The Data Privacy Vocabulary [DPV] enables expressing machine-readable metadata about the use and processing of personal data based on legislative requirements such as the General Data Protection Regulation [GDPR]. This document describes the DPV specification along with its data model. The canonical URL for DPV is https://w3id.org/dpv which contains (this) specification. The namespace for DPV terms is https://w3id.org/dpv#, the suggested prefix is dpv, and this document along with source and releases are available at https://github.com/w3c/dpv.
Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing guide for further information.
GitHub Issues are preferred for
discussion of this specification.
1. DPV and Related Resources
Data Privacy Vocabulary (DPV) Specification: is the base/core specification for the 'Data Privacy Vocabulary', which is extended for Personal Data [PD], Locations [LOC], Risk Management [RISK], Technology [TECH], and [AI]. Specific [LEGAL] extensions are also provided which model jurisdiction specific regulations and concepts - see the complete list of extensions. To support understanding and applications of [DPV], various guides and resources [GUIDES] are provided, including a [PRIMER]. A Search Index of all concepts from DPV and extensions is available.
[DPV] and related resources are published on GitHub. For a general overview of the Data Protection Vocabularies and Controls Community Group [DPVCG], its history, deliverables, and activities - refer to DPVCG Website. For meetings, see the DPVCG calendar.
The peer-reviewed article “Creating A Vocabulary for Data Privacy” presents a historical overview of the DPVCG, and describes the methodology and structure of the DPV along with describing its creation. An open-access version can be accessed here, here, and here. The article Data Privacy Vocabulary (DPV) - Version 2, accepted for presentation at the 23rd International Semantic Web Conference (ISWC 2024), describes the changes made in DPV v2.
2. Introduction
The motivation of DPV is to provide a 'data model' or an 'ontology' of concepts for interoperable representation and exchange of information about processing of (personal) data and the use of technologies. For this, the DPV specification defines concepts and relationships using the [RDF] standard, and which can additionally be implemented and applied using technologies appropriate to a use-case's specific requirements.
The DPV specification contains several distinct groups of concepts, some of which are provided with a taxonomy of concepts to support practical use-cases. In addition to these, 'extensions' to the DPV are also provided which further extend one or more DPV concepts or enable separation of concepts - such as for distinguishing between different jurisdictions and laws. The figure below shows an overview of the DPV concepts along with its extensions.
2.1 Semantics
This document assumes the reader is familiar with DPV through the Primer for Data Privacy Vocabulary, and thus focuses on providing a topically structured documentation of concepts defined by DPV.
DPV's terms are defined using [RDFS] & [SKOS] semantics where all 'classes' and 'properties' are defined as skos:Concept in addition to rdfs:Class and rdf:Property respectively. For taxonomies or hierarchies, concepts are defined as 'instances' of a top-concept, and relationships within the hierarchy are defined using skos:broader/skos:narrower. For example, Purpose is the top concept within the purposes taxonomy, and all concepts in the purpose taxonomy are instances of it, and are related to each other using skos:broader/narrower relations, such as ServiceProvision and its more specific form RequestedServiceProvision are both instances of Purpose while being related to each other using skos:broader/narrower.
DPV serialised in OWL2 is an alternate serialisation of DPV that contains the same concepts but is provided under a different namespace with the semantics defined using [OWL]. The conversion from SKOS to OWL follows the best practices and concerns outlined in Using OWL and SKOS, e.g. by replacing skos:Concept with owl:Class, and using rdfs:subClassOf instead of skos:broader/skos:narrower. See the example showing implications of using SKOS vs OWL in the [PRIMER].
DPV consists of certain 'core concepts' that are intended to be independent representations of specific information, and are distinct from other core concepts. For example, the Purpose refers only to the purpose of why personal data is processed and is independent as a concept from the other concepts (e.g. PersonalData or LegalBasis). The structuring of DPV is based on providing rich and comprehensive taxonomies that group concepts together based on each core concept, e.g. taxonomy of purposes, taxonomy of legal basis. 'Extensions' are a separate group of concepts that expand the 'core' vocabulary to represent specific information e.g. [PD] for personal data categories and [RISK] for risk management.
2.2 Scope Change in v2
In DPV v1, the scope of the DPV and the DPVCG was limited to 'privacy', 'data protection', and the 'processing of personal data', including technologies used to perform it. Under this scope, the DPVCG discussed and modelled regulations such as the [EU-GDPR] which also share the same scope. Newer laws such as the [EU-DGA] and [EU-AIAct] share a significant overlap with this scope and necessitate their inclusion in DPVCG's activities. However, such laws utilise the same legal framework to model both personal and non-personal data (for DGA) or regulate a technology that goes beyond 'personal data' (DGA and AI Act). To enable their inclusion and representation as extensions to the DPV, and to enable adopters to utilise a single consistent framework to represent information, the scope of DPVCG and the DPV has been expanded as follows:
Expansion of scope to include 'data' and 'technologies' instead of only 'personal data' - this means concepts such as Purpose which were defined as purpose associated with 'personal data' are now defined as purpose associated with 'data or technologies'.
Creation of concepts to represent expanded scope - such as Data as the broader concept for both PersonalData and NonPersonalData.
Changing the scope of associated extensions such as [TECH] and [RISK] to be useful for any technology and activities and not just personal data related technologies and activities.
Creating [AI] as a new extension to specifically provide concepts associated with AI technologies.
Creating extensions to represent concepts from laws regarding 'data and technologies' based on the new concepts and extensions created e.g. [EU-DGA] and [EU-AIAct] extensions.
Creating new namespaces such as /legal/eu/gdpr instead of /dpv-gdpr to enable consisting and unambigious representation of legal extensions
Restructuring the GitHub repository to accommodate the changed structure of DPV extensions
In addition to the above, the v2 scope change also includes removal of the bespoke 'DPV serialisation' which was based on a custom extension of [SKOS]. Instead, the RDFS+SKOS serialisation has been made the default serialisation, and the alternate OWL2 serialisation is continued as before.
Note: Focus of DPVCG on privacy and data protection
Note: DPV v2 is backwards-compatible with DPV v1
2.3 Core Concepts
The 'Core' concepts and relationships in DPV represent and associate relevant information regarding the what, how, where, who, why of personal data and its processing. These are:
Risk & Impacts for risk assessment, management, and expression of consequences and impacts associated with processing.
Rights and Rights Exercise for specifying what rights are applicable, how they can be exercised, and how to provide information associated with rights.
Rules for expressing constraints, requirements, and other forms of rules that can specify or assist in interpreting what is permitted, prohibited, mandatory, etc.
In addition to these the Extensions section describes the available extensions which also provide additional taxonomies for specific concepts within the DPV.
3. Process
To 'group' the core concepts together within a specific use-case, the concept Process and relation hasProcess are useful (the concept PersonalDataHandling was used in earlier versions for the same). For example, a 'process' about a specific application can represent the associated purposes, personal data, legal basis, etc. using the relations and provided taxonomies. Involvement or association of a process is indicated with the relation hasProcess.
Note: PersonalDataHandling in v1 is replaced with Process in v2
The following processes categories are provided to indicate e.g. the process is or is not expected to involve personal data:
dpv:NonPersonalDataProcess: An action, activity, or method involving non-personal data, and asserting that no personal data is involved
go to full definition
dpv:PersonalDataHandling: An abstract concept describing 'personal data handling'
go to full definition
dpv:PersonalDataProcess: An action, activity, or method involving personal data
go to full definition
dpv:Service: A service is a process where one entity provides some benefit or assistance to another entity
go to full definition
3.1 Nested Processes
Instances of Process can be nested, which means one instance can contain other instances, much like a box with several smaller boxes inside. This permits breaking down complex or dense use-cases into more granular ones and representing them in a more precise and modular fashion. Such a representation also facilitates reuse of the granular or modular processes, or in defining 'templates' and 'patterns', for example to craft a single process representing collecting and storing email addresses and using it in different processes for different purposes.
From the earlier example, consider the situation where a single Process instance consists of two additional instances representing: (i) data is stored using a data processor, (ii) data is used for Marketing. While it is certainly possible to represent all of this information within one single instance of Process, the adopter may decide to create separate instances of Process based on requirements such as reflecting similar separations for legal documentation or accountability purposes.
3.2 Services
The concept Service is a general concept that represents the legal and social notion of 'service', similar to provided 'product' or 'application' or 'process', and does not represent the technical notion of services such as those associated with operating systems or 'cloud services'. Service is useful to indicate a logical grouping of processes into a single 'unit' which has legal relevance - such as a contract covering the service or the provision of a service.
Note: Service does not refer to technical service concepts
To indicate the entities involved in services, the concepts ServiceProvider and ServiceConsumer are defined along with the relations hasServiceProvider and hasServiceConsumer. Entities acting as providers and consumers can also be controllers or processors or data subjects. For example, a controller or processor may be the service provider for another controller who is the service consumer. Similarly, a processor may be the service provider for data subjects under the instructions of a data controller.
4. Entities
Note
Please refer to entities page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the entities concepts.
DPV relies on existing well-founded interpretations for its concepts, which in this case relate to Entity as a generic universal concept and LegalEntity specifically referring to roles defined legally or within legal norms. Expanding on these, DPV provides a taxonomy of entities based on their application within laws and use-cases in the form of Legal roles, such as DataController, DataSubject, and Authority. Later, these concepts are expanded into taxonomies for different kinds of entities categorised under a common concept. For example, categories of Data Subjects such as Adult, User, or Employee; or kinds of Authorities, or categories of Organisations.
dpv:LegalEntity: A human or non-human 'thing' that constitutes as an entity and which is recognised and defined in law
go to full definition
Legal Role is the role taken on by a legal entity based on definitions or criterias from laws, regulations, or other such normative sources. Legal roles assist in representing the role and responsibility of an entity within the context of processing, and from this to determine the requirements and obligations that should apply, and their compliance or conformance.
dpv:DataController: The individual or organisation that decides (or controls) the purpose(s) of processing personal data.
go to full definition
dpv:JointDataControllers: A group of Data Controllers that jointly determine the purposes and means of processing
go to full definition
dpv:DataExporter: An entity that 'exports' data where exporting is considered a form of data transfer
go to full definition
dpv:DataImporter: An entity that 'imports' data where importing is considered a form of data transfer
go to full definition
dpv:DataProcessor: A ‘processor’ means a natural or legal person, public authority, agency or other body which processes data on behalf of the controller.
go to full definition
dpv:DataSubProcessor: A 'sub-processor' is a processor engaged by another processor
go to full definition
dpv:ThirdParty: A ‘third party’ means any natural or legal person other than - the entities directly involved or operating under those directly involved in a process
go to full definition
dpv:ServiceConsumer: The entity that consumes or receives the service
go to full definition
The concept Authority is a specific Governmental Organisation authorised to enforce a law or regulation. Authorities can be associated with a specific domain, topic, or jurisdiction. DPV currently defines regional authorities for NationalAuthority, RegionalAuthority, and SupraNationalAuthority, and DataProtectionAuthority represents authorities associated with data protection and privacy. To associate authorities with concepts, the relations hasAuthority and isAuthorityFor are provided.
dpv:DataProtectionAuthority: An authority tasked with overseeing legal compliance regarding privacy and data protection laws.
go to full definition
dpv:NationalAuthority: An authority tasked with overseeing legal compliance for a nation
go to full definition
dpv:RegionalAuthority: An authority tasked with overseeing legal compliance for a region
go to full definition
dpv:SupraNationalAuthority: An authority tasked with overseeing legal compliance for a supra-national union e.g. EU
go to full definition
4.3 Organisation
DPV provides a taxonomy of organisations based on aspects such as whether they are non-profit, international, or governmental. These concepts are useful to accurately represent the nature of organisations.
dpv:AcademicScientificOrganisation: Organisations related to academia or scientific pursuits e.g. Universities, Schools, Research Bodies
go to full definition
dpv:ForProfitOrganisation: An organisation that aims to achieve profit as its primary goal
go to full definition
dpv:GovernmentalOrganisation: An organisation managed or part of government
go to full definition
dpv:IndustryConsortium: A consortium established and comprising on industry organisations
go to full definition
dpv:InternationalOrganisation: An organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries
go to full definition
dpv:NonGovernmentalOrganisation: An organisation not part of or independent from the government
go to full definition
dpv:NonProfitOrganisation: An organisation that does not aim to achieve profit as its primary goal
go to full definition
dpv:VulnerableDataSubject: Data Subjects which should be considered 'vulnerable' and therefore would require additional measures and safeguards
go to full definition
dpv:ElderlyDataSubject: Data subjects that are considered elderly (i.e. based on age)
go to full definition
dpv:MentallyVulnerableDataSubject: Data subjects that are considered mentally vulnerable
go to full definition
5. Purposes
Note
Please refer to purposes page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the purposes concepts.
