Data Privacy Vocabulary (DPV) - Semantics for GDPR and Personal Data Processing

People, organisations, laws, and use-cases have different perspectives and interpretations of concepts and requirements which cannot be modelled into a single coherent universal vocabulary. The Data Privacy Vocabulary (DPV) provides a core framework of ‘common concepts’ that can be extended to represent specific laws, domains, or applications. Through this, it enables expressing machine-readable metadata about the use and processing of personal data based on legislative requirements such as the General Data Protection Regulation (GDPR).||||The DPV is an outcome of the W3C Data Privacy Vocabularies and Controls Community Group (DPVCG), and has been in development since May 2018. This talk will present "DPV v1" as a series of fundamental concepts and technologies that facilitate a pragmatic approach to manage legal compliance and privacy engineering through use of semantics, machine-readability, and interoperability.||||The talk presents how DPV has been used in research (e.g. in H2020 projects SPECIAL, TRAPEZE, smashHit) and by industry (e.g. Signatu). In particular, it discusses how DPV assists with challenging topics faced by both industries and authorities such as GDPR's ROPA, DPIA, Data Transfers, and also how the approach scales towards new regulations on the horizons - namely the Digital Services/Market Act and AI Act.||||Information about DPVCG and its resources is available here: https://www.w3.org/community/dpvcg/||||Key Take-aways:||1) Legal compliance tasks are a shared effort given the relationships between different actors in terms of providers, consumers, publishers, etc.||2) Interoperability is beneficial in reducing the amount of work needed to create documentation and ensure legal and privacy engineering is addressed by design||3) Open standards are better than proprietary solutions because they can be extended and customised to fit the problem at hand, while providing a basic framework to enable shared interpretations||4) The DPV provides all of the above, and is a rich toolkit for use in privacy engineering. It can be combined with implementations, standards, and organisational governance practices readily.||||Speaker Bio:||Harsh(vardhan) is a Postdoctoral Researcher at Trinity College Dublin exploring the application of semantics to real-world challenges associated with privacy risks, legal and regulatory compliance, and consent. His PhD (Computer Science, Trinity College Dublin) explored the application of linked data and semantic web technologies towards GDPR compliance, with a particular focus on consent and provenance. He currently co-chairs the W3C Data Privacy Vocabularies and Controls Community Group (DPVCG) -- which works on creating interoperable vocabularies for personal data handling based on legal and practical requirements, and the W3C Consent Community Group (CONSENT) which has recently started its work on improving the experience of digital consent and consenting. He also contributes to ISO/IEC efforts on consent and privacy standardisation through the National Standards Authority of Ireland.

Speakers: