pandit, Julian Flake
Examples: dex:E0029 - Risk and Consequence

11.1.10 Likelihood

IRI https://w3id.org/dpv#Likelihood
Term: Likelihood
Label: Likelihood
Description: The likelihood or probability or chance of something taking place or occuring
Note: Likelihood can be expressed in a subjective manner, such as 'Unlikely', or in a quantitative manner such as "Twice in a Day" (frequency per period). The suggestion is to use quantitative values, or to associate them with subjective terms used so as to enable accurate interpretations and interoperability. See the concepts related to Frequency and Duration for possible uses as a combination to express Likelihood.
Created:
Contributor(s): Harshvardhan J. Pandit

11.1.11 Material Damage

IRI https://w3id.org/dpv#MaterialDamage
Term: MaterialDamage
Label: Material Damage
Description: Impact that acts as or causes material damages
SubType of: dpv:Damage
Created:
Contributor(s): Harshvardhan J. Pandit

11.1.12 Non-Material Damage

IRI https://w3id.org/dpv#NonMaterialDamage
Term: NonMaterialDamage
Label: Non-Material Damage
Description: Impact that acts as or causes non-material damages
SubType of: dpv:Damage
Created:
Contributor(s): Harshvardhan J. Pandit

11.1.13 Risk

IRI https://w3id.org/dpv#Risk
Term: Risk
Label: Risk
Description: A risk or possibility or uncertainty of negative effects, impacts, or consequences.
Note: Risks can be associated with one or more different concepts such as purpose, processing, personal data, technical or organisational measure.
Created:
Contributor(s): Harshvardhan J. Pandit

11.1.14 Risk Level

IRI https://w3id.org/dpv#RiskLevel
Term: RiskLevel
Label: Risk Level
Description: The magnitude of a risk expressed as an indication to aid in its management
Note: Risk Levels can be defined as a combination of different characteristics. For example, ISO 31073:2022 defines it as a combination of consequences and their likelihood. Another example would be the Risk Matrix where Risk Level is defined as a combination of Likelihood and Severity associated with the Risk.
Created:
Contributor(s): Harshvardhan J. Pandit

11.1.15 Risk Management Process

IRI https://w3id.org/dpv#RiskManagementProcess
Term: RiskManagementProcess
Label: Risk Management Process
Description: The systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring, and reviewing risk
SubType of: dpv:SecurityProcedure
Source: ISO 31000, ISO 31073:2022
Created:
Contributor(s): Harshvardhan J. Pandit

11.1.16 Risk Mitigation Measure

IRI https://w3id.org/dpv#RiskMitigationMeasure
Term: RiskMitigationMeasure
Label: Risk Mitigation Measure
Description: Measures intended to mitigate, minimise, or prevent risk.
SubType of: dpv:TechnicalOrganisationalMeasure
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Paul Ryan
Examples: dex:E0029 - Risk and Consequence

11.1.17 Severity

IRI https://w3id.org/dpv#Severity
Term: Severity
Label: Severity
Description: The magnitude of being unwanted or having negative effects such as harmful impacts
Note: Severity can be associated with Risk, or its Consequences and Impacts
Created:
Contributor(s): Harshvardhan J. Pandit

11.2 Properties

has consequence | has consequence on | has impact | has impact on | has likelihood | has residual risk | has risk | has risk level | has severity | is mitigated by measure | is residual risk of | mitigates risk |

11.2.1 has consequence

IRI https://w3id.org/dpv#hasConsequence
Term: hasConsequence
Label: has consequence
Description: Indicates consenquence(s) possible or arising from specified concept
Domain: dpv:Concept
Range: dpv:Consequence
Created:
Contributor(s): Beatriz Esteves, Fajar Ekaputra, Georg P Krog, Harshvardhan J. Pandit, Julian Flake

11.2.2 has consequence on

IRI https://w3id.org/dpv#hasConsequenceOn
Term: hasConsequenceOn
Label: has consequence on
Description: Indicates the thing (e.g. plan, process, or entity) affected by a consequence
Domain: dpv:Consequence
Range: dpv:Concept
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

11.2.3 has impact

IRI https://w3id.org/dpv#hasImpact
Term: hasImpact
Label: has impact
Description: Indicates impact(s) possible or arising as consequences from specified concept
Domain: dpv:Concept
Range: dpv:Impact
Created:
Contributor(s): Beatriz Esteves, Fajar Ekaputra, Georg P Krog, Harshvardhan J. Pandit, Julian Flake