DPV’s taxonomy of purposes is used to represent the goal or reason associated with processing of personal data and use of technologies. For this, purposes are organised within DPV based on several factors such as: management functions related to information (e.g. records, account, finance), fulfilment of objectives (e.g. delivery of goods), providing goods and services (e.g. service provision), intended benefits (e.g. optimisations for service provider or consumer), and legal compliance.
DPV provides a taxonomy of Purpose instances for use with hasPurpose relation. In addition, DPV also defines the concept Sector (associated using hasSector) to indicate a contextual interpretation of the purpose within a specified sector.
dpv:AccountManagement: Account Management refers to purposes associated with account management, such as to create, provide, maintain, and manage accounts
go to full definition
dpv:CommercialPurpose: Purposes associated with processing activities performed in a commercial setting or with intention to commercialise
go to full definition
dpv:CommercialResearch: Purposes associated with conducting research in a commercial setting or with intention to commercialise e.g. in a company or sponsored by a company
go to full definition
dpv:CommunicationManagement: Communication Management refers to purposes associated with providing or managing communication activities e.g. to send an email for notifying some information
go to full definition
dpv:CommunicationForCustomerCare: Customer Care Communication refers to purposes associated with communicating with customers for assisting them, resolving issues, ensuring satisfaction, etc. in relation to services provided
go to full definition
dpv:CustomerManagement: Customer Management refers to purposes associated with managing activities related with past, current, and future customers
go to full definition
dpv:CustomerCare: Customer Care refers to purposes associated with purposes for providing assistance, resolving issues, ensuring satisfaction, etc. in relation to services provided
go to full definition
dpv:CommunicationForCustomerCare: Customer Care Communication refers to purposes associated with communicating with customers for assisting them, resolving issues, ensuring satisfaction, etc. in relation to services provided
go to full definition
dpv:CustomerClaimsManagement: Customer Claims Management refers to purposes associated with managing claims, including repayment of monies owed
go to full definition
dpv:CustomerOrderManagement: Customer Order Management refers to purposes associated with managing customer orders i.e. processing of an order related to customer's purchase of good or services
go to full definition
dpv:CustomerRelationshipManagement: Customer Relationship Management refers to purposes associated with managing and analysing interactions with past, current, and potential customers
go to full definition
dpv:ImproveInternalCRMProcesses: Purposes associated with improving customer-relationship management (CRM) processes
go to full definition
dpv:CustomerSolvencyMonitoring: Customer Solvency Monitoring refers to purposes associated with monitor solvency of customers for financial diligence
go to full definition
dpv:CreditChecking: Purposes associated with monitoring, performing, or assessing credit worthiness or solvency
go to full definition
dpv:MaintainCreditCheckingDatabase: Purposes associated with maintaining a Credit Checking Database
go to full definition
dpv:MaintainCreditRatingDatabase: Purposes associated with maintaining a Credit Rating Database
go to full definition
dpv:EnforceSecurity: Purposes associated with ensuring and enforcing security for data, personnel, or other related matters
go to full definition
dpv:EnforceAccessControl: Purposes associated with conducting or enforcing access control as a form of security
go to full definition
dpv:IdentityAuthentication: Purposes associated with performing authentication based on identity as a form of security
go to full definition
dpv:MisusePreventionAndDetection: Prevention and Detection of Misuse or Abuse of services
go to full definition
dpv:FraudPreventionAndDetection: Purposes associated with fraud detection, prevention, and mitigation
go to full definition
dpv:CounterMoneyLaundering: Purposes associated with detection, prevention, and mitigation of mitigate money laundering
go to full definition
dpv:MaintainFraudDatabase: Purposes associated with maintaining a database related to identifying and identified fraud risks and fraud incidents
go to full definition
dpv:Verification: Purposes association with verification e.g. information, identity, integrity
go to full definition
dpv:AgeVerification: Purposes associated with verifying or authenticating age or age related information as a form of security
go to full definition
dpv:IdentityVerification: Purposes associated with verifying or authenticating identity as a form of security
go to full definition
dpv:EstablishContractualAgreement: Purposes associated with carrying out data processing to establish an agreement, such as for entering into a contract
go to full definition
dpv:FulfilmentOfObligation: Purposes associated with carrying out data processing to fulfill an obligation
go to full definition
dpv:FulfilmentOfContractualObligation: Purposes associated with carrying out data processing to fulfill a contractual obligation
go to full definition
dpv:LegalCompliance: Purposes associated with carrying out data processing to fulfill a legal or statutory obligation
go to full definition
dpv:ProtectionOfIPR: Purposes associated with the protection of intellectual property rights
go to full definition
dpv:HumanResourceManagement: Purposes associated with managing humans and 'human resources' within the organisation for effective and efficient operations.
go to full definition
dpv:PersonnelManagement: Purposes associated with management of personnel associated with the organisation e.g. evaluation and management of employees and intermediaries
go to full definition
dpv:PersonnelHiring: Purposes associated with management and execution of hiring processes of personnel
go to full definition
dpv:PersonnelPayment: Purposes associated with management and execution of payment of personnel
go to full definition
dpv:Marketing: Purposes associated with conducting marketing in relation to organisation or products or services e.g. promoting, selling, and distributing
go to full definition
dpv:Advertising: Purposes associated with conducting advertising i.e. process or artefact used to call attention to a product, service, etc. through announcements, notices, or other forms of communication
go to full definition
dpv:PersonalisedAdvertising: Purposes associated with creating and providing personalised advertising
go to full definition
dpv:TargetedAdvertising: Purposes associated with creating and providing personalised advertisement where the personalisation is targeted to a specific individual or group of individuals
go to full definition
dpv:DirectMarketing: Purposes associated with conducting direct marketing i.e. marketing communicated directly to the individual
go to full definition
dpv:PublicRelations: Purposes associated with managing and conducting public relations processes, including creating goodwill for the organisation
go to full definition
dpv:SocialMediaMarketing: Purposes associated with conducting marketing through social media
go to full definition
dpv:NonCommercialPurpose: Purposes associated with processing activities performed in a non-commercial setting or without intention to commercialise
go to full definition
dpv:NonCommercialResearch: Purposes associated with conducting research in a non-commercial setting e.g. for a non-profit-organisation (NGO)
go to full definition
dpv:OrganisationGovernance: Purposes associated with conducting activities and functions for governance of an organisation
go to full definition
dpv:DisputeManagement: Purposes associated with activities that manage disputes by natural persons, private bodies, or public authorities relevant to organisation
go to full definition
dpv:MemberPartnerManagement: Purposes associated with maintaining a registry of shareholders, members, or partners for governance, administration, and management functions
go to full definition
dpv:OrganisationComplianceManagement: Purposes associated with managing compliance for organisation in relation to internal policies
go to full definition
dpv:OrganisationRiskManagement: Purposes associated with managing risk for organisation's activities
go to full definition
dpv:Personalisation: Purposes associated with creating and providing customisation based on attributes and/or needs of person(s) or context(s).
go to full definition
dpv:PersonalisedAdvertising: Purposes associated with creating and providing personalised advertising
go to full definition
dpv:TargetedAdvertising: Purposes associated with creating and providing personalised advertisement where the personalisation is targeted to a specific individual or group of individuals
go to full definition
dpv:ServicePersonalisation: Purposes associated with providing personalisation within services or product or activities
go to full definition
dpv:PersonalisedBenefits: Purposes associated with creating and providing personalised benefits for a service
go to full definition
dpv:ProvidePersonalisedRecommendations: Purposes associated with creating and providing personalised recommendations
go to full definition
dpv:ProvideEventRecommendations: Purposes associated with creating and providing personalised recommendations for events
go to full definition
dpv:ProvideProductRecommendations: Purposes associated with creating and providing product recommendations e.g. suggest similar products
go to full definition
dpv:UserInterfacePersonalisation: Purposes associated with personalisation of interfaces presented to the user
go to full definition
dpv:PublicBenefit: Purposes undertaken and intended to provide benefit to public or society
go to full definition
dpv:CombatClimateChange: Purposes associated with combating the causes and consequences of climate change, including reducing gas emissions and fighting emergencies such as floods or wildfires
go to full definition
dpv:Counterterrorism: Purposes associated with activities that detect, prevent, mitigate, or otherwise perform activities to combat or eliminate terrorism (also referred to as anti-terrorism)
go to full definition
dpv:DataAltruism: Purposes associated with the voluntary sharing of data for the general interest of the public, such as healthcare or combating climate change
go to full definition
dpv:ImproveHealthcare: Purposes associated with improving healthcare systems such as for personalised treatments and curing chronic diseases
go to full definition
dpv:ImprovePublicServices: Purposes associated with improving the provision of public services, such as public safety, education or law enforcement
go to full definition
dpv:ImproveTransportMobility: Purposes associated with improving traffic, public transport systems or costs for drivers
go to full definition
dpv:ProtectionOfNationalSecurity: Purposes associated with the protection of national security
go to full definition
dpv:ProtectionOfPublicSecurity: Purposes associated with the protection of public security
go to full definition
dpv:ProvideOfficialStatistics: Purposes associated with facilitating the development, production and dissemination of reliable official statistics
go to full definition
dpv:PublicPolicyMaking: Purposes associated with public policy making, such as the development of new laws
go to full definition
dpv:RecordManagement: Purposes associated with manage creation, storage, and use of records relevant to operations, events, and processes e.g. to store logs or access requests
go to full definition
dpv:ResearchAndDevelopment: Purposes associated with conducting research and development for new methods, products, or services
go to full definition
dpv:AcademicResearch: Purposes associated with conducting or assisting with research conducted in an academic context e.g. within universities
go to full definition
dpv:CommercialResearch: Purposes associated with conducting research in a commercial setting or with intention to commercialise e.g. in a company or sponsored by a company
go to full definition
dpv:NonCommercialResearch: Purposes associated with conducting research in a non-commercial setting e.g. for a non-profit-organisation (NGO)
go to full definition
dpv:ScientificResearch: Purposes associated with scientific research
go to full definition
dpv:ServiceProvision: Purposes associated with providing service or product or activities
go to full definition
dpv:PaymentManagement: Purposes associated with processing and managing payment in relation to service, including invoicing and records
go to full definition
dpv:RepairImpairments: Purposes associated with identifying, rectifying, or otherwise undertaking activities intended to fix or repair impairments to existing functionalities
go to full definition
dpv:RequestedServiceProvision: Purposes associated with delivering services as requested by user or consumer
go to full definition
dpv:DeliveryOfGoods: Purposes associated with delivering goods and services requested or asked by consumer
go to full definition
dpv:SearchFunctionalities: Purposes associated with providing searching, querying, or other forms of information retrieval related functionalities
go to full definition
dpv:SellProducts: Purposes associated with selling products or services
go to full definition
dpv:SellDataToThirdParties: Purposes associated with selling or sharing data or information to third parties
go to full definition
dpv:SellInsightsFromData: Purposes associated with selling or sharing insights obtained from analysis of data
go to full definition
dpv:SellProductsToDataSubject: Purposes associated with selling products or services to the user, consumer, or data subjects
go to full definition
dpv:ServiceOptimisation: Purposes associated with optimisation of services or activities
go to full definition
dpv:OptimisationForConsumer: Purposes associated with optimisation of activities and services for consumer or user
go to full definition
dpv:OptimiseUserInterface: Purposes associated with optimisation of interfaces presented to the user
go to full definition
dpv:OptimisationForController: Purposes associated with optimisation of activities and services for provider or controller
go to full definition
dpv:ImproveExistingProductsAndServices: Purposes associated with improving existing products and services
go to full definition
dpv:ImproveInternalCRMProcesses: Purposes associated with improving customer-relationship management (CRM) processes
go to full definition
dpv:IncreaseServiceRobustness: Purposes associated with improving robustness and resilience of services
go to full definition
dpv:InternalResourceOptimisation: Purposes associated with optimisation of internal resource availability and usage for organisation
go to full definition
dpv:ServicePersonalisation: Purposes associated with providing personalisation within services or product or activities
go to full definition
dpv:PersonalisedBenefits: Purposes associated with creating and providing personalised benefits for a service
go to full definition
dpv:ProvidePersonalisedRecommendations: Purposes associated with creating and providing personalised recommendations
go to full definition
dpv:ProvideEventRecommendations: Purposes associated with creating and providing personalised recommendations for events
go to full definition
dpv:ProvideProductRecommendations: Purposes associated with creating and providing product recommendations e.g. suggest similar products
go to full definition
dpv:UserInterfacePersonalisation: Purposes associated with personalisation of interfaces presented to the user
go to full definition
dpv:ServiceRegistration: Purposes associated with registering users and collecting information required for providing a service
go to full definition
dpv:ServiceUsageAnalytics: Purposes associated with conducting analysis and reporting related to usage of services or products
go to full definition
dpv:TechnicalServiceProvision: Purposes associated with managing and providing technical processes and functions necessary for delivering services
go to full definition
dpv:VendorManagement: Purposes associated with manage orders, payment, evaluation, and prospecting related to vendors
go to full definition
dpv:VendorPayment: Purposes associated with managing payment of vendors
go to full definition
dpv:VendorRecordsManagement: Purposes associated with managing records and orders related to vendors
go to full definition
dpv:VendorSelectionAssessment: Purposes associated with managing selection, assessment, and evaluation related to vendors
go to full definition
6. Data & Personal Data
Note
Please refer to personal data page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the personal data concepts.
