2 Jul
2025
2 Jul
'25
8:38 a.m.
Dear Goffi,
Il 02/07/25 14:49, Goffi ha scritto:
Is there a standardised way to indicate the category
of data processed in a
machine-readable format?
Good and fascinating point.
I've found some standardized ways to indicate the category of data
processed in a machine-readable format. The most relevant include:
1. Data Privacy Vocabulary (DPV) – W3C
The Data Privacy Vocabulary (DPV) is a resource
produced by the W3C Data Privacy Vocabularies and Controls Community Group (DPVCG) to
represent information associated with processing of (personal and non-personal) data and
use of technologies in a machine-readable and interoperable manner.
DPV provides an ontology of concepts that enable expressing information such as data and
technologies involved, their purposes and legal basis, measures used for security,
relevant laws and rights, and associated risks and impacts.
DPV also provides taxonomies for these concepts based on real-world applications so that
the machine-readable representations are consistent and interoperable through the use of
DPV concepts.
https://dpvcg.org/
https://w3c.github.io/dpv/2.1/dpv/
2. Open Digital Rights Language (ODRL) – W3C
The Open Digital Rights Language (ODRL) is a policy
expression language that provides a flexible and interoperable information model,
vocabulary, and encoding mechanisms for representing statements about the usage of content
and services. The ODRL Information Model describes the underlying concepts, entities, and
relationships that form the foundational basis for the semantics of the ODRL policies.
Policies are used to represent permitted and prohibited actions over a certain asset, as
well as the obligations required to be meet by stakeholders. In addition, policies may be
limited by constraints (e.g., temporal or spatial constraints) and duties (e.g. payments)
may be imposed on permissions.
https://www.w3.org/TR/odrl-model/
3. ISO/IEC Standards
ISO/IEC 19944-1:2020: Defines data use categories and data processing
roles, especially in cloud services.
ISO/IEC 29100: Privacy framework that defines data categorization in the
context of PII (Personally Identifiable Information).
4. Special Formats in Industry Frameworks
Defines standardized purposes and data categories used in ad tech.
https://iabeurope.eu/transparency-consent-framework/
------
I do not yet have an idea of how to do it in our case but this may be a
good starting point. The Data Privacy Vocabulary (DPV) – developed by
the W3C – could be extremely useful as a standardised way to indicate
the categories of personal data processed in a machine-readable format.
But more study is needed.
Ciao
Mario