11.2.4 has impact on

IRI https://w3id.org/dpv#hasImpactOn
Term: hasImpactOn
Label: has impact on
Description: Indicates the thing (e.g. plan, process, or entity) affected by an impact
Domain: dpv:Impact
Range: dpv:Concept
Created:
Contributor(s): Beatriz Esteves, Fajar Ekaputra, Georg P Krog, Harshvardhan J. Pandit, Julian Flake

11.2.5 has likelihood

IRI https://w3id.org/dpv#hasLikelihood
Term: hasLikelihood
Label: has likelihood
Description: Indicates the likelihood associated with a concept
Domain: dpv:Concept
Range: dpv:Likelihood
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

11.2.6 has residual risk

IRI https://w3id.org/dpv#hasResidualRisk
Term: hasResidualRisk
Label: has residual risk
Description: Indicates the associated risk is the remaining or residual risk from applying mitigation measures or treatments to this risk
Domain: dpv:Risk
Range: dpv:Risk
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

11.2.7 has risk

IRI https://w3id.org/dpv#hasRisk
Term: hasRisk
Label: has risk
Description: Indicates applicability of Risk for this concept
Domain: dpv:Concept
Range: dpv:Risk
Created:
Contributor(s): Harshvardhan J. Pandit

11.2.8 has risk level

IRI https://w3id.org/dpv#hasRiskLevel
Term: hasRiskLevel
Label: has risk level
Description: Indicates the associated risk level associated with a risk
Domain: dpv:Risk
Range: dpv:RiskLevel
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

11.2.9 has severity

IRI https://w3id.org/dpv#hasSeverity
Term: hasSeverity
Label: has severity
Description: Indicates the severity associated with a concept
Domain: dpv:Concept
Range: dpv:Severity
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

11.2.10 is mitigated by measure

IRI https://w3id.org/dpv#isMitigatedByMeasure
Term: isMitigatedByMeasure
Label: is mitigated by measure
Description: Indicate a risk is mitigated by specified measure
Domain: dpv:Risk
Range: dpv:RiskMitigationMeasure
Created:
Contributor(s): Harshvardhan J. Pandit

11.2.11 is residual risk of

IRI https://w3id.org/dpv#isResidualRiskOf
Term: isResidualRiskOf
Label: is residual risk of
Description: Indicates this risk is the remaining or residual risk from applying mitigation measures or treatments to specified risk
Domain: dpv:Risk
Range: dpv:Risk
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit, Julian Flake, Paul Ryan

11.2.12 mitigates risk

IRI https://w3id.org/dpv#mitigatesRisk
Term: mitigatesRisk
Label: mitigates risk
Description: Indicates risks mitigated by this concept
Domain: dpv:RiskMitigationMeasure
Range: dpv:Risk
Created:
Contributor(s): Harshvardhan J. Pandit

12. Rights

Figure 15

The concept Right represents a normative concept for what is permissible or necessary in accordance with a system such as laws. To associate rights with concepts that are relevant or within which those rights occur, the relation hasRight is used. Rights can be passive, which means they are always applicable without requiring anything to be done, or active where they require some action to be taken to initiate or exercise them. To represent these concepts, DPV uses PassiveRight and ActiveRight respectively. Rights can be applicable to different contexts or entities. To differentiate rights applicable or afforded to data subjects, the concept DataSubjectRight is used.

The information regarding hwo to exercise a right is provided through RightExerciseNotice and associated using the isExercisedAt relation. This information can specify contextual information through use of other concepts such as PersonalDataHandling to denote a necessary Purpose of IdentityVerification as part of the rights exercise.

A RightExerciseActivity represents a concrete instance of a right being exercised. It can include contextual information such as timestamps, durations, entities, etc. that can be part of record-keeping. An activity can be a single step related to rights exercise -- such as the initial request to exercise that right, or its acknowledgement, or the final step taken to fulfil the right (e.g. provide some information), or it can also be a single activity describing the entire rights exercise process(es). To collate related activities associated with a rights exercise (e.g. associated with a specific data subject or a specific request), the concept RightExerciseRecord is useful. The information provided to describe or in fulfilment of a right exercise is represented by RightFulfilmentNotice and that associated when a right exercise cannot be fulfilled is represented by RightNonFulfilmentNotice.