DPV provides the concept Data and relation hasData to indicate involvement or association of any data. The concept PersonalData and the relation hasPersonalData are provided to indicate what categories or instances of personal data are being processed. The DPV specification only provides a structure for describing personal data, e.g. as being sensitive. For specific categories of personal data for use-cases, Personal Data categories for DPV provides additional concepts that extend the DPV's personal data taxonomy. This separation is to enable adopters to decide whether the extension's concepts are useful to them, or to use other external vocabularies, or define their own.
In addition to Personal Data, there may be a need to represent Non-Personal Data within the same contextual use-cases. For this, DPV provides the concepts NonPersonalData and SyntheticData.
For indicating personal data which is sensitive, the concept SensitivePersonalData is provided. For indicating special categories of data, the concept SpecialCategoryPersonalData is provided. In this, the concept sensitive indicates that the data needs additional considerations (and perhaps caution) when processing, such as by increasing its security, reducing usage, or performing impact assessments. Special categories, by contrast, are a 'special' type of sensitive personal data requiring additional considerations or obligations defined in laws (or through other forms) that regulate how they should be used or prohibit their use until specific obligations are met.
To specify data is anonymised, DPV provides two concepts. AnonymisedData for when data is completely anonymised and cannot be de-anonymised, which is a subtype of NonPersonalData. And, PseudonymisedData for when data has only been partially anonymised or de-anonymisation is possible, which is a subtype of PersonalData.
DPV defines the following concepts for expressing information about data:
dpv:CollectedData: Data that has been obtained by collecting it from a source
go to full definition
dpv:CollectedPersonalData: Personal Data that has been collected from another source such as the Data Subject
go to full definition
dpv:ObservedPersonalData: Personal Data that has been collected through observation of the Data Subject(s)
go to full definition
dpv:ProvidedPersonalData: Personal Data that has been provided by an entity such as the Data Subject
go to full definition
dpv:ObservedData: Data that has been obtained through observations of a source
go to full definition
dpv:ObservedPersonalData: Personal Data that has been collected through observation of the Data Subject(s)
go to full definition
dpv:IntellectualPropertyData: Data protected by Intellectual Property rights and regulations
go to full definition
dpv:StatisticallyConfidentialData: Data protected through Statistical Confidentiality regulations and agreements
go to full definition
dpv:DerivedData: Data that has been obtained through derivations of other data
go to full definition
dpv:DerivedPersonalData: Personal Data that is obtained or derived from other data
go to full definition
dpv:InferredPersonalData: Personal Data that is obtained through inference from other data
go to full definition
dpv:InferredData: Data that has been obtained through inferences of other data
go to full definition
dpv:InferredPersonalData: Personal Data that is obtained through inference from other data
go to full definition
dpv:GeneratedData: Data that is generated or brought into existence without relation to existing data i.e. it is not derived or inferred from other data
go to full definition
dpv:SyntheticData: Synthetic data refers to artificially created data such that it is intended to resemble real data (personal or non-personal), but does not refer to any specific identified or identifiable individual, or to the real measure of an observable parameter in the case of non-personal data
go to full definition
dpv:IncorrectData: Data that is known to be incorrect or inconsistent with some requirements
go to full definition
dpv:AnonymisedData: Personal Data that has been (fully and completely) anonymised so that it is no longer considered Personal Data
go to full definition
dpv:PersonalData: Data directly or indirectly associated or related to an individual.
go to full definition
dpv:CollectedPersonalData: Personal Data that has been collected from another source such as the Data Subject
go to full definition
dpv:ObservedPersonalData: Personal Data that has been collected through observation of the Data Subject(s)
go to full definition
dpv:ProvidedPersonalData: Personal Data that has been provided by an entity such as the Data Subject
go to full definition
dpv:DerivedPersonalData: Personal Data that is obtained or derived from other data
go to full definition
dpv:InferredPersonalData: Personal Data that is obtained through inference from other data
go to full definition
dpv:GeneratedPersonalData: Personal Data that is generated or brought into existence without relation to existing data i.e. it is not derived or inferred from other data
go to full definition
dpv:IdentifyingPersonalData: Personal Data that explicitly and by itself is sufficient to identify a person
go to full definition
dpv:PseudonymisedData: Pseudonymised Data is data that has gone a partial or incomplete anonymisation process by replacing the identifiable information with artificial identifiers or 'pseudonyms', and is still considered as personal data
go to full definition
dpv:ContextuallyAnonymisedData: Data that can be considered as being fully anonymised within the context but in actuality is not fully anonymised and is still personal data as it can be de-anonymised outside that context
go to full definition
dpv:SensitivePersonalData: Personal data that is considered 'sensitive' in terms of privacy and/or impact, and therefore requires additional considerations and/or protection
go to full definition
dpv:SpecialCategoryPersonalData: Sensitive Personal Data whose use requires specific additional legal permission or justification
go to full definition
dpv:SensitiveNonPersonalData: Non-personal data deemed sensitive
go to full definition
dpv:SensitivePersonalData: Personal data that is considered 'sensitive' in terms of privacy and/or impact, and therefore requires additional considerations and/or protection
go to full definition
dpv:SpecialCategoryPersonalData: Sensitive Personal Data whose use requires specific additional legal permission or justification
go to full definition
dpv:UnverifiedData: Data that has not been verified in terms of accuracy, inconsistency, or quality
go to full definition
dpv:VerifiedData: Data that has been verified in terms of accuracy, consistency, or quality
go to full definition
7. Processing Operations
Note
Please refer to processing page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the processing concepts.
DPV’s taxonomy of processing concepts reflects the variety of terms used to denote processing activities or operations involving personal data, such as those from [GDPR] Article.4-2 definition of processing. Real-world use of terms associated with processing rarely uses this same wording or terms, except in cases of specific domains and in legal documentation. On the other hand, common terms associated with processing are generally restricted to: collect, use, store, share, and delete.
DPV provides a taxonomy that aligns both the legal terminologies such as those defined by GDPR with those commonly used. For this, concepts are organised based on whether they subsume other concepts, e.g. Use is a broad concept indicating data is used, which DPV extends to define specific processing concepts for Analyse, Consult, Profiling, and Retrieving. Through this mechanism, whenever an use-case indicates it consults some data, it can be inferred that it also uses that data.
For concepts related to expressing contextual information associated with processing, such as storage conditions, automation, scale, see Processing Context section.
dpv:Anonymise: to irreversibly alter personal data in such a way that an unique data subject can no longer be identified directly or indirectly or in combination with other data
go to full definition
Please refer to processing context page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the processing context concepts.
8.1 Processing & Storage Conditions
To describe conditions associated with processing, such as its duration, or specific locations, the concept ProcessingCondition provided and extended as ProcessingDuration and ProcessingLocation along with the relation hasProcessingCondition. Storage, which is a specific form of processing, has additional dedicated concepts as StorageCondition as it is a commonly used concept. The concepts are useful to describe processing and storage conditions in policies, conditions, rules, or documentation - which are important tools for implementing and determining data protection and privacy considerations as well as legal compliance.
dpv:AssistiveAutomation: Level of automation corresponding to Level 1 in ISO/IEC 22989:2022 where automation is limited to parts of the system or a specific part of the system in a manner that does not change the control of the human in using/driving the system
go to full definition
dpv:Autonomous: Level of automation corresponding to Level 6 in ISO/IEC 22989:2022 where the automation in system is capable of modifying its operation domain or its goals without external intervention, control or oversight
go to full definition
dpv:ConditionalAutomation: Level of automation corresponding to Level 3 in ISO/IEC 22989:2022 where the automation is sufficient to perform most tasks of the system with the human present to take over where necessary
go to full definition
dpv:FullAutomation: Level of automation corresponding to Level 5 in ISO/IEC 22989:2022 where the automation in system is capable of performing all its tasks regardless of the conditions without human involvement
go to full definition
dpv:HighAutomation: Level of automation corresponding to Level 4 in ISO/IEC 22989:2022 where the automation in system is capable of performing all its tasks within specific controlled conditions without human involvement
go to full definition
dpv:NotAutomated: Level of automation corresponding to Level 0 in ISO/IEC 22989:2022 where there is no automation in the system
go to full definition
dpv:PartialAutomation: Level of automation corresponding to Level 2 in ISO/IEC 22989:2022 where the automation is present in multiple parts of the system or in a manner that does not require the human to control/use these parts while still retaining control over the system
go to full definition
8.3 Entity/Human Involvement
To specify how entities are involved in processing and technologies, including humans, the concept EntityInvolvement is provided along with the relation hasEntityInvolvement. Involvement of entities is categorised as 'permissive' for entities being able to perform an activity, and 'non-permissive' for when entities cannot perform an activity. A taxonomy of concepts is provided for permissive and non-permissive involvements to describe scenarios such as entity being able to opt-in or not being able to opt-out, or being able to reverse the output of a process. Involvement is also categorised as 'passive' and 'active' based on whether the entity passively or actively interacts with a 'process' or 'technology'.
