Rules

Contributors: (ordered alphabetically) Arthit Suriyawongkul (ADAPT Centre, Trinity College Dublin), Axel Polleres (Vienna University of Economics and Business), Beatriz Esteves (IDLab, IMEC, Ghent University), Bud Bruegger (Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein), Damien Desfontaines (No affiliation provided), David Hickey (Dublin City University), Delaram Golpayegani (ADAPT Centre, Trinity College Dublin), Elmar Kiesling (Vienna University of Technology), Fajar Ekaputra (Vienna University of Technology), Georg P. Krog (Signatu AS), Harshvardhan J. Pandit (ADAPT Centre, Dublin City University), Iain Henderson (JLINC Labs), Javier Fernández (Vienna University of Economics and Business), Julian Flake (University of Koblenz), Mark Lizar (OpenConsent/Kantara Initiative), Maya Borges (Danish Agency for Digitisation), Paul Ryan (Uniphar PLC), Piero Bonatti (Università di Napoli Federico II), Rana Saniei (Universidad Politécnica de Madrid), Rob Brennan (University College Dublin), Rudy Jacob (Proximus), Simon Steyskal (Siemens), Steve Hickman (Epistimis LLC). NOTE: The affiliations are informative, do not represent formal endorsements, and may be outdated as this list is generated automatically from existing data.

This document provides additional details and examples for rules concepts for permission, prohibition, and obligation used in the Data Privacy Vocabulary [[DPV]], and is a companion to the [[DPV]] specification.

Introduction

DPV provides the concept [=Rule=] to specify requirements, constraints, and other forms of 'rules' that are associated with specific contexts (e.g., processing activities) using the relation [=hasRule=]. DPV provides three forms of Rules to represent [=Permission=], [=Prohibition=] and [=Obligation=], and their corresponding relations [=hasPermission=], [=hasProhibition=] and [=hasObligation=], to indicate a Rule that specifies whether something is permitted, prohibited or an obligation, respectively.

[=Permission=] refers to the indicated context being allowed or approved to be carried out. Permissions are only a 'permissive signal' i.e. it is not necessary to carry out an activity just because it is permitted (see obligation for this). Permissions can be used to record what has been permitted or to distinguish the 'permissive' parts from other 'non-permissive' or prohibitive parts, such as in use-cases for policies, agreements, consent records, and risk assessments.

[=Prohibition=] represents the indicated context is not allowed or it is not approved to be carried out. If something is expressed as a prohibition - it explicitly indicates that it must not occur. Unlike permission, prohibition is a 'strong' rule i.e. if something is prohibited, then it is necessary that it not be carried out.

[=Obligation=] is the antipodal rule for prohibitions, which means if something is an obligation then it is necessary for it to be carried. It differs from permissions - which are a 'soft' rule i.e. a permitted activity is not necessary to be carried out.

DPV does not define additional semantics for rules and limits its scope and focus to provide a simple way to specify permissions, prohibitions, and obligations as common rules associated with activities. For a more extensive and richer set of semantics and concepts to represent rules, DPVCG suggests looking towards other languages, such as [[ODRL]], [[SHACL]], and [[RuleML]] that have been developed with the specific goal of representing and applying rules. We welcome contributions for aligning DPV with these, and for providing guidance on how to complement DPV's rule-based concepts with external languages.