To indicate contextual information about Right Exercise activities, DPV suggests reuse of existing relations, such as those from DPV itself and DCMI Metadata Terms (DCT). For example, dct:accessRights can be used to specify constraints or requirements regarding access (e.g. log in required), or dct:hasPart and dct:isPartOf to express records and its contents, dct:valid to express validity constraints on the exercising being made available, foaf:page to specify the location or provision of notice, and [=hasStatus with RequestStatus to represent the status of a rights exercise activity.

When rights require the provision of information which beyond a static common notice, for example a document personalised to the individual's information, or a dataset containing the individual's data, DPV recommends using Data Catalog Vocabulary (DCAT) - Version 2 to model the contents as a dcat:Resource or other relevant concepts from [DCAT] and [DCT] such as dct:format, dct:accessRights, and dct:valid.

12.1 Classes

dcat:Resource | Active Right | Data Subject Right | Passive Right | Right | Right Exercise Activity | Right Exercise Notice | Right Exercise Record | Right Fulfilment Notice | Right Non-Fulfilment Notice |

12.1.1 dcat:Resource

IRI http://www.w3.org/ns/dcat#Resource
Term: dcat:Resource
Vocabulary:Data Catalog Vocabulary (DCAT) - Version 2
Usage Note:A dataset, data service, or any other resource associated with Right Exercise - such as for providing a copy of personal data

12.1.2 Active Right

IRI https://w3id.org/dpv#ActiveRight
Term: ActiveRight
Label: Active Right
Description: The right(s) applicable, provided, or expected that need to be (actively) exercised
SubType of: dpv:Right
Note: Active rights require the entity to expressly exercise them. For example, a Data Subject exercising their right to withdraw their consent.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J Pandit, Paul Ryan

12.1.3 Data Subject Right

IRI https://w3id.org/dpv#DataSubjectRight
Term: DataSubjectRight
Label: Data Subject Right
Description: The rights applicable or provided to a Data Subject
SubType of: dpv:Right
Note: Based on use of definitions, the notion of 'Data Subject Right' can be equivalent to 'Individual Right' or 'Right of a Person'
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan Pandit

12.1.4 Passive Right

IRI https://w3id.org/dpv#PassiveRight
Term: PassiveRight
Label: Passive Right
Description: The right(s) applicable, provided, or expected that are always (passively) applicable
SubType of: dpv:Right
Note: Passive rights do not require the entity to request or exercise them. They are considered to be always applicable. For example, the Right to Privacy (in EU) does not require an exercise for it to be fulfilled.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J Pandit, Paul Ryan

12.1.6 Right Exercise Activity

IRI https://w3id.org/dpv#RightExerciseActivity
Term: RightExerciseActivity
Label: Right Exercise Activity
Description: An activity representing an exercising of an active right
Note: There may be multiple activities associated with exercising and fulfilling rights. See the RightExerciseRecord concept for record-keeping of such activities in a cohesive manner.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J Pandit, Paul Ryan

12.1.7 Right Exercise Notice

IRI https://w3id.org/dpv#RightExerciseNotice
Term: RightExerciseNotice
Label: Right Exercise Notice
Description: Information associated with exercising of an active right
Note: This concept is intended for providing information regarding a right exercise. For specific instances of such exercises, see RightExerciseActivity and RightExerciseRecord.
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J Pandit, Paul Ryan

12.1.8 Right Exercise Record

IRI https://w3id.org/dpv#RightExerciseRecord
Term: RightExerciseRecord
Label: Right Exercise Record
Description: Record of a Right being exercised
Instance of: dpv:Record
Note: This concept represents a record of one or more right exercise activities, such as those associated with a single data subject or service or entity
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J Pandit, Paul Ryan

12.1.9 Right Fulfilment Notice

IRI https://w3id.org/dpv#RightFulfilmentNotice
Term: RightFulfilmentNotice
Label: Right Fulfilment Notice
Description: Notice provided regarding fulfilment of a right
SubType of: dpv:Notice
Note: This notice is associated with situations where information is provided with the intention of progressing the fulfilment of a right. For example, a notice asking for more information regarding the scope of the right, or providing information on where to access the data provided under a right.
Created:
Contributor(s): Beatriz Esteves, Harshvardhan J. Pandit