To specifically indicate how humans are involved, the concept HumanInvolvement is provided. The existing terms used such as 'human in/on/out-of the loop' are not used directly as they have conflicting and ambiguous definitions and uses across different documents. Instead, the DPV concepts provide an explicit and unambiguous indication of human involvement - such as whether they are involved to provide inputs, make decisions, have oversight, or verify processes.
dpv:EntityActiveInvolvement: Involvement where entity is 'actively' involved
go to full definition
dpv:EntityNonPermissiveInvolvement: Involvement of an entity in specific context where it is not permitted or able to do something
go to full definition
dpv:CannotChallengeProcess: Involvement where entity cannot challenge the process of specified context
go to full definition
dpv:CannotChallengeProcessInput: Involvement where entity cannot challenge input of specified context
go to full definition
dpv:CannotChallengeProcessOutput: Involvement where entity cannot challenge the output of specified context
go to full definition
dpv:CannotCorrectProcess: Involvement where entity cannot correct the process of specified context
go to full definition
dpv:CannotCorrectProcessInput: Involvement where entity cannot correct input of specified context
go to full definition
dpv:CannotCorrectProcessOutput: Involvement where entity cannot correct the output of specified context
go to full definition
dpv:CannotObjectToProcess: Involvement where entity cannot object to process of specified context
go to full definition
dpv:CannotOptInToProcess: Involvement where entity cannot opt-in to specified context
go to full definition
dpv:CannotOptOutFromProcess: Involvement where entity cannot opt-out from specified context
go to full definition
dpv:CannotReverseProcessEffects: Involvement where entity cannot reverse effects of specified context
go to full definition
dpv:CannotReverseProcessInput: Involvement where entity cannot reverse input of specified context
go to full definition
dpv:CannotReverseProcessOutput: Involvement where entity cannot reverse output of specified context
go to full definition
dpv:CannotWithdrawFromProcess: Involvement where entity cannot withdraw a previously given assent from specified context
go to full definition
dpv:EntityPassiveInvolvement: Involvement where entity is 'passively' or 'not actively' involved
go to full definition
dpv:EntityPermissiveInvolvement: Involvement of an entity in specific context where it is permitted or able to do something
go to full definition
dpv:ChallengingProcess: Involvement where entity can challenge the process of specified context
go to full definition
dpv:ChallengingProcessInput: Involvement where entity can challenge input of specified context
go to full definition
dpv:ChallengingProcessOutput: Involvement where entity can challenge the output of specified context
go to full definition
dpv:CorrectingProcess: Involvement where entity can correct the process of specified context
go to full definition
dpv:CorrectingProcessInput: Involvement where entity can correct input of specified context
go to full definition
dpv:CorrectingProcessOutput: Involvement where entity can correct the output of specified context
go to full definition
dpv:ObjectingToProcess: Involvement where entity can object to process of specified context
go to full definition
dpv:OptingInToProcess: Involvement where entity can opt-in to specified context
go to full definition
dpv:OptingOutFromProcess: Involvement where entity can opt-out from specified context
go to full definition
dpv:ReversingProcessEffects: Involvement where entity can reverse effects of specified context
go to full definition
dpv:ReversingProcessInput: Involvement where entity can reverse input of specified context
go to full definition
dpv:ReversingProcessOutput: Involvement where entity can reverse output of specified context
go to full definition
dpv:WithdrawingFromProcess: Involvement where entity can withdraw a previously given assent from specified context
go to full definition
dpv:HumanInvolvement: The involvement of humans in specified context
go to full definition
dpv:HumanInvolved: Humans are involved in the specified context
go to full definition
dpv:HumanInvolvementForControl: Human involvement for the purposes of exercising control over the specified operations in context
go to full definition
dpv:HumanInvolvementForDecision: Human involvement for the purposes of exercising decisions over the specified operations in context
go to full definition
dpv:HumanInvolvementForInput: Human involvement for the purposes of providing inputs to the specified context
go to full definition
dpv:HumanInvolvementForIntervention: Human involvement for the purposes of exercising interventions over the specified operations in context
go to full definition
dpv:HumanInvolvementForOversight: Human involvement for the purposes of having oversight over the specified context regarding its operations, inputs, or outputs
go to full definition
dpv:HumanInvolvementForVerification: Human involvement for the purposes of verification of specified context to ensure its operations, inputs, or outputs are correct or are acceptable.
go to full definition
dpv:HumanNotInvolved: Humans are not involved in the specified context
go to full definition
8.4 Data Source
The concept DataSource and relation hasDataSource indicate the source of data. Here, it is important to note that 'source' is distinct from 'origin', where source is where the data came from and origin refers to where the data originated from. Data originated from a data subject can be collected and shared one entity to another, where each entity has as its source the previous entity it obtained the data from.
dpv:DataControllerDataSource: Data Sourced from Data Controller(s), e.g. a Controller inferring data or generating data
go to full definition
dpv:DataSubjectDataSource: Data Sourced from Data Subject(s), e.g. when data is collected via a form or observed from their activities
go to full definition
dpv:DataPublishedByDataSubject: Data is published by the data subject
go to full definition
dpv:NonPublicDataSource: A source of data that is not publicly accessible or available
go to full definition
dpv:PublicDataSource: A source of data that is publicly accessible or available
go to full definition
dpv:ThirdPartyDataSource: Data Sourced from a Third Party, e.g. when data is collected from an entity that is neither the Controller nor the Data Subject
go to full definition
8.5 Monitoring, Scoring, Decision Making
To indicate the processing or technology is performing some kind of decision making, the concept DecisionMaking is provided. If the processing or technology is automated, the concept AutomatedDecisionMaking is provided. To describe the logic involved in decision making, the concept AlgorithmicLogic is provided. If the processing or technology is performing some evaluation or scoring (e.g. of individuals), the concept EvaluationScoring is provided. If the processing or technologies are performing 'systematic monitoring' of individuals, the concept SystematicMonitoring is provided.
Note: Concepts assisting in determining 'sensitive' and 'high-risk' applications
8.6 Scale of Processing
DPV provides (qualitative) scales for expressing Data Volume, Data subjects, and Geographical Coverage of processing. Along with these, DPV also provides a Processing Scale to express combinations of these. NOTE: The actual meaning or quantified amounts for each concept are not defined due to their interpretation based on contextual factors such as legislations, guidelines, domains, and variations across industries.
dpv:LargeScaleProcessing: Processing that takes place at large scales (as specified by some criteria)
go to full definition
dpv:MediumScaleProcessing: Processing that takes place at medium scales (as specified by some criteria)
go to full definition
dpv:SmallScaleProcessing: Processing that takes place at small scales (as specified by some criteria)
go to full definition
8.7 Technology
The concept Technology represents technologies involved e.g. those for processing of data, or for implementing technical and organisational measures. To indicate something is implemented using some technology, the relation isImplementedUsingTechnology is provided. To indicate which entity is implementing the specified context, the relation isImplementedByEntity is provided. The Technology concepts for DPV extension provides additional concepts to describe the technology such as involved actors, intended use, capabilities and functions, and documentation.
9. General Context
Note
Please refer to context page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the context concepts.
9.1 Duration, Frequency, Necessity
These concepts enable expressing information about Duration, Frequency, Applicability, Importance, and Necessity of a Context (which can be any other concept). In addition to these, the concept Justification is useful to provide justifications or reasons or explanations - such as for why something must take place or could not take place.
dpv:Applicability: Concept provided to represent indication of cases where the information or context is not applicable (N/A) or not available or this is not known or determined yet. If the information is applicable and available, this concept should not be used.
go to full definition
dpv:NotApplicable: Concept indicating the information or context is not applicable
go to full definition
dpv:NotAvailable: Concept indicating the information or context is applicable but information is not yet available
go to full definition
dpv:UnknownApplicability: Concept indicating information or context availability is unknown i.e. it is not known if the information exists or is applicable and therefore statements about its availability cannot be made (yet)
go to full definition
dpv:Unlawful: State of being unlawful or legally non-compliant
go to full definition
dpv:NonCompliant: State of non-compliance where objectives have not been met, but have not been violated
go to full definition
dpv:PartiallyCompliant: State of partially being compliant i.e. only some objectives have been met, and others have not been in violation
go to full definition
dpv:ConformanceStatus: Status associated with conformance to a standard, guideline, code, or recommendation
go to full definition
Please refer to Tech & Org measures page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the Tech & Org measures concepts.
DPV's taxonomy of tech/org measures are structured into four groups representing TechnicalMeasure such as encryption or deidentification which operate at a technical level, OrganisationalMeasure such as policies and training which operate at an organisational level, LegalMeasure which are organisational measures with legal enforcement such as contracts and NDAs, and PhysicalMeasure which are associated with physical aspects such as environmental protection and physical security. Each of these is provided with a taxonomy that expands upon the core idea to provide a rich list of measures that are intended to protect personal data and technologies (and its associated entities and consequences).
dpv:LegalMeasure: Legal measures used to safeguard and ensure good practices in connection with data and technologies
go to full definition
dpv:OrganisationalMeasure: Organisational measures used to safeguard and ensure good practices in connection with data and technologies
go to full definition
dpv:PhysicalMeasure: Physical measures used to safeguard and ensure good practices in connection with data and technologies
go to full definition
dpv:TechnicalMeasure: Technical measures used to safeguard and ensure good practices in connection with data and technologies
go to full definition
10.1 Technical Measures
dpv:AccessControlMethod: Methods which restrict access to a place or resource
go to full definition
dpv:UsageControl: Management of usage, which is intended to be broader than access control and may cover trust, digital rights, or other relevant controls
go to full definition
dpv:ActivityMonitoring: Monitoring of activities including assessing whether they have been successfully initiated and completed
go to full definition
dpv:AuthenticationProtocols: Protocols involving validation of identity i.e. authentication of a person or information
go to full definition
dpv:BiometricAuthentication: Use of biometric data for authentication
go to full definition
dpv:CryptographicAuthentication: Use of cryptography for authentication
go to full definition
dpv:Authentication-ABC: Use of Attribute Based Credentials (ABC) to perform and manage authentication
go to full definition
dpv:Authentication-PABC: Use of Privacy-enhancing Attribute Based Credentials (ABC) to perform and manage authentication
go to full definition
dpv:HashMessageAuthenticationCode: Use of HMAC where message authentication code (MAC) utilise a cryptographic hash function and a secret cryptographic key
go to full definition
dpv:MessageAuthenticationCodes: Use of cryptographic methods to authenticate messages
go to full definition
dpv:MultiFactorAuthentication: An authentication system that uses two or more methods to authenticate
go to full definition
dpv:PasswordAuthentication: Use of passwords to perform authentication
go to full definition
dpv:SingleSignOn: Use of credentials or processes that enable using one set of credentials to authenticate multiple contexts.
