This document provides additional details and examples for data and personal data concepts in the Data Privacy Vocabulary [[DPV]], and is a companion to the [[DPV]] specification.

Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing guide for further information.

Introduction

DPV provides the concept [=Data=] and relation [=hasData=] to indicate involvement or association of any data. The concept [=PersonalData=] and the relation [=hasPersonalData=] are provided to indicate what categories or instances of personal data are being processed. The DPV specification only provides a structure for describing personal data, e.g. as being sensitive. For specific categories of personal data for use-cases, [[[PD]]] provides additional concepts that extend the DPV's personal data taxonomy. This separation is to enable adopters to decide whether the extension's concepts are useful to them, or to use other external vocabularies, or define their own.

In addition to Personal Data, there may be a need to represent Non-Personal Data within the same contextual use-cases. For this, DPV provides the concepts [=NonPersonalData=] and [=SyntheticData=].

To indicate data categorised based on `DataSource`, e.g. as "collected personal data", DPV provides: [=CollectedPersonalData=], [=DerivedPersonalData=], [=InferredPersonalData=], [=GeneratedPersonalData=], and [=ObservedPersonalData=].

For indicating personal data which is sensitive, the concept [=SensitivePersonalData=] is provided. For indicating special categories of data, the concept [=SpecialCategoryPersonalData=] is provided. In this, the concept sensitive indicates that the data needs additional considerations (and perhaps caution) when processing, such as by increasing its security, reducing usage, or performing impact assessments. Special categories, by contrast, are a 'special' type of sensitive personal data requiring additional considerations or obligations defined in laws (or through other forms) that regulate how they should be used or prohibit their use until specific obligations are met.

To specify data is anonymised, DPV provides two concepts. [=AnonymisedData=] for when data is completely anonymised and cannot be de-anonymised, which is a subtype of [=NonPersonalData=]. And, [=PseudonymisedData=] for when data has only been partially anonymised or de-anonymisation is possible, which is a subtype of [=PersonalData=].

DPV defines the following concepts for expressing information about data:

Personal Data

The [[[PD]]] extension provides a taxonomy of personal data categories to represent commonly used categories such as 'Email Address' and 'Birth Date'. These concepts are organised in a hierarchical taxonomy where the super/parent concept is a broader form of the sub/child concept, and where these concepts act as sets i.e. everything in the sub/child concept is present in the super/parent concept. For example, consider the concept 'Email' - it can refer to email addresses, actual emails, metadata or attachments associated with emails, and so on. To distinguish between these, the 'Email' concept must be further 'extended' or 'refined' with subclasses or child concepts such as 'Email Address', 'Email Contents', etc. The [[PD]] taxonomy categories are modelled with such interpretations in mind. This helps align the use of DPV with practical use-cases where such ambiguous use of terms can be identified and rectified by choosing a more specific concept from the taxonomy (e.g. Email Address instead of Email above).

The relation [=hasPersonalData=] can be used to indicate both the category and instance of personal data. For example, to indicate the personal data being collected is of category 'Email Address', or to specify a particular email address. We recommend using `rdf:value` to represent such 'values' of personal data associated with a category. Alternatively, other vocabularies such as [[FOAF]] or [[schema-org]] can also be used to further specify the contents of personal data. Through we strongly recommend always using a DPV concept and a [[PD]] taxonomy concept for interoperability.

Sensitive & Special Data

Some personal data categories are sensitive. To indicate this, the concept [=SensitivePersonalData=] is used. It is important to recognise and document data when it is sensitive as it can require additional considerations such as enhanced technical and organisational measures, and appropriate privacy and data protection impact assessments.

[=SpecialCategoryPersonalData=] represents those sensitive categories which are regulated by law i.e. their use is regulated and requires additional considerations and obligations, such as under [[GDPR]] Article 9 which prohibits their use unless specific conditions are met, and also requires conducting a data protection impact assessment (DPIA) for certain cases where they are involved.

The PD taxonomy uses the GDPR Article 9 definition to denote specific concepts as belonging to special categories of personal data, and due to the way the taxonomy is hierarchical in nature, all concepts extending such concepts are also considered (sensitive and) special categories. For example, `Biometric` is a special category, which is further extended as `FacialPrint` - which is also considered as a special category due to being biometric data.

The sensitivity of personal data can be universal, where that data is always sensitive, or contextual, which means a use-case needs to declare it as such. For indicating personal data is sensitive (or special), it is sub-typed or declared as an instance of SensitivePersonalData, as shown in the example below.

In using these concepts, it is important to note that DPV's modelling of sensitive and special categories is non-exhaustive and as such should not be taken as an authoritative fact or a 'source of truth'. To assist with better identifying sensitive concepts, work is ongoing within DPV to identify and provide a reference list of (potentially) sensitive and special categories, and we welcome contributions for the same.

