Dear Goffi,
Il 02/07/25 14:49, Goffi ha scritto:
Is there a standardised way to indicate the category of data processed in a
machine-readable format?
Good and fascinating point.
I've found some standardized ways to indicate the category of data
processed in a machine-readable format. The most relevant include:
1. Data Privacy Vocabulary (DPV) – W3C
The Data Privacy Vocabulary (DPV) is a resource produced by the W3C Data
Privacy Vocabularies and Controls Community Group (DPVCG) to represent
information associated with processing of (personal and non-personal) data and
use of technologies in a machine-readable and interoperable manner.
DPV provides an ontology of concepts that enable expressing information such as
data and technologies involved, their purposes and legal basis, measures used
for security, relevant laws and rights, and associated risks and impacts.
DPV also provides taxonomies for these concepts based on real-world
applications so that the machine-readable representations are consistent and
interoperable through the use of DPV concepts.
https://dpvcg.org/
https://w3c.github.io/dpv/2.1/dpv/
2. Open Digital Rights Language (ODRL) – W3C
The Open Digital Rights Language (ODRL) is a policy expression language that
provides a flexible and interoperable information model, vocabulary, and
encoding mechanisms for representing statements about the usage of content and
services. The ODRL Information Model describes the underlying concepts,
entities, and relationships that form the foundational basis for the semantics
of the ODRL policies.
Policies are used to represent permitted and prohibited actions over a certain
asset, as well as the obligations required to be meet by stakeholders. In
addition, policies may be limited by constraints (e.g., temporal or spatial
constraints) and duties (e.g. payments) may be imposed on permissions.
https://www.w3.org/TR/odrl-model/
3. ISO/IEC Standards
ISO/IEC 19944-1:2020: Defines data use categories and data processing
roles, especially in cloud services.
ISO/IEC 29100: Privacy framework that defines data categorization in the
context of PII (Personally Identifiable Information).
4. Special Formats in Industry Frameworks
Defines standardized purposes and data categories used in ad tech.
https://iabeurope.eu/transparency-consent-framework/
------
I do not yet have an idea of how to do it in our case but this may be a
good starting point. The Data Privacy Vocabulary (DPV) – developed by
the W3C – could be extremely useful as a standardised way to indicate
the categories of personal data processed in a machine-readable format.
But more study is needed.
Ciao
Mario
_______________________________________________
Standards mailing list -- [email protected]
To unsubscribe send an email to [email protected]