go to full definition
dpv:ZeroKnowledgeAuthentication: Authentication using Zero-Knowledge proofs
go to full definition
dpv:AuthorisationProtocols: Protocols involving authorisation of roles or profiles to determine permission, rights, or privileges
go to full definition
dpv:CryptographicMethods: Use of cryptographic methods to perform tasks
go to full definition
dpv:AsymmetricCryptography: Use of public-key cryptography or asymmetric cryptography involving a public and private pair of keys
go to full definition
dpv:CryptographicAuthentication: Use of cryptography for authentication
go to full definition
dpv:Authentication-ABC: Use of Attribute Based Credentials (ABC) to perform and manage authentication
go to full definition
dpv:Authentication-PABC: Use of Privacy-enhancing Attribute Based Credentials (ABC) to perform and manage authentication
go to full definition
dpv:HashMessageAuthenticationCode: Use of HMAC where message authentication code (MAC) utilise a cryptographic hash function and a secret cryptographic key
go to full definition
dpv:MessageAuthenticationCodes: Use of cryptographic methods to authenticate messages
go to full definition
dpv:CryptographicKeyManagement: Management of cryptographic keys, including their generation, storage, assessment, and safekeeping
go to full definition
dpv:DifferentialPrivacy: Utilisation of differential privacy where information is shared as patterns or groups to withhold individual elements
go to full definition
dpv:DigitalSignatures: Expression and authentication of identity through digital information containing cryptographic signatures
go to full definition
dpv:HashFunctions: Use of hash functions to map information or to retrieve a prior categorisation
go to full definition
dpv:HomomorphicEncryption: Use of Homomorphic encryption that permits computations on encrypted data without decrypting it
go to full definition
dpv:PostQuantumCryptography: Use of algorithms that are intended to be secure against cryptanalytic attack by a quantum computer
go to full definition
dpv:PrivacyPreservingProtocol: Use of protocols designed with the intention of provided additional guarantees regarding privacy
go to full definition
dpv:PrivateInformationRetrieval: Use of cryptographic methods to retrieve a record from a system without revealing which record is retrieved
go to full definition
dpv:QuantumCryptography: Cryptographic methods that utilise quantum mechanical properties to perform cryptographic tasks
go to full definition
dpv:SecretSharingSchemes: Use of secret sharing schemes where the secret can only be reconstructed through combination of sufficient number of individuals
go to full definition
dpv:SecureMultiPartyComputation: Use of cryptographic methods for entities to jointly compute functions without revealing inputs
go to full definition
dpv:SymmetricCryptography: Use of cryptography where the same keys are utilised for encryption and decryption of information
go to full definition
dpv:TrustedComputing: Use of cryptographic methods to restrict access and execution to trusted parties and code
go to full definition
dpv:TrustedExecutionEnvironment: Use of cryptographic methods to restrict access and execution to trusted parties and code within a dedicated execution environment
go to full definition
dpv:ZeroKnowledgeAuthentication: Authentication using Zero-Knowledge proofs
go to full definition
dpv:DataBackupProtocols: Protocols or plans for backing up of data
go to full definition
dpv:DataSanitisationTechnique: Cleaning or any removal or re-organisation of elements in data based on selective criteria
go to full definition
dpv:DataRedaction: Removal of sensitive information from a data or document
go to full definition
dpv:Deidentification: Removal of identity or information to reduce identifiability
go to full definition
dpv:Anonymisation: Anonymisation is the process by which data is irreversibly altered in such a way that a data subject can no longer be identified directly or indirectly, either by the entity holding the data alone or in collaboration with other entities and information sources
go to full definition
dpv:Pseudonymisation: Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
go to full definition
dpv:DeterministicPseudonymisation: Pseudonymisation achieved through a deterministic function
go to full definition
dpv:DocumentRandomisedPseudonymisation: Use of randomised pseudonymisation where the same elements are assigned different values in the same document or database
go to full definition
dpv:FullyRandomisedPseudonymisation: Use of randomised pseudonymisation where the same elements are assigned different values each time they occur
go to full definition
dpv:MonotonicCounterPseudonymisation: A simple pseudonymisation method where identifiers are substituted by a number chosen by a monotonic counter
go to full definition
dpv:RNGPseudonymisation: A pseudonymisation method where identifiers are substituted by a number chosen by a Random Number Generator (RNG)
go to full definition
dpv:DigitalRightsManagement: Management of access, use, and other operations associated with digital content
go to full definition
dpv:AsymmetricEncryption: Use of asymmetric cryptography to encrypt data
go to full definition
dpv:EncryptionAtRest: Encryption of data when being stored (persistent encryption)
go to full definition
dpv:EncryptionInTransfer: Encryption of data in transit e.g. when being transferred from one location to another, including sharing
go to full definition
dpv:EndToEndEncryption: Encrypted communications where data is encrypted by the sender and decrypted by the intended receiver to prevent access to any third party
go to full definition
dpv:SymmetricEncryption: Use of symmetric cryptography to encrypt data
go to full definition
dpv:InformationFlowControl: Use of measures to control information flows
go to full definition
dpv:SecurityMethod: Methods that relate to creating and providing security
go to full definition
dpv:DistributedSystemSecurity: Security implementations provided using or over a distributed system
go to full definition
dpv:DocumentSecurity: Security measures enacted over documents to protect against tampering or restrict access
go to full definition
dpv:FileSystemSecurity: Security implemented over a file system
go to full definition
dpv:HardwareSecurityProtocols: Security protocols implemented at or within hardware
go to full definition
dpv:IntrusionDetectionSystem: Use of measures to detect intrusions and other unauthorised attempts to gain access to a system
go to full definition
dpv:MobilePlatformSecurity: Security implemented over a mobile platform
go to full definition
dpv:NetworkSecurityProtocols: Security implemented at or over networks protocols
go to full definition
dpv:OperatingSystemSecurity: Security implemented at or through operating systems
go to full definition
dpv:PenetrationTestingMethods: Use of penetration testing to identify weaknesses and vulnerabilities through simulations
go to full definition
dpv:UseSyntheticData: Use of synthetic data to preserve privacy, security, or other effects and side-effects
go to full definition
dpv:VirtualisationSecurity: Security implemented at or through virtualised environments
go to full definition
dpv:VulnerabilityTestingMethods: Methods that assess or discover vulnerabilities in a system
go to full definition
dpv:WebBrowserSecurity: Security implemented at or over web browsers
go to full definition
dpv:WebSecurityProtocols: Security implemented at or over web-based protocols
go to full definition
dpv:WirelessSecurityProtocols: Security implemented at or over wireless communication protocols
go to full definition
10.2 Organisational Measures
dpv:Assessment: The document, plan, or process for assessment or determination towards a purpose e.g. assessment of legality or impact assessments
go to full definition
dpv:ComplianceAssessment: Assessment regarding compliance (e.g. internal policy, regulations)
go to full definition
dpv:LegalComplianceAssessment: Assessment regarding legal compliance
go to full definition
dpv:ConformanceAssessment: Assessment regarding conformance with standards or norms or guidelines or similar instruments
go to full definition
dpv:DataInteroperabilityAssessment: Measures associated with assessment of data interoperability
go to full definition
dpv:DataQualityAssessment: Measures associated with assessment of data quality
go to full definition
dpv:EffectivenessDeterminationProcedures: Procedures intended to determine effectiveness of other measures
go to full definition
dpv:LegitimateInterestAssessment: Indicates an assessment regarding the use of legitimate interest as a lawful basis by the data controller
go to full definition
dpv:CertificationSeal: Certifications, seals, and marks indicating compliance to regulations or practices
go to full definition
dpv:Certification: Certification mechanisms, seals, and marks for the purpose of demonstrating compliance
go to full definition
dpv:Seal: A seal or a mark indicating proof of certification to some certification or standard
go to full definition
dpv:Consultation: Consultation is a process of receiving feedback, advice, or opinion from an external agency
go to full definition
dpv:ConsultationWithAuthority: Consultation with an authority or authoritative entity
go to full definition
dpv:ConsultationWithDataSubject: Consultation with data subject(s) or their representative(s)
go to full definition
dpv:ConsultationWithDataSubjectRepresentative: Consultation with representative of data subject(s)
go to full definition
dpv:ConsultationWithDPO: Consultation with Data Protection Officer(s)
go to full definition
dpv:DigitalLiteracy: Providing skills, knowledge, and understanding to enable reading, writing, analysing, reasoning, and communicating regarding digital technologies and their implications
go to full definition
dpv:AILiteracy: Providing skills, knowledge, and understanding to enable reading, writing, analysing, reasoning, and communicating regarding AI
go to full definition
dpv:DataLiteracy: Providing skills, knowledge, and understanding to enable reading, writing, analysing, reasoning, and communicating regarding data
go to full definition
dpv:GovernanceProcedures: Procedures related to governance (e.g. organisation, unit, team, process, system)
go to full definition
dpv:AssetManagementProcedures: Procedures related to management of assets
go to full definition
dpv:ComplianceMonitoring: Monitoring of compliance (e.g. internal policy, regulations)
go to full definition
dpv:DisasterRecoveryProcedures: Procedures related to management of disasters and recovery
go to full definition
dpv:IncidentManagementProcedures: Procedures related to management of incidents
go to full definition
dpv:IncidentReportingCommunication: Procedures related to management of incident reporting
go to full definition
dpv:Policy: A guidance document outlining any of: procedures, plans, principles, decisions, intent, or protocols.
go to full definition
dpv:DataProcessingPolicy: Policy regarding data processing activities
go to full definition
dpv:MonitoringPolicy: Policy for monitoring (e.g. progress, performance)
go to full definition
dpv:RecertificationPolicy: Policy regarding repetition or renewal of existing certification(s)
go to full definition
dpv:ReviewProcedure: A procedure or process that reviews the correctness and validity of other procedures and policies e.g. to ensure continued validity, adequacy for intended purposes, and conformance of processes with findings
go to full definition
dpv:ReviewImpactAssessment: Procedures to review impact assessments in terms of continued validity, adequacy for intended purposes, and conformance of processes with findings
go to full definition
dpv:StandardsConformance: Purposes associated with activities undertaken to ensure or achieve conformance with standards
go to full definition
dpv:GuidelinesPrinciple: Guidelines or Principles regarding processing and operational measures
go to full definition
dpv:CodeOfConduct: A set of rules or procedures outlining the norms and practices for conducting activities
go to full definition
dpv:DesignStandard: A set of rules or guidelines outlining criterias for design
go to full definition
dpv:Guideline: Practices that specify how activities must be conducted
go to full definition
dpv:Principle: A representation of values or norms that must be taken into consideration when conducting activities
go to full definition
dpv:PrivacyByDefault: Practices regarding setting the default configurations of information and services to implement data protection and privacy (synonymous with Data Protection by Default)
go to full definition
dpv:PrivacyByDesign: Practices regarding incorporating data protection and privacy in the design of information and services (synonymous with Data Protection by Design)
go to full definition
dpv:Notice: A notice is an artefact for providing information, choices, or controls
go to full definition
dpv:DataTransferNotice: Notice for the legal entity for the transfer of its data
go to full definition
dpv:PrivacyNotice: Represents a notice or document outlining information regarding privacy
go to full definition
dpv:ConsentNotice: A Notice for information provision associated with Consent
go to full definition
dpv:SecurityIncidentNotice: A notice providing information about security incident(s)
go to full definition
dpv:DataBreachNotice: A notice providing information about data breach(es) i.e. unauthorised transfer, access, use, or modification of data
go to full definition
dpv:Notification: Notification represents the provision of a notice i.e. notifying
go to full definition
dpv:SecurityIncidentNotification: Notification of information about security incident(s)
go to full definition
dpv:DataBreachNotification: Notification of information about data breach(es) i.e. unauthorised transfer, access, use, or modification of data
go to full definition
dpv:RecordsOfActivities: Records of activities within some context such as maintenance tasks or governance functions
go to full definition
dpv:RightsManagement: Methods associated with rights management where 'rights' refer to controlling who can do what with a resource
go to full definition
dpv:DataSubjectRightsManagement: Methods to provide, implement, and exercise data subjects' rights
go to full definition
dpv:IPRManagement: Management of Intellectual Property Rights with a view to identify and safeguard and enforce them
go to full definition
dpv:PermissionManagement: Methods to obtain, provide, modify, and withdraw permissions along with maintaining a record of permissions, retrieving records, and processing changes in permission states
go to full definition
dpv:ConsentManagement: Methods to obtain, provide, modify, and withdraw consent along with maintaining a record of consent, retrieving records, and processing changes in consent states
go to full definition
dpv:Safeguard: A safeguard is a precautionary measure for the protection against or mitigation of negative effects
go to full definition
dpv:RegulatorySandbox: Mechanism used by regulators and businesses for gauging the compatibility of regulations and innovative products, particularly in the context of digitalisation, in a controlled real-world environment with appropriate safeguards in place
go to full definition
dpv:SafeguardForDataTransfer: Represents a safeguard used for data transfer. Can include technical or organisational measures.
