Skip to content
/ dpv Public

Data Privacy Vocabularies and Controls CG (DPVCG)

License

Notifications You must be signed in to change notification settings

w3c/dpv

Repository files navigation

DPVCG

Data Privacy Vocabularies and Controls Community Group (DPVCG) repository containing specifications for Data Privacy Vocabulary (DPV) and its extensions, primer, and guides, and group meeting minutes.

links: Community Group | GitHub wiki

Announcement: DPV 2.0 Release

Static Badge The scope of DPV has been expanded to include non-personal data and AI technologies - though the focus of the group remains on privacy and data protection. The structure of the repo has also been changed to incorporate multiple jurisdictions and regulations, and their names have been changed e.g. dpv-gdpr is legal/eu/gdpr. The article Data Privacy Vocabulary (DPV) -- Version 2 by Pandit et al. (2024), accepted for presentation at the 23rd International Semantic Web Conference (ISWC 2024), describes DPV v2 in terms of its contents, methodology, current adoptions and uses, and future potential. It also describes the relevance and role of DPV in acting as a common vocabulary to support various regulatory (e.g. EU's DGA and AI Act) and community initiatives (e.g. Solid) emerging across the globe. A Search Index of all concepts from DPV and extensions is available.

Static Badge is available under a new versioned IRI for continued use - though the DPVCG recommends using the latest version of DPV. Versioned IRIs have been created to refer to specific versions, with https://w3id.org/dpv/1.0 for v1 and https://w3id.org/dpv/2.0 for v2. The versionless IRI https://w3id.org/dpv will always point to the latest version. See the v2 changelog for more details.

The mission of the W3C Data Privacy Vocabularies and Controls CG (DPVCG) is to develop a taxonomy of privacy and data protection related terms, which include in particular terms from the new European General Data Protection Regulation (GDPR), such as a taxonomy of personal data as well as a classification of purposes (i.e., purposes for data collection), and events of disclosures, consent, and processing such personal data.

License: All work produced by DPVCG and provided through this repo or elsewhere is provided by contributors under the W3C Document License. A copy of the license is provided in the LICENSE.md file.

Guidelines for suggesting new concepts, identifying bugs and issues, and sending patches or PRs

Specifications

Newcomers to the DPV are recommended to start with the Primer to familiarise themselves with the concepts, semantics, and usefulness of the DPV. A Concise Primer is also available for a quick (2-pager) introduction to DPV.

Data Privacy Vocabulary (DPV)

The Data Privacy Vocabulary (DPV) provides an ontology (classes and properties) and taxonomies of concepts to represent information regarding how personal data is processed in the form of an ontology or a knowledge graph. For example, it provides taxonomies associated with:

  • purposes of processing
  • personal data categories involved
  • processing operations
  • technical and organisational measures or restrictions applied
  • legal basis used to justify processing
  • information about legal basis for processing
  • rights as applicable
  • risks as applicable

The namespace for DPV terms is http://w3id.org/dpv# with suggested prefix dpv, and serialisations are provided in RDF/XML, Turtle, JSON-LD, and N3 formats. The default serialisations are defined using RDFS/SKOS semantics, with an alternate serialisation defined using OWL2 semantics.

Extensions

These extensions provide additional concepts that extend the concepts and scope of the main DPV specification:

  • Personal Data (PD) provides a taxonomy of personal data categories
  • Location (LOC) provides a taxonomy of location concepts based on ISO 3166 (countries, regions)
  • Technology (TECH) provides a taxonomy of technology concepts
  • AI provides a taxonomy of AI concepts extending the TECH extension
  • Justifications provides concepts for representing justifications i.e. why something must be done or could not be done
  • Risk provides concepts for risk assessment and management

Extensions for Jurisdictions and Regulations

The legal extensions provide concepts associated with specific jurisdictions and the laws, authorities, and treaties within them. The Legal page provides an overview of these. The jurisdictions are represented by using their ISO 3166-2 codes.

Other Resources

The NACE Taxonomy serialised in RDFS provides a serialisation of the NACE v2 taxonomy in RDFS for use with DPV terms. Since then, NACE v2.1 has been published by the EU Commission. The DPVCG has decided to retire/not provide an alternative serialisation of NACE as it provided no significant benefit and the best practice for using NACE is to always utilise the official authoritative version.

Guides

Acknowledgements and Citation

  • For use of DPV from v2 onwards, Cite as: Data Privacy Vocabulary (DPV) -- Version 2 by Harshvardhan J. Pandit, Beatriz Esteves, Georg P. Krog, Paul Ryan, Delaram Golpayegani, Julian Flake https://arxiv.org/abs/2404.13426 (accepted for presentation at the 23rd International Semantic Web Conference (ISWC 2024))
  • For use of DPV up to v1 and v1.1, Cite as: The peer-reviewed article “Creating A Vocabulary for Data Privacy” presents a historical overview of the DPVCG, and describes the methodology and structure of the DPV along with describing its creation. An open-access version can be accessed here, here, and here.

Releases

go to latest release

Releases are provided through the GitHub feature at https://github.com/w3c/dpv/releases and contain zipped collections of DPV specifications, modules, extensions, and accompanying documents.

Final Reports

The following are final reports i.e. formally published by the W3C:

DPV 2.0

DPV 1.0

Participating and Getting assistance

If you're unsure about something, or would like clarifications, or suggestions - please communicate with us or open an issue. We would be happy to help. You can view the current open issues and the public mailing list.

Membership to the group is open to all interested individuals and organisations. To join the group, you need a valid W3C account – which is free to get and can be requested here. The group meets usually through online meeting calls - see meetings calendar and minutes.

Funding Acknowledgements

The DPVCG was established as part of the SPECIAL H2020 Project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No. 731601 from 2017 to 2019.

Harshvardhan J. Pandit was funded to work as the chair of DPVCG from 2020 to 2022 by the Irish Research Council's Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790, and through the ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106 (2018 to 2020) and Grant#13/RC/2106_P2 (2021 onwards).

Further funding acknowledgements for individual members are provided within relevant specifications.