Analysis of ontologies and policy languages to represent information flows in GDPR

Beatriz Esteves, Víctor Rodríguez-Doncel, Michel Dumontier, Sabrina Kirrane, Oshani Seneviratne
2022 Semantic Web Journal  
This article surveys existing vocabularies, ontologies and policy languages that can be used to represent informational items referenced in GDPR rights and obligations, such as the 'notification of a data breach', the 'controller's identity' or a 'DPIA'. Rights and obligations in GDPR are analyzed in terms of information flows between different stakeholders, and a complete collection of 57 different informational items that are mentioned by GDPR is described. 13 privacy-related policy languages
more » ... and 9 data protection vocabularies and ontologies are studied in relation to this list of informational items. ODRL and LegalRuleML emerge as the languages that can respond positively to a greater number of the defined comparison criteria if complemented with DPV and GDPRtEXT, since 39 out of the 57 informational items can be modelled. Online supplementary material is provided, including a simple search application and a taxonomy of the identified entities.
doi:10.3233/sw-223009 fatcat:k6ne3yxrobbp3msouvh5ufadda