12.1.10 Right Non-Fulfilment Notice

IRI https://w3id.org/dpv#RightNonFulfilmentNotice
Term: RightNonFulfilmentNotice
Label: Right Non-Fulfilment Notice
Description: Notice provided regarding non-fulfilment of a right
SubType of: dpv:Notice
Note: This notice is associated with situations where information is provided with the intention of communicating non-fulfilment of a right. For example, to provide justifications on why a right could not be fulfilled or providing information about another entity who should be approached for exercising this right.
Created:
Contributor(s): Beatriz Esteves, Harshvardhan J. Pandit

12.2 Properties

dct:accessRights | dct:format | dct:hasPart | dct:isPartOf | dct:valid | foaf:page | dpv:hasJustification | dpv:hasRecipient | has right | dpv:hasStatus | dpv:isAfter | dpv:isBefore | is exercised at | dpv:isImplementedByEntity |

12.2.1 dct:accessRights

IRI http://purl.org/dc/terms/accessRights
Term: dct:accessRights
Vocabulary:DCMI Metadata Terms (DCT)
Usage Note:Specfiying constraints on access associated with Rights Exercising (e.g. User must log in) or access to provided data (e.g. access via link)
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.2 dct:format

IRI http://purl.org/dc/terms/format
Term: dct:format
Vocabulary:DCMI Metadata Terms (DCT)
Usage Note:Specifying the format of provided information, for example a CSV dataset
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.3 dct:hasPart

IRI http://purl.org/dc/terms/hasPart
Term: dct:hasPart
Vocabulary:DCMI Metadata Terms (DCT)
Usage Note:Specifying a RightExerciseRecord has RightExerciseActivity as part of its records
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.4 dct:isPartOf

IRI http://purl.org/dc/terms/isPartOf
Term: dct:isPartOf
Vocabulary:DCMI Metadata Terms (DCT)
Usage Note:Specifying a RightExerciseActivity is part of a RightExerciseRecord
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.5 dct:valid

IRI http://purl.org/dc/terms/valid
Term: dct:valid
Vocabulary:DCMI Metadata Terms (DCT)
Usage Note:Specfiying the temporal validity of an activity associated with Right Exercise. For example, limits on duration for providing or accessing provided information
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.6 foaf:page

IRI http://xmlns.com/foaf/0.1/page
Term: foaf:page
Vocabulary:FOAF Vocabulary Specification 0.99 (Paddington Edition)
Usage Note:Indicates a web page or document providing information or functionality associated with a Right Exercise
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.7 dpv:hasJustification

IRI https://w3id.org/dpv#hasJustification
Term: dpv:hasJustification
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:Specifying a justification for non-fulfilment of Right Exercise
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.8 dpv:hasRecipient

IRI https://w3id.org/dpv#hasRecipient
Term: dpv:hasRecipient
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:Indicates the Recipient of a Right Exercise Activity
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.9 has right

IRI https://w3id.org/dpv#hasRight
Term: hasRight
Label: has right
Description: Indicates use or applicability of Right
Domain: dpv:Concept
Range: dpv:Right
Created:
Contributor(s): Harshvardhan J. Pandit

12.2.10 dpv:hasStatus

IRI https://w3id.org/dpv#hasStatus
Term: dpv:hasStatus
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:Indicates the status of a Right Exercise Activity
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.11 dpv:isAfter

IRI https://w3id.org/dpv#isAfter
Term: dpv:isAfter
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:Specifying a RightExerciseActivity occurs before another RightExerciseActivity
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.12 dpv:isBefore

IRI https://w3id.org/dpv#isBefore
Term: dpv:isBefore
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:Specifying a RightExerciseActivity occurs before another RightExerciseActivity
Domain: left blank / unspecified
Range: left blank / unspecified

12.2.13 is exercised at

IRI https://w3id.org/dpv#isExercisedAt
Term: isExercisedAt
Label: is exercised at
Description: Indicates context or information about exercising a right
Domain: dpv:ActiveRight
Range: dpv:RightExerciseNotice
Created:
Contributor(s): Harshvardhan J. Pandit

12.2.14 dpv:isImplementedByEntity

IRI https://w3id.org/dpv#isImplementedByEntity
Term: dpv:isImplementedByEntity
Vocabulary:Data Privacy Vocabulary (DPV) Specification
Usage Note:Indicates the Entity that implements or performs a Right Exercise Activity
Domain: left blank / unspecified
Range: left blank / unspecified