go to full definition
dpv:SecurityProcedure: Procedures associated with assessing, implementing, and evaluating security
go to full definition
dpv:AuthorisationProcedure: Procedures for determining authorisation through permission or authority
go to full definition
dpv:CredentialManagement: Management of credentials and their use in authorisations
go to full definition
dpv:IdentityManagementMethod: Management of identity and identity-based processes
go to full definition
dpv:BackgroundChecks: Procedure where the background of an entity is assessed to identity vulnerabilities and threats due to their current or intended role
go to full definition
dpv:DataSecurityManagement: Measures associated with management of data security
go to full definition
dpv:SecureProcessingEnvironment: A physical or virtual environment supported by organisational means that integrates security and compliance requirements and allows supervising data processing actions
go to full definition
dpv:SecurityRoleProcedures: Procedures related to security roles
go to full definition
dpv:ThirdPartySecurityProcedures: Procedures related to security associated with Third Parties
go to full definition
dpv:StaffTraining: Practices and policies regarding training of staff members
go to full definition
dpv:CybersecurityTraining: Training methods related to cybersecurity
go to full definition
dpv:DataProtectionTraining: Training intended to increase knowledge regarding data protection
go to full definition
dpv:EducationalTraining: Training methods that are intended to provide education on topic(s)
go to full definition
dpv:ProfessionalTraining: Training methods that are intended to provide professional knowledge and expertise
go to full definition
dpv:SecurityKnowledgeTraining: Training intended to increase knowledge regarding security
go to full definition
dpv:SupportEntityDecisionMaking: Supporting entities, including individuals, in making decisions
go to full definition
dpv:SupportContractNegotiation: Supporting entities, including individuals, with negotiating a contract and its terms and conditions
go to full definition
dpv:SupportExchangeOfViews: Supporting individuals and entities in exchanging views e.g. regarding data processing purposes for their best interests
go to full definition
dpv:SupportInformedConsentDecision: Supporting individuals with making a decision regarding their informed consent
go to full definition
dpv:ConfidentialityAgreement: Agreements that enforce confidentiality for e.g. to protect business, professional, or company secrets
go to full definition
dpv:ContractualTerms: Contractual terms governing data handling within or with an entity
go to full definition
dpv:Licence: A Legal Document providing permission to utilise data or resource and outlining the conditions under which such use is considered valid
go to full definition
dpv:DataProcessingAgreement: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of data
go to full definition
dpv:ControllerProcessorAgreement: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of data between a Data Controller and a Data Processor
go to full definition
dpv:JointDataControllersAgreement: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of data between Controllers within a Joint Controllers relationship
go to full definition
dpv:SubProcessorAgreement: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of data between a Data Processor and a Data (Sub-)Processor
go to full definition
dpv:ThirdPartyAgreement: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of data between a Data Controller or Processor and a Third Party
go to full definition
dpv:NDA: Non-disclosure Agreements e.g. preserving confidentiality of information
go to full definition
dpv:StatisticalConfidentialityAgreement: An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for classification and management of 'confidential data' based on a statistical framework
go to full definition
10.4 Physical Measures
dpv:EnvironmentalProtection: Physical protection against environmental threats such as fire, floods, storms, etc.
go to full definition
dpv:PhysicalAuthentication: Physical implementation of authentication e.g. by matching the person to their ID card
go to full definition
dpv:PhysicalAuthorisation: Physical implementation of authorisation e.g. by stamping a visitor pass
go to full definition
dpv:PhysicalDeviceSecurity: Physical protection for devices and equipment
go to full definition
dpv:PhysicalInterceptionProtection: Physical protection against interception e.g. by posting a guard
go to full definition
dpv:PhysicalInterruptionProtection: Physical protection against interruptions e.g. electrical supply interruption
go to full definition
dpv:PhysicalNetworkSecurity: Physical protection for networks and networking related infrastructure e.g. by isolating networking equipments
go to full definition
dpv:PhysicalSecureStorage: Physical protection for storage of information or equipment e.g. secure storage for files
go to full definition
dpv:PhysicalSupplySecurity: Physically securing the supply of resources
go to full definition
dpv:PhysicalSurveillance: Physically monitoring areas via surveillance
go to full definition
11. Legal Bases
Note
Please refer to legal basis page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the legal basis concepts.
DPV provides the following categories of legal bases based on [GDPR] Article 6: consent of the data subject, contract, compliance with legal obligation, protecting vital interests of individuals, legitimate interests, public interest, and official authorities. Though derived from GDPR, these concepts can be applied for other jurisdictions and general use-cases. The legal bases are represented by the concept LegalBasis and associated using the relation hasLegalBasis.
When declaring a legal basis, it is important to denote under what law or jurisdiction that legal basis applies. For instance, using Consent as a legal basis has different obligations and requirements in EU (i.e. [GDPR]) as compared to other jurisdictions. Therefore, unless the information is to be implicitly interpreted through some specific legal lens or jurisdictional law, DPV recommends indicating the specific law or legal clause associated with the legal basis so as to scope its interpretation. This can be done using the relation hasJurisdiction or hasApplicableLaw.
Extensions enable further extending the legal bases with jurisdiction-specific concepts. For example, the [EU-GDPR] and [EU-DGA] extensions provide legal bases from [GDPR] and [DGA] respectively. We welcome similar contributions for extending the GDPR extension as well as creating extensions for other laws and domains.
Currently, only the Consent legal basis has additional information (e.g. status, types) modelled within the taxonomy. Similar concepts should be added for other legal bases.
(Update 2024-05-17) The legal bases in DPV based on GDPR are:
Consent
Contract
Data Subject Contract
Data Processor Contract
Data Controller Contract
Third Party Contract
Contract Performance
Enter Into Contract
Data Transfer Legal Basis
Legal Obligation
Legitimate Interest
Legitimate Interest of Controller
Legitimate Interest of Third Party
Legitimate Interest of Data Subject
Official Authority of Controller
Public Interest
Vital Interest
Vital Interest of Data Subject
Vital Interest of Natural Person
dpv:Contract: Creation, completion, fulfilment, or performance of a contract involving specified processing of data or technologies
go to full definition
dpv:ContractPerformance: Fulfilment or performance of a contract involving specified processing of data or technologies
go to full definition
dpv:DataControllerContract: Creation, completion, fulfilment, or performance of a contract, with Data Controllers as parties being Joint Data Controllers, and involving specified processing of data or technologies
go to full definition
dpv:DataProcessorContract: Creation, completion, fulfilment, or performance of a contract, with the Data Controller and Data Processor as parties, and involving specified processing of data or technologies
go to full definition
dpv:DataSubjectContract: Creation, completion, fulfilment, or performance of a contract, with the Data Controller and Data Subject as parties, and involving specified processing of data or technologies
go to full definition
dpv:EnterIntoContract: Processing necessary to enter into contract
go to full definition
dpv:ThirdPartyContract: Creation, completion, fulfilment, or performance of a contract, with the Data Controller and Third Party as parties, and involving specified processing of data or technologies
go to full definition
dpv:LegalBasis: Legal basis used to justify processing of data or use of technology in accordance with a law
go to full definition
dpv:Consent: Consent of the Data Subject for specified process or activity
go to full definition
dpv:DataTransferLegalBasis: Specific or special categories and instances of legal basis intended for justifying data transfers
go to full definition
dpv:LegalObligation: Legal Obligation to conduct the specified activities
go to full definition
dpv:LegitimateInterest: Legitimate Interests of a Party as justification for specified activities
go to full definition
dpv:LegitimateInterestOfController: Legitimate Interests of a Data Controller in conducting specified activities
go to full definition
dpv:LegitimateInterestOfDataSubject: Legitimate Interests of the Data Subject in conducting specified activities
go to full definition
dpv:LegitimateInterestOfThirdParty: Legitimate Interests of a Third Party in conducting specified activities
go to full definition
dpv:OfficialAuthorityOfController: Activities are necessary or authorised through the official authority granted to or vested in the Data Controller
go to full definition
dpv:PublicInterest: Activities are necessary or beneficial for interest of the public or society at large
go to full definition
dpv:VitalInterest: Activities are necessary or required to protect vital interests of a data subject or other natural person
go to full definition
dpv:VitalInterestOfNaturalPerson: Activities are necessary or required to protect vital interests of a natural person
go to full definition
dpv:VitalInterestOfDataSubject: Activities are necessary or required to protect vital interests of a data subject
go to full definition
11.1 Consent
Consent in DPV is a specific legal basis representing information associated with consent rather than only given consent. Common information associated with consent includes tasks such as keeping track of whether "consent has been given/obtained", "issuing a consent request", and "withdrawing consent", as well as expressing requirements through terms such as "informed" and "explicit". To assist with representing these concepts as well as keeping records about how they are being applied, DPV provides the following consent concepts.
Consent - a type of legal basis representing consent of the individual.
Consent Controls - to indicate information about how to obtain or provide or reaffirm consent.
To indicate the duration or validity of a given consent instance, the existing contextual relation hasDuration along with specific forms of Duration can be used. For example, to indicate consent is valid until a specific event such as account closure, the duration subtype UntilEventDuration can be used with additional instantiation or annotation to indicate more details about the event (in this case the closure of account). Similarly, UntilTimeDuration indicates validity until a specific time instance or timestamp (e.g. 31 December 2022), and TemporalDuration indicates a relative time duration (e.g. 6 months). To indicate validity without an end condition, EndlessDuration can be used. To indicate the notice used for informed consent, the concept ConsentNotice is provided, which can be used with the relation hasNotice.
To specify consent provided by delegation, such as in the case of a parent or guardian providing consent for/with a child, the isIndicatedBy relation can be used to associate the parent or guardian responsible for providing consent (or its affirmation). Since by default the consent is presumed to be provided by the individual, when such individuals are associated with their consent, i.e. through hasDataSubject, the additional information provided by isIndicatedBy can be considered redundant and is often omitted.
ConsentControl represents information about how to exercise a control regarding consent. To indicate how an organisation obtains consent, the concept ObtainConsent is provided. Its corresponding concept ProvideConsent specifies how a data subject can indicate their consent (decision). The concept ReaffirmConsent is used to indicate how to perform reaffirmation or confirmation of a previous control (e.g. provide or obtain consent). To associate consent controls, the relation hasConsentControl is provided. Consent controls are defined by extending relevant EntityInvolvement concepts OptingIntoProcess and WithdrawingFromProcess.
Note: Guide on implementing consent records as per ISO/IEC TS 27560:2023
This is a companion issue along with #90 Implementing ISO/IEC 27560 Consent Records.
11.1.1 Consent Types
dpv:InformedConsent: Consent that is informed i.e. with the requirement to provide sufficient information to make a consenting decision
go to full definition
dpv:ExpressedConsent: Consent that is expressed through an action intended to convey a consenting decision
go to full definition
dpv:ExplicitlyExpressedConsent: Consent that is expressed through an explicit action solely conveying a consenting decision
go to full definition
dpv:ImpliedConsent: Consent that is implied indirectly through an action not associated solely with conveying a consenting decision
go to full definition
dpv:UninformedConsent: Consent that is uninformed i.e. without requirement to provide sufficient information to make a consenting decision
go to full definition
11.1.2 Consent Status
dpv:ConsentStatusInvalidForProcessing: States of consent that cannot be used as valid justifications for processing data
go to full definition
dpv:ConsentExpired: The state where the temporal or contextual validity of consent has 'expired'
go to full definition
dpv:ConsentInvalidated: The state where consent has been deemed to be invalid
go to full definition
dpv:ConsentRequestDeferred: State where a request for consent has been deferred without a decision
go to full definition
dpv:ConsentRequested: State where a request for consent has been made and is awaiting a decision
go to full definition
dpv:ConsentRevoked: The state where the consent is revoked by an entity other than the data subject and which prevents it from being further used as a valid state
go to full definition
dpv:ConsentUnknown: State where information about consent is not available or is unknown
go to full definition
dpv:ConsentWithdrawn: The state where the consent is withdrawn or revoked specifically by the data subject and which prevents it from being further used as a valid state
go to full definition
dpv:ConsentStatusValidForProcessing: States of consent that can be used as valid justifications for processing data
go to full definition
dpv:RenewedConsentGiven: The state where a previously given consent has been 'renewed' or 'refreshed' or 'reaffirmed' to form a new instance of given consent
go to full definition
Please refer to location & jurisdiction page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the location & jurisdiction concepts.
To define contextual location concepts, such as there being several locations, or that the location is 'local' to an event, DPV provides two concepts. LocationFixture specifies whether the location is 'fixed' or 'deterministic', with subtypes for fixed single, fixed multiple, and variable locations. LocationLocality specifies whether the location is 'local' within the context, with subtypes for local, remote, within a device, or in cloud.
To represent locations as jurisdictions, the relation hasJurisdiction is provided. The concept Law represents an official or authoritative law or regulation created by a government or an authority. To indicate applicability of laws within a jurisdiction, the relation hasApplicableLaw is provided.