dpv:Rule: A rule describing a process or control that directs or determines if and how an activity should be conducted go to full definition
- dpv:Obligation: A rule describing an obligation for performing an activity go to full definition
- dpv:Permission: A rule describing a permission to perform an activity go to full definition
- dpv:Prohibition: A rule describing a prohibition to perform an activity go to full definition
dpv:RuleFulfilmentStatus: Status associated with a rule for indicating whether it is applicable, or has been utilised, and whether the requirements of the rule have been fulfilled or violated go to full definition
- dpv:RuleFulfilled: Status indicating a rule has been fulfilled, completed, or satisfied go to full definition
  - dpv:ObligationFulfilled: Status indicating an obligation has been fulfilled i.e. the activity stated as being required to be carried out has been successfully completed go to full definition
  - dpv:PermissionNotUtilised: Status indicating a permission has not been utilised i.e. the activity stated as being permitted has not been carried out go to full definition
  - dpv:PermissionUtilised: Status indicating a permission has been utilised i.e. the activity stated as being permitted has been carried out go to full definition
  - dpv:ProhibitionFulfilled: Status indicating a prohibition has been fulfilled i.e. the activity stated as being prohibited has not been carried out go to full definition
- dpv:RuleUnfulfilled: Status indicating a rule has not been fulfilled nor violated go to full definition
  - dpv:ObligationUnfulfilled: Status indicating an obligation has not been fulfilled i.e. the activity stated as being required to be carried out has not been carried out but this is not considered as a violation e.g. there is still time to conduct the activity go to full definition
- dpv:RuleViolated: Status indicating a rule has been violated, breached, broken, or infracted go to full definition
  - dpv:ObligationViolated: Status indicating an obligation has been violated i.e. the activity stated as being required to be carried out has not been carried out and this is considered as a violation i.e. the activity can no longer be carried out to fulfil the obligation go to full definition
  - dpv:ProhibitionViolated: Status indicating a prohibition has been violated i.e. the activity stated as being prohibited has been carried out go to full definition

This example show a process where service provision based on consent is permitted, and profiling based on legitimate interest is prohibited

ex:PDH a dpv:Process ;
    dpv:hasPermission [
        a dpv:Permission ;
        dpv:hasPurpose dpv:ServiceProvision ;
        dpv:hasLegalBasis dpv:Consent ;
    ] ;
    dpv:hasProhibition [
        a dpv:Prohibition ;
        dpv:hasProcessing dpv:Profiling ;
        dpv:hasLegalBasis dpv:LegitimateInterest ;
    ] .

# processes with permission/prohibition as statuses
ex:PDH a dpv:Process ;
    dpv:hasProcess [
        a dpv:Process ;
        dpv:hasRule dpv:Permission ;
        dpv:hasPurpose dpv:ServiceProvision ;
        dpv:hasLegalBasis dpv:Consent ;
    ] ;
    dpv:hasProcess [
        dpv:hasRule dpv:Prohibition ;
        a dpv:Prohibition ;
        dpv:hasProcessing dpv:Profiling ;
        dpv:hasLegalBasis dpv:LegitimateInterest ;
    ] .

(META Example ID: E0066; link: source file; contributed by Harshvardhan J. Pandit on 2024-06-14)

Interpreting Rules

Default Interpretation

Though DPV provides concepts representing deontic logic, it does not specify what should be the 'default' interpretation in relation to rules, i.e. it does not provide an interpretation of whether some rules apply automatically unless otherwise declared. For example, in declaring an instance of Process, the assumption is that the activities are modelled for what is happening or what is intended/planned to happen. The explicit annotation using a Permission rule adds information about whether some activity is permitted (and its associated information). Instead, if the use-case is using DPV to only document activities that are permitted, there is no need to explicitly specify the permissions. Similarly, just because something is happening or planned to happen, it cannot be assumed to be permitted (e.g. pending evaluation of legal requirements).

This lack of default interpretation enables modularity in the use of DPV concepts. For example, an instance of `dpv:Process` which does not have a `dpv:hasRule` declared within it, can be made part of a rule to specify permissions, prohibitions, or obligations regarding the process. If instead the process had a default interpretation (e.g. permission), then it would require creating a separate instance with the same information - leading to duplicated efforts. While an apparent solution is to create a mechanism whereby the rule in the process is overridden with the intended 'outer' rule or context e.g. to specify the prohibition in one process overrules permission in another process, this prevents the combination of rules to describe situations such as a permission for a larger context within which specific parts are prohibited or obligated.

