Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing guide for further information.
GitHub Issues are preferred for
discussion of this specification.
1. DPV and Related Resources
Data Privacy Vocabulary (DPV) Specification: is the base/core specification for the 'Data Privacy Vocabulary', which is extended for Personal Data [PD], Locations [LOC], Risk Management [RISK], Technology [TECH], and [AI]. Specific [LEGAL] extensions are also provided which model jurisdiction specific regulations and concepts . To support understanding and applications of [DPV], various guides and resources [GUIDES] are provided, including a [PRIMER]. A Search Index of all concepts from DPV and extensions is available.
[DPV] and related resources are published on GitHub. For a general overview of the Data Protection Vocabularies and Controls Community Group [DPVCG], its history, deliverables, and activities - refer to DPVCG Website. For meetings, see the DPVCG calendar.
The peer-reviewed article “Creating A Vocabulary for Data Privacy” presents a historical overview of the DPVCG, and describes the methodology and structure of the DPV along with describing its creation. An open-access version can be accessed here, here, and here. The article Data Privacy Vocabulary (DPV) - Version 2, accepted for presentation at the 23rd International Semantic Web Conference (ISWC 2024), describes the changes made in DPV v2.
2. Introduction
This extension provides concepts relevant for the implementation of EU's Data Governance Act (DGA). The DGA promotes availability of data and encourages its sharing and reuse through novel mechanisms such as 'data intermediaries' and 'data altruism'. It also provides specific rights, and requires implementation details such as specific technical measures in order to ensure such sharing and altruistic (re-)uses of data are compliant with existing regulations, such as [GDPR], and respect rights and freedoms.
Note: Extending the DGA vocabulary
This extension provides the following concepts defined or required by the DGA:
Entities in the [DGA] are defined by extending the dpv:LegalEntity concept, and are associated with using the relation dpv:hasEntity. DGA's entities are different from 'legal roles' in GDPR's use of 'controllers' and 'processors' as the DGA entities are established with a specific role and purpose. For example, a 'Data Co-operative' is a legal entity which is established to provide the data co-operative services - namely for intermediation and exercise of rights.
Note: Associating entities in context
eu-dga:DataAltruismAuthority: An authority tasked with overseeing the activity of data altruism organisations and maintaining a public register of said entities
go to full definition
eu-dga:DataAltruismOrganisation: An non-profit organisation who collects and shares data for altruistic purposes
go to full definition
eu-dga:DataHolder: An entity who has the right to grant access to or to share certain personal data or non-personal data
go to full definition
eu-dga:DataIntermediationAuthority: An authority tasked with overseeing the activity of data intermediation service providers and maintaining a public register of said entities
go to full definition
eu-dga:DataReuseAssistant: An entity designated by the Member State to provide technical support and guidance to public sector bodies regarding access and reuse of data and for requesting consent and permissions
go to full definition
eu-dga:DataUser: An entity who has access and the right to use personal or non-personal data for commercial or non-commercial purposes
go to full definition
eu-dga:DISP: An entity who establishes commercial relationships for the data sharing between data subjects and data holders on the one hand and data users on the other
go to full definition
eu-dga:DataCooperative: An entity constituted by data subjects, one-person undertakings or SMEs who provides data intermediation services and supports its members in the exercise of their data-related rights
go to full definition
eu-dga:DISPForDataHolder: An entity who makes data holders' data available for potential data users, including bilateral or multilateral exchanges of data and platforms and databases for the joint exploitation of data
go to full definition
eu-dga:DISPForDataSubject: An entity who makes data subjects' personal data available for potential data users
go to full definition
eu-dga:EuropeanDataInnovationBoard: An authority tasked with overseeing the activities of data intermediation service providers and data altruism organisations
go to full definition
eu-dga:SIPProvider: An entity who is responsible for receiving and transmitting requests for the reuse of public data
go to full definition
eu-dga:EUSIPProvider: An entity who is responsible for receiving and transmitting requests for the reuse of public data in the EU
go to full definition
eu-dga:LocalSIPProvider: A local entity who is responsible for receiving and transmitting requests for the reuse of public data
go to full definition
eu-dga:NationalSIPProvider: A national entity who is responsible for receiving and transmitting requests for the reuse of public data
go to full definition
eu-dga:RegionalSIPProvider: A regional entity who is responsible for receiving and transmitting requests for the reuse of public data
go to full definition
eu-dga:SectorialSIPProvider: An entity who is responsible for receiving and transmitting requests for the reuse of public data for a particular sector
go to full definition
4. Legal Bases
Legal bases in the [DGA] relate to specific activities such as processing of non-personal data (A2-6-Permission) and data transfers (A5-12-Adequacy-Decision). These are defined by extending dpv:LegalBasis and its subtypes, and are indicated by using the relation dpv:hasLegalBasis.