The Legal Jurisdiction-relevant concepts for DPV provides taxonomies extending these concepts, such as to represent specific countries, their laws, authorities, memberships, adequacy decisions, and other information.
dpv:Law: A law is a set of rules created by government or authorities
go to full definition
dpv:Location: A location is a position, site, or area where something is located
go to full definition
dpv:Country: A political entity indicative of a sovereign or non-sovereign territorial state comprising of distinct geographical areas
go to full definition
dpv:Region: A region is an area or site that is considered a location
go to full definition
dpv:City: A region consisting of urban population and commerce
go to full definition
dpv:ThirdCountry: Represents a country outside applicable or compatible jurisdiction as outlined in law
go to full definition
dpv:EconomicUnion: A political union of two or more countries based on economic or trade agreements
go to full definition
dpv:LocationLocality: Locality refers to whether the specified location is local within some context, e.g. for the user
go to full definition
dpv:CloudLocation: Location that is in the 'cloud' i.e. a logical location operated over the internet
go to full definition
dpv:SupraNationalUnion: A political union of two or more countries with an establishment of common authority
go to full definition
dpv:LocationFixture: The fixture of location refers to whether the location is fixed
go to full definition
dpv:DecentralisedLocations: Location that is spread across multiple separate areas with no distinction between their importance
go to full definition
dpv:FederatedLocations: Location that is federated across multiple separate areas with designation of a primary or central location
go to full definition
dpv:FixedLocation: Location that is fixed i.e. known to occur at a specific place
go to full definition
dpv:FixedMultipleLocations: Location that is fixed with multiple places e.g. multiple cities
go to full definition
dpv:FixedSingularLocation: Location that is fixed at a specific place e.g. a city
go to full definition
dpv:VariableLocation: Location that is known but is variable e.g. somewhere within a given area
go to full definition
13. Risk and Impact Assessment
Note
Please refer to risk page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the risk concepts.
For risk management, DPV's provides a lightweight risk ontology based on commonly utilised concepts regarding risk mitigation and risk management. While these concepts permit rudimentary association of risks and mitigations within a use-case, it is important to note that DPV (currently)
does not provide comprehensive concepts for risk management.
For more developed representations of risk assessment, mitigation, and management vocabularies, we suggest the adoption of relevant standards, such as the ISO/IEC 31000 series, and welcome contribution for their representation within DPV through Risk Assessment and Management concepts for DPV.
dpv:Consequence: The consequence(s) possible or arising from specified context
go to full definition
dpv:ConsequenceAsSideEffect: The consequence(s) possible or arising as a side-effect of specified context
go to full definition
dpv:ConsequenceOfFailure: The consequence(s) possible or arising from failure of specified context
go to full definition
dpv:ConsequenceOfSuccess: The consequence(s) possible or arising from success of specified context
go to full definition
dpv:Impact: The impact(s) possible or arising as a consequence from specified context
go to full definition
dpv:Likelihood: The likelihood or probability or chance of something taking place or occuring
go to full definition
dpv:Risk: A risk or possibility or uncertainty of negative effects, impacts, or consequences
go to full definition
dpv:ResidualRisk: Risk remaining after treatment or mitigation
go to full definition
dpv:RiskAssessment: Assessment involving identification, analysis, and evaluation of risk
go to full definition
dpv:ImpactAssessment: Calculating or determining the likelihood of impact of an existing or proposed process, which can involve risks or detriments.
go to full definition
dpv:DataTransferImpactAssessment: Impact Assessment for conducting data transfers
go to full definition
dpv:RightsImpactAssessment: Impact assessment which involves determining the impact on rights and freedoms
go to full definition
dpv:DataBreachImpactAssessment: Impact Assessment concerning the consequences and impacts of a data breach
go to full definition
dpv:DPIA: Impact assessment determining the potential and actual impact of processing activities on individuals or groups of individuals and taking into account the impacts of activities on their rights and freedoms
go to full definition
dpv:FRIA: Impact assessment which assesses the potential and actual impact on fundamental rights occuring due to processing activities
go to full definition
dpv:SecurityAssessment: Assessment of security intended to identity gaps, vulnerabilities, risks, and effectiveness of controls
go to full definition
dpv:CybersecurityAssessment: Assessment of cybersecurity capabilities in terms of vulnerabilities and effectiveness of controls
go to full definition
dpv:RiskLevel: The magnitude of a risk expressed as an indication to aid in its management
go to full definition
dpv:RiskMitigationMeasure: Measures intended to mitigate, minimise, or prevent risk.
go to full definition
dpv:Severity: The magnitude of being unwanted or having negative effects such as harmful impacts
go to full definition
dpv:SensitivityLevel: Sensitivity' reflects the risk of impact if not secured or utilised with appropriate measures and controls e.g. for sensitive data
go to full definition
14. Rights and Rights Exercise
Note
Please refer to rights page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the rights concepts.
The concept Right represents a normative concept for what is permissible or necessary in accordance with a system such as laws. To associate rights with concepts that are relevant or within which those rights occur, the relation hasRight is used. Rights can be passive, which means they are always applicable without requiring anything to be done, or active where they require some action to be taken to initiate or exercise them. To represent these concepts, DPV uses PassiveRight and ActiveRight respectively. Rights can be applicable to different contexts or entities. To differentiate rights applicable or afforded to data subjects, the concept DataSubjectRight is used.
The information regarding hwo to exercise a right is provided through RightExerciseNotice and associated using the isExercisedAt relation. This information can specify contextual information through use of other concepts such as PersonalDataHandling to denote a necessaryPurpose of IdentityVerification as part of the rights exercise.
A RightExerciseActivity represents a concrete instance of a right being exercised. It can include contextual information such as timestamps, durations, entities, etc. that can be part of record-keeping. An activity can be a single step related to rights exercise -- such as the initial request to exercise that right, or its acknowledgement, or the final step taken to fulfil the right (e.g. provide some information), or it can also be a single activity describing the entire rights exercise process(es). To collate related activities associated with a rights exercise (e.g. associated with a specific data subject or a specific request), the concept RightExerciseRecord is useful. The information provided to describe or in fulfilment of a right exercise is represented by RightFulfilmentNotice and that associated when a right exercise cannot be fulfilled is represented by RightNonFulfilmentNotice.
dpv:RightNotice: Information associated with rights, such as which rights exist, when and where they are applicable, and other relevant information
go to full definition
dpv:RightExerciseNotice: Information associated with exercising of an active right such as where and how to exercise the right, information required for it, or updates on an exercised rights request
go to full definition
dpv:RightFulfilmentNotice: Notice provided regarding fulfilment of a right
go to full definition
dpv:RightNonFulfilmentNotice: Notice provided regarding non-fulfilment of a right
go to full definition
15. Rules
Note
Please refer to rules page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the rules concepts.
DPV provides the concept Rule to specify requirements, constraints, and other forms of 'rules' that are associated with specific contexts (e.g., processing activities) using the relation hasRule. DPV provides three forms of Rules to represent Permission, Prohibition and Obligation, and their corresponding relations hasPermission, hasProhibition and hasObligation, to indicate a Rule that specifies whether something is permitted, prohibited or an obligation, respectively. DPV does not define additional semantics for rules and limits its scope and focus to provide a simple way to specify permissions, prohibitions, and obligations as common rules associated with activities. For a more extensive and richer set of semantics and concepts to represent rules, DPVCG suggests looking towards other languages, such as [ODRL], [SHACL], and [RuleML] that have been developed with the specific goal of representing and applying rules. We welcome contributions for aligning DPV with these, and for providing guidance on how to complement DPV's rule-based concepts with external languages.
dpv:Rule: A rule describing a process or control that directs or determines if and how an activity should be conducted
go to full definition
dpv:Obligation: A rule describing an obligation for performing an activity
go to full definition
dpv:Permission: A rule describing a permission to perform an activity
go to full definition
dpv:Prohibition: A rule describing a prohibition to perform an activity
go to full definition
16. Extensions
To supplement the concepts and taxonomies in [DPV] for specific applications, use-cases, or to provide separation for better management of terms, we provide several extensions to the DPV.
16.1 Personal Data (PD)
Personal Data categories for DPV provides additional concepts that extend the DPV's personal data taxonomy based on an opinionated structure contributed by R. Jason Cronk from EnterPrivacy. This separation is to enable adopters to decide whether the extension's concepts are useful to them, or to use other external vocabularies, or define their own.
Concepts within [PD] are broadly structured in top-down fashion by utilising their relevance and origin as:
Internal (within the person): e.g. Preferences, Knowledge, Beliefs
External (visible to others): e.g. Behavioural, Demographics, Physical, Sexual, Identifying
Household: e.g. personal or household activities
Social: e.g. Family, Friends, Professional, Public Life, Communication
Financial: e.g. Transactional, Ownership, Financial Account
Tracking: e.g. Location, Device based, Contact
Historical: e.g. Life History
16.2 Locations (LOC)
Location and Geo-Political Membership concepts for DPV provides additional concepts regarding locations such as countries and regions based on the ISO 3166 standards. It enables representing information such as processing takes place within Ireland, represented by loc:IE, or within European Union (EU) by using loc:EU. We are working on expanding this list to also specify regions, cities, and other pertinent location details, and welcome participation and contributions for this.
16.3 Risk Management (RISK)
Risk Assessment and Management concepts for DPV builds on top of the lightweight risk framework within DPV by providing the following extensive concepts related to risk assessment and management. We are in the process of identifying additional concepts and taxonomies for the risk extension, such as for risk management procedures and the creation of a risk ontology based on ISO standards.
Risk Controls - categories of measures such as those related to risk source, likelihood, consequence, vulnerability, as well as the intended effect in terms of monitoring, controlling, halting, removing, or reducing.
Consequences and Impacts - list of consequences such as data breaches, costs, identity theft and several others that are categorised based on DPV's impact framework i.e. damage, harm, or detriment.
Scale for Risk Levels, Severity, and Likelihood - a 7 point qualitative scale to express concepts associated with levels, severity, and likelihood of risk and its consequences.
Risk Matrix - an encoded form of risk matrices based on combinations of severity and likelihood along with the resulting risk level. Risk matrix nodes and values are provided for dimensions 3x3, 5x5, and 7x7.
Incidents, Reports, and Notices - specifying incidents such as security incidents or data breaches, documenting information about them, and notices used to communicate with other relevant entities such as authorities and data subjects.
Risk Management - risk management concepts based on ISO 31000 series.
16.4 Technologies (TECH)
Technology concepts for DPV extends the DPV's terms to represent further specific details regarding technologies, their management, and relevance to actual real-world tools and systems. It provides concepts for the following:
Communication method: WiFi, Bluetooth, GPS, Cellular Network
Actors: Developer, Provider, User, Subject, etc.
Intended Use: what the technology was/is intended to be used for
Documentation: technical and user manuals and other documentation
Status: whether the technology has been released, has been provided, and other statuses
Tools: databases, cookies, etc.
The intention and aim of developing the TECH extension is to describe real-world tools and services, such as a specific cloud storage provider, and provide categorisation and metadata to connect it to DPV's concepts, such as to indicate the cloud storage instance features encryption at rest as a technical measure. Through these, the management and documentation of use-cases can be made easier by providing the relationships between tools/services and technical measures as a 'knowledge graph'.
16.5 Artificial Intelligence (AI)
AI Technology concepts for DPV is an extension under development which will further extend the [TECH] extension to represent concepts associated with AI. These will include representation of:
Techniques such as machine learning and natural language programming
Capabilities such as image recognition and text generation
Lifecycle such as data collection, training, fine-tuning, etc.
Risks such as data poisoning, statistical noise and bias, etc.
Risk Measures to address the AI specific risks
Documentation such as Data Sheets and Model Cards
Actors such as AI Developer and AI Deployer
Status associated with AI development
16.6 Justifications
Concepts representing Justifications for DPV provides concepts for use as 'justifications' with DPV. For example, where a right cannot be fulfilled, a justification such as 'identity could not be verified' is represented using a specific concept.
16.7 Legal Concepts (LEGAL)
Legal Jurisdiction-relevant concepts for DPV provides concepts to represent laws, authorities, and other legal concepts in various jurisdictions. It is structured to create a separate namespace for each country or jurisdiction by using the ISO 3166-2 code, for example IE represents Ireland and EU represents the European Union. Within this namespace, the specific laws and authorities for that jurisdiction are defined.