13. Rules

DPV provides the concept Rule to specify requirements, constraints, and other forms of 'rules' that are associated with specific contexts (e.g., processing activities) using the relation hasRule. DPV provides three forms of Rules to represent Permission, Prohibition and Obligation, and their corresponding relations hasPermission, hasProhibition and hasObligation, to indicate a Rule that specifies whether something is permitted, prohibited or an obligation, respectively. DPV does not define additional semantics for rules and limits its scope and focus to provide a simple way to specify permissions, prohibitions, and obligations as common rules associated with personal data and its processing activities. For a more extensive and richer set of semantics and concepts to represent rules, DPVCG suggests looking towards other languages, such as [ODRL], [SHACL], and [RuleML] that have been developed with the specific goal of representing and applying rules. We welcome contributions for aligning DPV with these, and for providing guidance on how to complement DPV's rule-based concepts with external languages.

In representing Rules, DPV only provides the concept and does not express any inherent semantics on what those rules mean in relation to each other. For example, DPV does not express Permission to be non-compatible or disjoint from Prohibition. This is to separate the interpretation and application of rules based on the necessities of a use-case. For example, in a legal investigation it may be prudent to specify permission and prohibition can never occur together, but this may not be true if there are different legal requirements that allow a prohibition to be resolved or deferred, such as through another permission that overrides the prohibition.

DPV does not specify 'default' in relation to rules, i.e. it does not provide an interpretation of whether some rules apply automatically unless otherwise declared. For example, in declaring an instance of Personal Data Handling, the assumption is that the activities are modelled for what is happening or what is intended/planned to happen. The explicit annotation using a Permission rule adds information about whether some activity is permitted (and its associated information). Instead, if the use-case is using DPV to only document activities that are permitted, there is no need to explicitly specify the permissions. Similarly, just because something is happening or planned to happen, it cannot be assumed to be permitted (e.g., from evaluation of legal requirements).

To associate a rule with a specific context, which can be a PersonalDataHandling or PersonalData or Purposes, the relations hasPermission, hasProhibition and hasObligation are provided. Additional types of rules can be added to DPV by extending the Rule Concept (e.g., :MyRule rdfs:isSubClassOf dpv:Rule).

13.1 Classes

Obligation | Permission | Prohibition | Rule |

13.1.1 Obligation

IRI https://w3id.org/dpv#Obligation
Term: Obligation
Label: Obligation
Description: A rule describing an obligation for performing an activity
SubType of: dpv:Rule
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

13.1.2 Permission

IRI https://w3id.org/dpv#Permission
Term: Permission
Label: Permission
Description: A rule describing a permission to perform an activity
SubType of: dpv:Rule
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

13.1.3 Prohibition

IRI https://w3id.org/dpv#Prohibition
Term: Prohibition
Label: Prohibition
Description: A rule describing a prohibition to perform an activity
SubType of: dpv:Rule
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

13.1.4 Rule

IRI https://w3id.org/dpv#Rule
Term: Rule
Label: Rule
Description: A rule describing a process or control that directs or determines if and how an activity should be conducted
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

13.2 Properties

has obligation | has permission | has prohibition | has rule |

13.2.1 has obligation

IRI https://w3id.org/dpv#hasObligation
Term: hasObligation
Label: has obligation
Description: Specifying applicability or inclusion of an obligation rule within specified context
Domain: dpv:Context
Range: dpv:Obligation
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

13.2.2 has permission

IRI https://w3id.org/dpv#hasPermission
Term: hasPermission
Label: has permission
Description: Specifying applicability or inclusion of a permission rule within specified context
Domain: dpv:Context
Range: dpv:Permission
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

13.2.3 has prohibition

IRI https://w3id.org/dpv#hasProhibition
Term: hasProhibition
Label: has prohibition
Description: Specifying applicability or inclusion of a prohibition rule within specified context
Domain: dpv:Context
Range: dpv:Prohibition
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

13.2.4 has rule

IRI https://w3id.org/dpv#hasRule
Term: hasRule
Label: has rule
Description: Specifying applicability or inclusion of a rule within specified context
Domain: dpv:Context
Range: dpv:Rule
Created:
Contributor(s): Beatriz Esteves, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

Funding Acknowledgements

Funding Sponsors

The DPVCG and DPV were initiated as part of the SPECIAL H2020 Project, which received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731601. The SPECIAL project ran over a 3-year period from 2017 to 2019.