Anonymised Data

[=AnonymisedData=] refers to anonymisation, which is a data de-identification technique whereby any information which can be used to identify the individual, either by itself or in combination with other information - which may be present in the same dataset or outside it, is removed to prevent any possibility of attributing the data to the person it is about. From this, it is clear that the bar for 'true' or 'effective' anonymisation is very high. Anonymised data is no longer considered personal data, and is therefore non-personal data.

To specify data is anonymised, DPV provides two concepts. AnonymisedData for when data is completely anonymised and cannot be de-anonymised, which is a subtype of NonPersonalData. And, PseudonymisedData for when data has only been partially anonymised or de-anonymisation is possible, which is a subtype of PersonalData.

When data undergoes a partial anonymisation process i.e. it is not completely anonymised, and there is a possibility of re-identification, but it is unlikely for this to happen within the use-case, and where the use-case wishes to treat such data as 'contextually anonymised', the concept [=ContextuallyAnonymisedData=] is provided. Transferring such data outside the context results in the data no longer being anonymous, and it must be treated as personal data.

[=PseudonymisedData=] is data that has gone a partial or incomplete anonymisation process by replacing the identifiable information with artificial identifiers or 'pseudonyms'. Using such pseudonyms (e.g. IP addresses or fingerprinting techniques) does not render the data anonymous, and it still remains personal data as long as re-identification or association with an individual is possible.

It is important to note that these definitions can be contextually difficult to apply or interpret. For example, consider the case where some data is indicated as being anonymised by itself without any available information to de-anonymise it. Though this can be considered as anonymised data, if there were to exist an external method or dataset that when combined with the anonymised dataset provides de-anonymised information - then this does not fit the definition of anonymised data.

Therefore, when indicating AnonymisedData, the understanding is that it is completely anonymised. Otherwise, given that regulations targeting PersonalData do not apply over anonymised data, the labelling of anonymised or contextually anonymised data may lead to misleading representation and violating obligations.

Data Categorised by Source

To specify data in terms of how it was sourced or generated, various concepts are provided that correspond to the processing operations such as collect, derive, infer, observe, generate, and so on. This allows annotating data or indicating how the data was obtained.

[=CollectedPersonalData=] denotes the data was collected (from another entity), and [=ProvidedPersonalData=] indicates the data was provided by another entity i.e. the other entity knowingly provided this data for collection. For example, a data subject filling out a form to provide data is an example of provided personal data, whereas observation of individuals via CCTV is collected but not provided personal data.

[=DerivedPersonalData=] refers to data being derived from another (existing) data - where such data was already present in some form. For example, taking a photograph of a passport and extracting the relevant names and dates from it is considered 'derived data' as the data was already present in the photograph. Where data being derived does not exist i.e. it is 'inferred', the concept [=InferredPersonalData=] should be used. For example, if the passport photograph was used in some way to create a risk score for the individual by the immigration office, then such data is considered to be an 'inference' as it was not already present and has been inferred through some algorithmic process.

These concepts are analogous to their processing counterparts, as well as helpful in indicating the source of data i.e. the data source concepts. They are helpful to 'tag' or 'annotate' data, such as in databases or other systems, to indicate or categorise which data has been collected, or derived, or inferred. They can also be used to check or verify the information documented about processing and data sources is accurate and up to date.

Vocabulary Index

Contributors

The following people have contributed to this vocabulary. The names are ordered alphabetically. The affiliations are informative do not represent formal endorsements. Affiliations may be outdated. The list is generated automatically from the contributors listed for defined concepts.

• Arthit Suriyawongkul (ADAPT Centre, Trinity College Dublin)
• Axel Polleres (Vienna University of Economics and Business)
• Beatriz Esteves (IDLab, IMEC, Ghent University)
• Bud Bruegger (Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein)
• Damien Desfontaines ()
• David Hickey (Dublin City University)
• Delaram Golpayegani (ADAPT Centre, Trinity College Dublin)
• Elmar Kiesling (Vienna University of Technology)
• Fajar Ekaputra (Vienna University of Technology)
• Georg P. Krog (Signatu AS)
• Harshvardhan J. Pandit (ADAPT Centre, Dublin City University)
• Javier Fernández (Vienna University of Economics and Business)
• Julian Flake (University of Koblenz)
• Mark Lizar (OpenConsent/Kantara Initiative)
• Maya Borges ()
• Paul Ryan (Uniphar PLC)
• Piero Bonatti (Università di Napoli Federico II)
• Rana Saniei (Universidad Politécnica de Madrid)
• Rob Brennan (University College Dublin)
• Rudy Jacob (Proximus)
• Simon Steyskal (Siemens)
• Steve Hickman ()