eu-dga:A12-e-Exchange-Approval: Explicit request or approval of the data subject or data holder to utilise additional specific tools for the purposes of facilitating exchange of data
go to full definition
eu-dga:A2-6-Permission: The legal basis justifying processing of non-personal data based on the permission of an entity
go to full definition
eu-dga:A31-2-Transfer-Agreement: Data Transfer International Agreement
go to full definition
eu-dga:A31-3-Third-Country-Judgement: Data Transfer Third Country Judgement
go to full definition
eu-dga:A5-12-Adequacy-Decision: Adequacy Decision permitting the transfer of data
go to full definition
eu-dga:A5-9-Transfer-Permission: The legal basis justifying processing of non-personal data based on the permission of an entity to transfer data
go to full definition
5. Rights under DGA
The [DGA] provides several rights to the data subject and data holders whose applicability depends on the context and nature of processing taking place. Since these rights are applicable for both data subjects and non-data subjects (data holders), they are represented by extending dpv:Right instead of dpv:DataSubjectRight. To indicate a right is applicable or available, the relation dpv:hasRight is used.
eu-dga:RightToDataConversionOptOut: Right of data subjects and data holders to opt-out of data conversions e.g. enhance interoperability or harmonisation with standards
go to full definition
eu-dga:RightToImpartialReview: Right of data subjects and data holders to get an review by an impartial body with the appropriate expertise
go to full definition
eu-dga:RightToLodgeComplaint: Right of data subjects and data holders to lodge a complaint
go to full definition
6. Services
The [DGA] defines and regulates several 'services', such as those for data intermediation and altruism. To represent these, the concept dpv:Service is extended. Services can be associated using the relation dpv:hasService.
eu-dga:DataIntermediationService: Service of data intermediation which aims to facilitate the sharing of data between Data Subjects, Data Holders and Data Users
go to full definition
eu-dga:DataCooperativeService: Service provided by a data cooperative
go to full definition
eu-dga:DataIntermediationServiceBetweenHoldersUsers: Data intermediation service for data shared between Data Holders and Data Users
go to full definition
eu-dga:DataIntermediationServiceBetweenSubjectsUsers: Data intermediation service for data shared between Data Subjects, Natural Persons who are Data Holders and Data Users
go to full definition
eu-dga:SingleInformationPoint: Service responsible for receiving and transmitting requests for the re-use of public data
go to full definition
7. Registers
The [DGA] requires the creation and maintenance of specific registers or registries, such as those for data altruistic organisations. These are represented by extending the concept dpv:PublicRegisterOfEntities. Membership of the registry can be expressed using the concept dpv:hasEntity, or even through use of [SKOS] collections.
eu-dga:DAORegister: Registry containing list of recognised data altruism organisations
go to full definition
eu-dga:DAORegisterEU: Registry maintained by EU containing list of recognised data altruism organisations
go to full definition
eu-dga:DAORegisterNational: Registry maintained at National level containing list of recognised data altruism organisations
go to full definition
eu-dga:DISPRegister: Document that contains a publicly available list of data intermediation service providers
go to full definition
8. Tech/Org Measures
The specific technical and organisational measures defined or implied in the [DGA] are defined by extending the dpv:TechnicalOrganisationalMeasure concepts. These can be associated by using the relations dpv:hasTechnicalMeasure and dpv:hasOrganisationalMeasure. In addition to these, if a measure has legal enforcement, then the concept dpv:LegalMeasure and relation dpv:hasLegalMeasure can be used.
eu-dga:DataAltruismAnnualReport: Document containing the annual activities reported by a Data Altruism organisation
go to full definition
eu-dga:DataAltruismNotice: Notice providing information regarding the processing of data for data altruistic purposes
go to full definition
eu-dga:DataAltruismRecord: Document that logs the activity of the data altruism organisation
go to full definition
eu-dga:DataAssetList: Searchable asset list which contains available data resources including their data format and size and the conditions for their re-use
go to full definition
eu-dga:DataIntermediationRecord: Document that logs the activity of the data intermediation service provider
go to full definition
eu-dga:DataReuseRequest: Procedure to handle requests and provide data for reuse via single information point
go to full definition
eu-dga:DISPEUApproval: Confirmation and approval by a competent authority for the Data Intermediation Service Provider's compliance with Article 11 and Article 12 of the DGA
go to full definition
eu-dga:DISPNotice: Notification by a Data Intermediation Service Provider to a competent authority concerning changes to details regarding its Data Intermediation Service
go to full definition
eu-dga:EUDataAltruismConsentForm: A form provided by the European Commission for collecting consent
go to full definition
eu-dga:NationalDataAltruismPolicy: A Policy established at National level regarding Data Altruism
go to full definition
eu-dga:PersonalDataReuseNotice: Notice for data subjects to provide consent based on information and advise regarding intended use of data, exercise of rights, and applicable terms and conditions
go to full definition
eu-dga:SecureProcessingEnvironment: Physical or virtual environment to ensure compliance with EU law and allow the entity providing the secure processing environment to determine and supervise all data processing actions
go to full definition
eu-dga:ThirdCountryDataRequestNotice: Notice regarding a request of a third-country administrative authority to access data
go to full definition
An entity constituted by data subjects, one-person undertakings or SMEs who provides data intermediation services and supports its members in the exercise of their data-related rights
An entity designated by the Member State to provide technical support and guidance to public sector bodies regarding access and reuse of data and for requesting consent and permissions
An entity who establishes commercial relationships for the data sharing between data subjects and data holders on the one hand and data users on the other
An entity who makes data holders' data available for potential data users, including bilateral or multilateral exchanges of data and platforms and databases for the joint exploitation of data
Notification by a Data Intermediation Service Provider to a competent authority concerning changes to details regarding its Data Intermediation Service
Notice for data subjects to provide consent based on information and advise regarding intended use of data, exercise of rights, and applicable terms and conditions
Physical or virtual environment to ensure compliance with EU law and allow the entity providing the secure processing environment to determine and supervise all data processing actions
DPV uses the following terms from [RDF] and [RDFS] with their defined meanings:
rdf:type to denote a concept is an instance of another concept
rdfs:Class to denote a concept is a Class or a category
rdfs:subClassOf to specify the concept is a subclass (subtype, sub-category, subset) of another concept
rdf:Property to denote a concept is a property or a relation
The following external concepts are re-used within DPV:
10. Contributors
The following people have contributed to this vocabulary. The names are ordered alphabetically. The affiliations are informative do not represent formal endorsements. Affiliations may be outdated. The list is generated automatically from the contributors listed for defined concepts.
Beatriz Esteves (IDLab, IMEC, Ghent University)
Harshvardhan J. Pandit (ADAPT Centre, Dublin City University)
Funding Acknowledgements
Funding Sponsors
The DPVCG was established as part of the SPECIAL H2020 Project, which received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731601 from 2017 to 2019.
Harshvardhan J. Pandit was funded to work on DPV from 2020 to 2022 by the Irish Research Council's Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790.
The ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106 (2018 to 2020) and Grant#13/RC/2106_P2 (2021 onwards).
Funding Acknowledgements for Contributors
The contributions of Beatriz Esteves have received funding through the PROTECT ITN Project from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813497.
The contributions of Harshvardhan J. Pandit and Dave Lewis have been made with the financial support of Science Foundation Ireland under Grant Agreement No. 13/RC/2106_P2 at the ADAPT SFI Research Centre.