Harshvardhan J. Pandit was funded by the Irish Research Council Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790 for working within the DPVCG and contributing to the DPV. The fellowship lasted from 2020 to 2022.

Funding Acknowledgements for Contributors

The contributions of Piero Bonatti and Luigi Sauro to the DPVCG have been funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement N. 731601 (project SPECIAL) until 2019, and under grant agreement N. 883464 (project TRAPEZE) from 2020 until 2023.

The contributions of Beatriz Esteves have received funding through the PROTECT ITN Project from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813497.

The contributions of Harshvardhan J. Pandit have received funding from the ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106 (2018 to 2020) and Grant#13/RC/2106_P2 (2021 onwards)

A. Proposed Terms

The following terms have been proposed for inclusion, and are under discussion. They are provided here for illustrative purposes and should not be considered as part of DPV.

personal_data purposes context risk technical_organisational_measures organisational_measures entities_datasubject legal_basis

B. DPV concepts across serialisations

The table provides an overview of the expression of concepts across the three DPV serialisations. These may be expanded in the future, including to non-semantic-web serialisations.

Concept [DPV] [DPV-SKOS] [DPV-OWL]
Concept dpv:Concept skos:Concept owl:Class
is subtype of dpv:isSubTypeOf skos:broader owl:subClassOf
is instance of dpv:isInstanceOf rdf:type rdf:type
has concept dpv:Relation rdf:Property owl:ObjectProperty
relationship domain dpv:domain rdfs:domain rdfs:domain
relationship range dpv:range rdfs:range rdfs:range

C. Issue summary

There are no issues listed in this specification.

D. Deprecated Terms

The following is a (non-exhaustive and incomplete) list of terms that have been deprecated. They were present in prior releases and have been taken out. Where possible, a common is provided specifying the reason and alternatives if available.

