GConsent - A Consent Ontology Based on the GDPR

Consent is an important legal basis for the processing of personal data under the General Data Protection Regulation (GDPR), which is the current European data protection law. GPDR provides constraints and obligations on the validity of consent, and provides data subjects with the right to withdraw their consent at any time. Determining and demonstrating compliance to these obligations require information on how the consent was obtained, used, and changed over time. Existing work demonstrates feasibility of semantic web technologies in modelling information and determining compliance for GDPR. Although these address consent, they currently do not model all the information associated with it. In this paper, we address this by first presenting our analysis of information associated with consent under the GDPR. We then present GConsent, an OWL2-DL ontology for representation of consent and its associated information such as provenance. The paper presents the methodology used in the creation and validation of the ontology as well as an example use-case demonstrating its applicability. The ontology and this paper can be accessed online at https://w3id.org/GConsent.

[1]  Daniel Garijo,et al.  WIDOCO: A Wizard for Documenting Ontologies , 2017, SEMWEB.

[2]  Dave Lewis,et al.  Modelling Provenance for GDPR Compliance using Linked Open Data Vocabularies , 2017, PrivOn@ISWC.

[3]  Declan O'Sullivan,et al.  Queryable Provenance Metadata For GDPR Compliance , 2018, SEMANTiCS.

[4]  Jouni Markkula,et al.  EU General Data Protection Regulation: Changes and implications for personal data collecting companies , 2017, Comput. Law Secur. Rev..

[5]  Axel Polleres,et al.  A Scalable Consent, Transparency and Compliance Architecture , 2018, ESWC.

[6]  Jeremy Debattista,et al.  Towards Ontology Quality Assessment , 2017, MEPDaW/LDQ@ESWC.

[7]  Christophe Debruyne,et al.  Compliance through Informed Consent: Semantic Based Consent Permission and Data Management Model , 2017, PrivOn@ISWC.

[8]  Cesare Bartolini,et al.  Reconciling Data Protection Rights and Obligations: An Ontology of the Forthcoming EU Regulation , 2015 .

[9]  Asunción Gómez-Pérez,et al.  Validating Ontologies with OOPS! , 2012, EKAW.

[10]  Declan O'Sullivan,et al.  GDPRtEXT - GDPR as a Linked Data Resource , 2018, ESWC.

[11]  Sandeep Mittal I.P.S. The Role of Consent in Legitimising the Processing of Personal Data Under the Current EU Data Protection Framework , 2017 .

[12]  N. F. Noy,et al.  Ontology Development 101: A Guide to Creating Your First Ontology , 2001 .

[13]  Deborah L. McGuinness,et al.  PROV-O: The PROV Ontology , 2013 .

[14]  Livio Robaldo,et al.  PrOnto: Privacy Ontology for Legal Reasoning , 2018, EGOVIS.

[15]  Fabio Vitali,et al.  Modelling OWL Ontologies with Graffoo , 2014, ESWC.

[16]  Simon Cox,et al.  Time Ontology in OWL , 2017 .