Mixing/Nesting Rules

In representing Rules, DPV only provides the concept and does not express any inherent semantics on what those rules mean in relation to each other. For example, DPV does not express Permission to be non-compatible or disjoint from Prohibition. This is to separate the interpretation and application of rules based on the necessities of a use-case. For example, in a legal investigation it may be prudent to specify permission and prohibition can never occur together, but this may not be true if there are different legal requirements that allow a prohibition to be resolved or deferred, such as through another permission that overrides the prohibition.

Further, as described earlier in the section on default interpretations, it is possible to mix or nest rules such as through processes. For example, if `ProcessA` is a permitted process and contains `ProcessB` which is a prohibited process, DPV does not dictate what should be default interpretation for this arrangement. The role of DPV concepts regarding rules, as of now, is to provide a simplified indication of whether something is permitted, prohibited, or obligated. Further interpretations require creation of a formal specification that dictates how rules should function together. For example, depending on the use-case, several interpretations are possible for the example described here:

Prohibitive interpretation: Both `ProcessA` and `ProcessB` are prohibited because through `ProcessA` is permitted, `ProcessB` is within it and is prohibited - thereby prohibiting both processes. Such interpretations prevent modularity - everything is prohibited because something is prohibited, or it is permitted because there are no prohibitions.
Permissive interpretation: `ProcessA` and `ProcessB` are both permitted since `ProcessA` gives permission for the entire process and overrides the prohibition in `ProcessB`. Such interpretations also prevent modularity - everything is permitted because the higher/broader processes are permitted even though there are specific prohibitions at a granular level.
Contextually Prohibitive interpretation: `ProcessB` is prohibited as declared, and the rest of `ProcessA` without `ProcessB` is permitted. If there was a further `ProcessC` that is permitted, and is present within `ProcessB`, then `ProcessC` would still be prohibited as the broader prohibition from `ProcessB` overrides it. Such interpretations permit modularity with permission granted for parts as long as there is no prohibition overriding it from a broader context. In this, a prohibition within a permission still allows the permitted parts to be carried out, whereas a permission within a prohibition would still be prohibited.
Contextually Permissive interpretation: This is the same as the contextually prohibitive interpretation, except permissions occurring within prohibitions are not overridden. This means, `ProcessA` is allowed through its permission, with `ProcessB` within it being prohibited, except for `ProcessC` within `ProcessB` - which is permitted.

The above example interpretations only concerned permissions and prohibitions, and did not include obligations - or other concepts such as duties, dispensations, exceptions, and defeasibility. From this, it should be clear how the specification and interpretation of rules can be quite complex and has a large impact on the intended activities and information being documented.

The DPVCG is discussing the provision of concepts to indicate the interpretation of rules as discussed above. These concepts would then be associated with rules to express how they should be interpreted - which would avoid ambiguities and ensure consistent interpretation through shared semantics.

In addition, we are also interested in representing concepts for conflict resolution strategies - for example what should be done if an permission and a prohibition are expressed over the same resource. Like the interpretation concepts, the conflict resolution concepts would also be expressed along with the rules to ensure all implementations have a consistent interpretation and outcome regarding the rules.

As with the Rules Fulfilment concepts, this work is expected to be in sync with the ODRL implementation work. We welcome ideas and participation in this process. See Issue#189.