E. References

E.1 Informative references

[DCAT]
Data Catalog Vocabulary (DCAT) - Version 2. URL: http://www.w3.org/ns/dcat
[DCT]
DCMI Metadata Terms (DCT). URL: https://www.dublincore.org/specifications/dublin-core/dcmi-terms/
[DPV]
Data Privacy Vocabulary (DPV) Specification. URL: https://www.w3id.org/dpv
[DPV-GDPR]
DPV-GDPR: Extension providing GDPR concepts. URL: https://www.w3id.org/dpv/dpv-gdpr
Guide for Consent Records using DPV. URL: https://w3id.org/dpv/guides/consent
[DPV-GUIDE-GDPR-DPIA]
Guide for GDPR DPIA's using DPV. URL: https://w3id.org/dpv/dpv-gdpr/dpia
[DPV-GUIDE-GDPR-ROPA]
Guide for GDPR ROPA's using DPV. URL: https://w3id.org/dpv/dpv-gdpr/ropa
[DPV-GUIDE-Notice]
Guide for Privacy Notices using DPV. URL: https://w3id.org/dpv/guides/notice
[DPV-GUIDE-OWL2]
Guide for using DPV in OWL2. URL: https://w3id.org/dpv/guides/dpv-owl
[DPV-GUIDE-Serialisations]
Guide on DPV's serialisations and semantics. URL: https://w3id.org/dpv/guides/serialisations
[DPV-GUIDE-SKOS]
Guide for using DPV with RDFS and SKOS. URL: https://w3id.org/dpv/guides/dpv-skos
[DPV-GUIDES]
Guidelines for Adoption and Use of DPV. URL: https://w3id.org/dpv/guides
DPV-LEGAL: Extension providing Jurisdiction-relevant concepts. URL: https://www.w3id.org/dpv/dpv-legal
[DPV-NACE]
NACE Taxonomy serialised in RDFS. URL: https://www.w3id.org/dpv/dpv-nace
[DPV-OWL]
DPV-OWL: Data Privacy Vocabulary serialised in OWL2. URL: https://www.w3id.org/dpv/dpv-owl
[DPV-OWL-GDPR]
DPV-OWL-GDPR: Extension providing GDPR concepts. URL: https://www.w3id.org/dpv/dpv-owl/dpv-gdpr
DPV-OWL-LEGAL: Extension providing Jurisdiction-relevant concepts. URL: https://www.w3id.org/dpv/dpv-owl/dpv-legal
[DPV-OWL-PD]
DPV-OWL-PD: Extension providing Personal Data Categories. URL: https://www.w3id.org/dpv/dpv-owl/dpv-pd
[DPV-OWL-TECH]
DPV-OWL-TECH: Extension providing Technology-relevant concepts. URL: https://www.w3id.org/dpv/dpv-owl/dpv-tech
[DPV-PD]
DPV-PD: Extension providing Personal Data Categories. URL: https://www.w3id.org/dpv/dpv-pd
[DPV-Primer]
Primer for Data Privacy Vocabulary. URL: https://www.w3id.org/dpv/primer
[DPV-SKOS]
DPV-SKOS: Data Privacy Vocabulary serialised in RDFS & SKOS. URL: https://www.w3id.org/dpv/dpv-skos
[DPV-SKOS-GDPR]
DPV-SKOS-GDPR: Extension providing GDPR concepts. URL: https://www.w3id.org/dpv/dpv-skos/dpv-gdpr
DPV-SKOS-LEGAL: Extension providing Jurisdiction-relevant concepts. URL: https://www.w3id.org/dpv/dpv-skos/dpv-legal
[DPV-SKOS-PD]
DPV-SKOS-PD: Extension providing Personal Data Categories. URL: https://www.w3id.org/dpv/dpv-skos/dpv-pd
[DPV-SKOS-TECH]
DPV-SKOS-TECH: Extension providing Technology-relevant concepts. URL: https://www.w3id.org/dpv/dpv-skos/dpv-tech
[DPV-TECH]
DPV-TECH: Extension providing Technology-relevant concepts. URL: https://www.w3id.org/dpv/dpv-tech
[DPVCG]
W3C Data Privacy Vocabularies and Controls Community Group (DPVCG). URL: https://www.w3.org/community/dpvcg/
[Examples]
DPV Examples. URL: https://w3id.org/dpv/examples
[FOAF]
FOAF Vocabulary Specification 0.99 (Paddington Edition). Dan Brickley; Libby Miller. FOAF project. 14 January 2014. URL: http://xmlns.com/foaf/spec
[GDPR]
General Data Protection Regulation (GDPR). URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj
[ISO-27560]
ISO/IEC TS 27560 Privacy technologies — Consent record information structure. URL: https://www.iso.org/standard/80392.html
[ODRL]
Open Digital Rights Language (ODRL) Version 1.1. Renato Iannella. W3C. 19 September 2002. W3C Working Group Note. URL: https://www.w3.org/TR/odrl
[OWL]
OWL 2 Web Ontology Language Document Overview (Second Edition). URL: https://www.w3.org/TR/owl2-overview/
[RDFS]
RDF Schema 1.1. URL: https://www.w3.org/TR/rdf-schema/
[RIGHTS]
Rights Extension for Data Privacy Vocabulary. URL: https://www.w3id.org/dpv/rights
[RIGHTS-EU]
Extension providing EU Rights. URL: https://www.w3id.org/dpv/rights/eu
[RIGHTS-EU-OWL]
Extension providing EU Rights. URL: https://www.w3id.org/dpv/dpv-owl/rights/eu
[RIGHTS-EU-SKOS]
Extension providing EU Rights. URL: https://www.w3id.org/dpv/dpv-skos/rights/eu
[RISK]
Risk Extension for DPV. URL: https://www.w3id.org/dpv/risk
[RISK-OWL]
Risk Extension for DPV. URL: https://www.w3id.org/dpv/dpv-owl/risk
[RISK-SKOS]
Risk Extension for DPV. URL: https://www.w3id.org/dpv/dpv-skos/risk
[RuleML]
RuleML: Rule Markup Language. URL: www.ruleml.org/
[SHACL]
Shapes Constraint Language (SHACL). Holger Knublauch; Dimitris Kontokostas. W3C. 20 July 2017. W3C Recommendation. URL: https://www.w3.org/TR/shacl/
[SKOS]
SKOS Simple Knowledge Organization System. URL: https://www.w3.org/TR/skos-reference/
[UseCases-Requirements]
DPV Use-Cases and Requirements. URL: https://w3id.org/dpv/use-cases