At the moment, the following jurisdictions are defined:
While several of DPV's concepts are inspired from the GDPR, the use of DPV itself does not point towards specific concepts from GDPR such as legal bases in Article.6. This is to enable use of DPV with different jurisdictional and domain terminologies through the use of extensions. EU GDPR concepts for DPV provides an extension of DPV's concepts for the [GDPR] for the following non-exhaustive list of concepts:
Legal Bases (Art.6) - DPV's legal bases are extended to represent specific clauses from GDPR Art.6 (e.g. A.6-1a consent).
Legal Bases (Art.9) - DPV's legal bases are extended to represent specific clauses from GDPR Art.9 (e.g. A.9-2a explicit consent).
Legal Bases (Data Transfers) - DPV's DataTransferLegalBasis is extended to represent GDPR's Articles 45, 46, and 49.
Data Transfer Tools - Mechanisms defined by the GDPR for data transfers, e.g. contractual clauses.
DPIA - Statuses for representing DPIA related procedures and outcomes, e.g. necessity, high-risk, and consultation required.
State of an activity that could not be completed, but has reached some end state
Usage Note
This relates to a 'Stop' state as distinct from a 'Halt' state. It makes no comments on whether the Activity can be resumed or continued towards completion.
Purposes associated with conducting advertising i.e. process or artefact used to call attention to a product, service, etc. through announcements, notices, or other forms of communication
Usage Note
Advertising is a subset of Marketing. Advertising by itself does not indicate 'personalisation' i.e. personalised ads.
Date Created
2020-11-04
Contributors
Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
Purposes associated with verifying or authenticating age or age related information as a form of security
Usage Note
Age Verification can include verification of the exact age, e.g. being 21 years old, a date, e.g. birth date is 01 January 1969, or a condition, e.g. age is over 21 years and the person is an adult. Specific dedicated resources should be used to further express information and processes associated with Age Verification, for example the Age Verification Vocabulary https://w3id.org/age/
Date Created
2024-02-14
Contributors
Beatriz Esteves, Arthit Suriyawongkul, Harshvardhan J. Pandit
Algorithmic Logic is intended as a broad concept for explaining the use of algorithms and automated decisions making within Processing. To describe the actual algorithm, see the Algorithm concept.
Anonymisation is the process by which data is irreversibly altered in such a way that a data subject can no longer be identified directly or indirectly, either by the entity holding the data alone or in collaboration with other entities and information sources
to irreversibly alter personal data in such a way that an unique data subject can no longer be identified directly or indirectly or in combination with other data
Personal Data that has been (fully and completely) anonymised so that it is no longer considered Personal Data
Usage Note
It is advised to carefully consider indicating data is fully or completely anonymised by determining whether the data by itself or in combination with other data can identify a person. Failing this condition, the data should be denoted as PseudonymisedData. To indicate data is anonymised only for a specified entity (e.g. within an organisation), the concept ContextuallyAnonymisedData (as subclass of PseudonymisedData) should be used instead of AnonymisedData.
Concept provided to represent indication of cases where the information or context is not applicable (N/A) or not available or this is not known or determined yet. If the information is applicable and available, this concept should not be used.
Usage Note
These concepts are useful in closed-world interpretations, for example in forms where a field must have a value to explicitly denote it is not applicable or the information is not available yet.
Level of automation corresponding to Level 1 in ISO/IEC 22989:2022 where automation is limited to parts of the system or a specific part of the system in a manner that does not change the control of the human in using/driving the system
Usage Note
Human Involvement is implied here, specifically the ability to make decisions regarding operations, but also possibly for intervention, oversight, and verification
State of being conditionally approved through the audit
Usage Note
A "conditional approval" is intended to reflect states where the audit has identified further changes which must be implemented before considering the audit has been 'passed', without requiring another audit to validate them. This is distinct from the case where an audit has state 'rejected', which means changes must be made and submitted for review. The requirements of a 'conditional acceptance' are expected to be minor or not significant enough to warrant another audit to review them.
Processing that involves automated decision making
Usage Note
Automated decision making can be defined as “the ability to make decisions by technological means without human involvement.” (“Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01)”, 2018, p. 8)
Processing that involves automated scoring of individuals
Usage Note
Scoring can lead to the action being considered Decision Making if the scoring is itself a decision - see 2023-MAR-16 opinion of Advocate General on Case C 634/21. Therefore, the assessment of whether scoring was automated or not is important given the legal obligations surrounding automated decision making e.g. in GDPR
Level of automation corresponding to Level 6 in ISO/IEC 22989:2022 where the automation in system is capable of modifying its operation domain or its goals without external intervention, control or oversight
Usage Note
Though Autonomous, such operations can still be associated with dpv:HumanInvolved e.g. for inputs, oversight or verification
Involvement where entity cannot challenge the process of specified context
Usage Note
Challenge refers to raising questions about validity, necessity, correctness, or other similar 'trustworthiness' attributes regarding the process or plan or implementation
Date Created
2024-05-11
Contributors
Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
Involvement where entity cannot challenge the output of specified context
Usage Note
Challenge refers to raising questions about validity, necessity, correctness, or other similar 'trustworthiness' attributes regarding the output of the process or plan or implementation (where output is distinct from the process itself)
Date Created
2024-05-11
Contributors
Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
Involvement where entity cannot reverse input of specified context
Usage Note
Reversion can be considered a form of correction in some instances. We welcome inputs to further explore and define this relation between correction and reversion concepts.
Date Created
2024-05-11
Contributors
Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
Involvement where entity can challenge the process of specified context
Usage Note
Challenge refers to raising questions about validity, necessity, correctness, or other similar 'trustworthiness' attributes regarding the process or plan or implementation
Date Created
2024-05-11
Contributors
Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
Involvement where entity can challenge the output of specified context
Usage Note
Challenge refers to raising questions about validity, necessity, correctness, or other similar 'trustworthiness' attributes regarding the output of the process or plan or implementation (where output is distinct from the process itself)
Date Created
2024-05-11
Contributors
Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
A 'child' is a natural legal person who is below a certain legal age depending on the legal jurisdiction.
Usage Note
The legality of age defining a child varies by jurisdiction. In addition, 'child' is distinct from a 'minor'. For example, the legal age for consumption of alcohol can be 21, which makes a person of age 20 a 'minor' in this context. In other cases, 'minor' and 'child' are used interchangeably to refer to a person below some legally defined age.
Purposes associated with combating the causes and consequences of climate change, including reducing gas emissions and fighting emergencies such as floods or wildfires
Customer Care Communication refers to purposes associated with communicating with customers for assisting them, resolving issues, ensuring satisfaction, etc. in relation to services provided
Date Created
2020-11-04
Contributors
Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
Communication Management refers to purposes associated with providing or managing communication activities e.g. to send an email for notifying some information
Usage Note
This purpose by itself does not sufficiently and clearly indicate what the communication is about. As such, it is recommended to combine it with another purpose to indicate the application. For example, Communication of Payment.
Date Created
2021-09-01
Contributors
Georg P. Krog, Paul Ryan, David Hickey, Harshvardhan J. Pandit
Level of automation corresponding to Level 3 in ISO/IEC 22989:2022 where the automation is sufficient to perform most tasks of the system with the human present to take over where necessary
Usage Note
Human Involvement is implied here, e.g. for intervention, input, decisions
The state where the temporal or contextual validity of consent has 'expired'
Usage Note
An example of this state is when the obtained consent has been assigned a duration - which has lapsed or 'expired', making it invalid to be used further for processing data
An example of this state is when the individual clicks on a button, ticks a checkbox, verbally agrees - or any other form that communicates their decision agreeing to the processing of data
The state where consent has been deemed to be invalid
Usage Note
An example of this state is where an investigating authority or a court finds the collected consent did not meet requirements, and 'invalidates' both prior and future uses of it to carry out processing
Methods to obtain, provide, modify, and withdraw consent along with maintaining a record of consent, retrieving records, and processing changes in consent states
Source
Date Created
2024-04-14
Contributors
Beatriz Esteves, Harshvardhan J. Pandit, Georg P. Krog
State where a request for consent has been deferred without a decision
Usage Note
An example of this state is when the individual closes or dismisses a notice without making a decision. This state is intended for making the distinction between a notice being provided (as a consent request) and the individual interacting with the notice without making a decision - where the 'ignoring of a notice' is taken as consent being neither given nor refused
The state or status of 'consent' that provides information reflecting its operational status and validity for processing data
Usage Note
States are useful as information artefacts to implement them in controlling processing, and to reflect the process and flow of obtaining and maintaining consent. For example, a database table that stores consent states for specific processing and can be queried to obtain them in an efficient manner. States are also useful in investigations to determine the use and validity of consenting practices
The state where the consent is withdrawn or revoked specifically by the data subject and which prevents it from being further used as a valid state
Usage Note
This state can be considered a form of 'revocation' of consent, where the revocation can only be performed by the data subject. Therefore we suggest using ConsentRevoked when it is a non-data-subject entity, and ConsentWithdrawn when it is the data subject
Context is a catch-all concept for information of relevance not possible to represent through other core concepts. DPV offers specific contextual concepts such as Necessity, Frequency, and Duration. More can be created by extending Context within use-cases.
Date Created
2019-04-05
Date Modified
2022-06-15
Contributors
Harshvardhan J. Pandit, Javier Fernández, Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Simon Steyskal
Data that can be considered as being fully anonymised within the context but in actuality is not fully anonymised and is still personal data as it can be de-anonymised outside that context
Usage Note
To distinguish between partially anonymised data that can be effectively treated as anonymised data (e.g. in processing) within a context (e.g. an organisation), the concept ContextuallyAnonymisedData should be used instead of AnonymisedData. Transfer of this data outside of the context should consider that it is not fully anonymised and that it is still personal data
An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of data between a Data Controller and a Data Processor
Involvement where entity can correct the output of specified context
Usage Note
Correction of outputs allows modification of the output - implying continuation of the process. This is distinct from reversing of outputs which revert the output back to its previous value and possibly imply not continuing with the process
Date Created
2024-05-11
Contributors
Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
Purposes associated with activities that detect, prevent, mitigate, or otherwise perform activities to combat or eliminate terrorism (also referred to as anti-terrorism)
A political entity indicative of a sovereign or non-sovereign territorial state comprising of distinct geographical areas
Usage Note
The definition of country is not intended for political interpretation. DPVCG welcomes alternate definitions based in existing sources with global scope, such as UN or ISO.
Customer Care refers to purposes associated with purposes for providing assistance, resolving issues, ensuring satisfaction, etc. in relation to services provided
Customer Order Management refers to purposes associated with managing customer orders i.e. processing of an order related to customer's purchase of good or services
Purposes associated with the voluntary sharing of data for the general interest of the public, such as healthcare or combating climate change
Usage Note
Data Altruism as a purpose should be combined with other purposes to indicate their altruistic interpretation or application. E.g. improving healthcare and data altruism in combination.
Creation, completion, fulfilment, or performance of a contract, with Data Controllers as parties being Joint Data Controllers, and involving specified processing of data or technologies
Deletion and Erasure are distinct activities where deletion refers to logical removal of data with the possibility of retrieval whereas erasure refers to destruction of data such that it cannot be retrieved. See dpv:DataErasurePolicy
Erasure or data destruction or secure removal of data refers to irreversible erasure of data. See dpv:DataDeletion for reversible or logical deletion of data
An entity that 'exports' data where exporting is considered a form of data transfer
Usage Note
The term 'Data Exporter' is used by the EU-EDPB as the entity that transfer data across borders. While the EDPB refers to the jurisdictional border of EU, the term within DPV can be used to denote any 'export' or transfer or transmission of data and is thus a broader concept than the EDPB's definition.
An entity that 'imports' data where importing is considered a form of data transfer
Usage Note
The term 'Data Importer' is used by the EU-EDPB as the entity that receives transferred data across borders. While the EDPB refers to the jurisdictional border of EU, the term within DPV can be used to denote any 'import' or reception of transfer or transmission of data and is thus a broader concept than the EDPB's definition.