Vocabulary Index

Classes

Obligation

Term	Obligation	Prefix	dpv
Label	Obligation
IRI	https://w3id.org/dpv#Obligation
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:Rule
Object of relation	dpv:hasFulfillmentsStatus, dpv:hasObligation, dpv:hasRule
Definition	A rule describing an obligation for performing an activity
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DPV

Obligation Fulfilled

Term	ObligationFulfilled	Prefix	dpv
Label	Obligation Fulfilled
IRI	https://w3id.org/dpv#ObligationFulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating an obligation has been fulfilled i.e. the activity stated as being required to be carried out has been successfully completed
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Obligation Unfulfilled

Term	ObligationUnfulfilled	Prefix	dpv
Label	Obligation Unfulfilled
IRI	https://w3id.org/dpv#ObligationUnfulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleUnfulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating an obligation has not been fulfilled i.e. the activity stated as being required to be carried out has not been carried out but this is not considered as a violation e.g. there is still time to conduct the activity
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Obligation Violated

Term	ObligationViolated	Prefix	dpv
Label	Obligation Violated
IRI	https://w3id.org/dpv#ObligationViolated
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleViolated → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating an obligation has been violated i.e. the activity stated as being required to be carried out has not been carried out and this is considered as a violation i.e. the activity can no longer be carried out to fulfil the obligation
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Permission

Term	Permission	Prefix	dpv
Label	Permission
IRI	https://w3id.org/dpv#Permission
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:Rule
Object of relation	dpv:hasFulfillmentsStatus, dpv:hasPermission, dpv:hasRule
Definition	A rule describing a permission to perform an activity
Examples	`dex:E0028 ::` Rule specifying permission `dex:E0066 ::` Specifying permissions and prohibitions
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DEX

Permission Not Utilised

Term	PermissionNotUtilised	Prefix	dpv
Label	Permission Not Utilised
IRI	https://w3id.org/dpv#PermissionNotUtilised
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a permission has not been utilised i.e. the activity stated as being permitted has not been carried out
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Permission Utilised

Term	PermissionUtilised	Prefix	dpv
Label	Permission Utilised
IRI	https://w3id.org/dpv#PermissionUtilised
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a permission has been utilised i.e. the activity stated as being permitted has been carried out
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Prohibition

Term	Prohibition	Prefix	dpv
Label	Prohibition
IRI	https://w3id.org/dpv#Prohibition
Type	rdfs:Class, skos:Concept, dpv:Rule
Broader/Parent types	dpv:Rule
Object of relation	dpv:hasFulfillmentsStatus, dpv:hasProhibition, dpv:hasRule
Definition	A rule describing a prohibition to perform an activity
Examples	`dex:E0029 ::` Rule specifying prohibition `dex:E0066 ::` Specifying permissions and prohibitions
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DEX

Prohibition Fulfilled

Term	ProhibitionFulfilled	Prefix	dpv
Label	Prohibition Fulfilled
IRI	https://w3id.org/dpv#ProhibitionFulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilled → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a prohibition has been fulfilled i.e. the activity stated as being prohibited has not been carried out
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Prohibition Violated

Term	ProhibitionViolated	Prefix	dpv
Label	Prohibition Violated
IRI	https://w3id.org/dpv#ProhibitionViolated
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleViolated → dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a prohibition has been violated i.e. the activity stated as being prohibited has been carried out
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Rule

Term	Rule	Prefix	dpv
Label	Rule
IRI	https://w3id.org/dpv#Rule
Type	rdfs:Class, skos:Concept
Object of relation	dpv:hasFulfillmentsStatus, dpv:hasRule
Definition	A rule describing a process or control that directs or determines if and how an activity should be conducted
Examples	`dex:E0030 ::` Rule combining DPV with ODRL
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DEX

Rule Fulfilled

Term	RuleFulfilled	Prefix	dpv
Label	Rule Fulfilled
IRI	https://w3id.org/dpv#RuleFulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a rule has been fulfilled, completed, or satisfied
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Rule Fulfilment Status

Term	RuleFulfilmentStatus	Prefix	dpv
Label	Rule Fulfilment Status
IRI	https://w3id.org/dpv#RuleFulfilmentStatus
Type	rdfs:Class, skos:Concept
Broader/Parent types	dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status associated with a rule for indicating whether it is applicable, or has been utilised, and whether the requirements of the rule have been fulfilled or violated
Examples	`dex:E0084 ::` Stating status of Rule fulfilment
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DEX

