This document lists the various guides created by the DPVCG and the community providing guidance for the adoption and use of DPV in terms of its concepts and serialisations, or regarding the application of DPV for specific applications or domains.
The DPVCG invites contributions regarding additional guides as well as updates to existing guides.
DPV v2.1-RC feedback/review period until FEB-16 The DPVCG welcomes feedback and review on the v2.1 Release Candidate containing DPV and related specifications until FEB-16, after which, these documents will be published unless unresolved major issues have been identified. Feedback/review can be e.g., suggestions for improvements, fixing grammar/typos, additional information and references, and technical changes to files. The DPVCG shall discuss all submitted feedback and will resolve in through the weekly meetings. To see what is included in v2.1 and a changelog, refer to this link.
DPV Specifications: The [[DPV]] is the core specification within the DPV family, with the following extensions: Personal Data [[PD]], Locations [[LOC]], Risk Management [[RISK]], Technology [[TECH]] and [[AI]], [[JUSTIFICATIONS]], [[SECTOR]] specific extensions, and [[LEGAL]] extensions modelling specific jurisdictions and regulations. A [[PRIMER]] introduces the concepts and modelling of DPV specifications, and [[GUIDES]] describe application of DPV for specific applications and use-cases. The Search Index page provides a searchable hierarchy of all concepts. The Data Privacy Vocabularies and Controls Community Group (DPVCG) develops and manages these specifications through GitHub. For meetings, see the DPVCG calendar.
To cite and understand the structure of DPV, the article "Data Privacy Vocabulary (DPV) - Version 2.0" (2024) describes the current state of DPV and extensions from version 2.0 onwards (open access version here). The earlier article "Creating A Vocabulary for Data Privacy" (2019) describes how the DPV was developed (open access versions here, here, and here).
Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing guide for further information.
The Data Privacy Vocabulary [[DPV]] enables expressing machine-readable metadata about the use and processing of personal data based on legislative requirements such as the General Data Protection Regulation [[GDPR]]. The [[[PRIMER]]] [[PRIMER]] introduces the fundamental structuring and use of concepts in DPV. It is intended to be a starting point for those wishing to use the DPV and an orientation for people from all disciplines. [[PRIMER-concise]] is a shorter version (2 pages) of the primer intended for a quick introduction.
The [[[GUIDE-OWL2]]] [[GUIDE-OWL2]] provides guidance for the use of DPV as an OWL2 ontology, and explains how DPV can be easily encoded in a low-complexity profile of OWL2 called OWL2-PL to perform efficient semantic reasoning.
The [[[GUIDE-ODRL]]] [[GUIDE-ODRL]] is a guide that will provide guidance for the use of DPV concepts with [[[ODRL-MODEL]]] and [[[ODRL-VOCAB]]]. ODRL is a W3C standard for machine-readable representations of policies and agreements. The aim of the guide will be to demonstrate the compatibility and alignment of DPV concepts with those from ODRL, and to guide adopters in using DPV concepts within ODRL and vice-versa. This will enable using DPV to represent policies and agreements as defined by the ODRL standard.
For those interested in this, please refer to publications authored by DPVCG members which have explored this work:
[[[ISO-27560]]] provides guidance for the creation and maintainence of records regarding consent as machine-readable information. It also provides guidance on the use of this information to exchange such records between entities in the form of 'receipts'. The [[[GUIDE-Consent-27560]]] [[GUIDE-Consent-27560]] provides implementation of machine-readable consent records and receipts as defined in [[ISO-27560]] by using the Data Privacy Vocabulary (DPV). Additionally, it also provides guidance on using [[ISO-27560]] for meeting [[GDPR]] requirements regarding consent.
For more information on the development process and further use of consent records and receipts implemented using DPV, see the 2024 article preprint Implementing ISO/IEC TS 27560:2023 Consent Records and Receipts for GDPR and DGA authored by Harshvardhan J. Pandit, Jan Lindquist, and Georg P. Krog.
See Use-Cases and Requirements page for use-cases and requirements that guided the development of DPV.
See Examples page for examples demonstrating use of DPV concepts.
The DPVCG was established as part of the SPECIAL H2020 Project, which received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731601 from 2017 to 2019.
Harshvardhan J. Pandit was funded to work on DPV from 2020 to 2022 by the Irish Research Council's Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790.
The ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106 (2018 to 2020) and Grant#13/RC/2106_P2 (2021 onwards).
The contributions of Harshvardhan J. Pandit have been made with the financial support of Science Foundation Ireland under Grant Agreement No. 13/RC/2106_P2 at the ADAPT SFI Research Centre.