Rule Unfulfilled

Term	RuleUnfulfilled	Prefix	dpv
Label	Rule Unfulfilled
IRI	https://w3id.org/dpv#RuleUnfulfilled
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a rule has not been fulfilled nor violated
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Rule Violated

Term	RuleViolated	Prefix	dpv
Label	Rule Violated
IRI	https://w3id.org/dpv#RuleViolated
Type	rdfs:Class, skos:Concept, dpv:RuleFulfilmentStatus
Broader/Parent types	dpv:RuleFulfilmentStatus → dpv:Status → dpv:Context
Object of relation	dpv:hasContext, dpv:hasStatus
Definition	Status indicating a rule has been violated, breached, broken, or infracted
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

Properties

has fulfillment status

Term	hasFulfillmentsStatus	Prefix	dpv
Label	has fulfillment status
IRI	https://w3id.org/dpv#hasFulfillmentsStatus
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasStatus
Sub-property of	dpv:hasStatus
Domain includes	dpv:Context
Range includes	dpv:Rule
Definition	Specifying the fulfillment status associated with a rule
Date Created	2024-09-10
Contributors	Harshvardhan J. Pandit
See More:	section RULES in DPV

has obligation

Term	hasObligation	Prefix	dpv
Label	has obligation
IRI	https://w3id.org/dpv#hasObligation
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasRule
Sub-property of	dpv:hasRule
Domain includes	dpv:Context
Range includes	dpv:Obligation
Definition	Specifying applicability or inclusion of an obligation rule within specified context
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DPV

has permission

Term	hasPermission	Prefix	dpv
Label	has permission
IRI	https://w3id.org/dpv#hasPermission
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasRule
Sub-property of	dpv:hasRule
Domain includes	dpv:Context
Range includes	dpv:Permission
Definition	Specifying applicability or inclusion of a permission rule within specified context
Examples	`dex:E0066 ::` Specifying permissions and prohibitions
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DEX

has prohibition

Term	hasProhibition	Prefix	dpv
Label	has prohibition
IRI	https://w3id.org/dpv#hasProhibition
Type	rdf:Property, skos:Concept
Broader/Parent types	dpv:hasRule
Sub-property of	dpv:hasRule
Domain includes	dpv:Context
Range includes	dpv:Prohibition
Definition	Specifying applicability or inclusion of a prohibition rule within specified context
Examples	`dex:E0066 ::` Specifying permissions and prohibitions
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DEX

has rule

Term	hasRule	Prefix	dpv
Label	has rule
IRI	https://w3id.org/dpv#hasRule
Type	rdf:Property, skos:Concept
Domain includes	dpv:Context
Range includes	dpv:Rule
Definition	Specifying applicability or inclusion of a rule within specified context
Date Created	2022-10-19
Contributors	Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More:	section RULES in DPV

DPV uses the following terms from [[RDF]] and [[RDFS]] with their defined meanings:

rdf:type to denote a concept is an instance of another concept
rdfs:Class to denote a concept is a Class or a category
rdfs:subClassOf to specify the concept is a subclass (subtype, sub-category, subset) of another concept
rdf:Property to denote a concept is a property or a relation

The following external concepts are re-used within DPV:

Introduction

Rule Fulfilment Status

Interpreting Rules

Default Interpretation

Mixing/Nesting Rules

Triggering Rules

Alignment with ODRL

Vocabulary Index

Classes

Obligation

Obligation Fulfilled

Obligation Unfulfilled

Obligation Violated

Permission

Permission Not Utilised

Permission Utilised

Prohibition

Prohibition Fulfilled

Prohibition Violated

Rule

Rule Fulfilled

Rule Fulfilment Status

Rule Unfulfilled

Rule Violated

Properties

has fulfillment status

has obligation

has permission

has prohibition

has rule

External

Funding Acknowledgements

Funding Sponsors

Funding Acknowledgements for Contributors