GDPR Transparency Requirements and Data Privacy Vocabularies

  • Eva Schlehahn
  • Rigo WenningEmail author
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 547)


This tutorial introduced participants to the transparency requirements of the General Data Protection Regulation (GDPR) [35]. Therein, it was explored together with the attendees whether technical specifications can be valuable to support transparency in favour of a data subject whose personal information is being processed. In the context of the discussions, past and present international efforts were examined that focus on data privacy vocabularies and taxonomies as basis work to enable effective enforcement of data handling policies. One example of a current undertaking in this area is the W3C Data Privacy Vocabularies and Controls Community Group (DPVCG) which aims at developing a taxonomy of privacy terms aligned to the GDPR, which encompasses personal data categories, processing purposes, events of disclosures, consent, and processing operations. During the tutorial session, the potential of such efforts was discussed among the participants, allowing for conclusions about the need to re-align and update past research in this area to the General Data Protection Regulation.


General Data Protection Regulation EU law Transparency Data privacy vocabularies Technical specifications supporting GDPR compliance 



Supported by the European Union’s Horizon 2020 research and innovation programme under grant 731601.


  1. 1.
    W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages (2003). W3C.
  2. 2.
    Security assertion markup language (saml) v2.0. Technical report, March 2005.,
  3. 3.
    Extensible markup language (xml) 1.0 (5. edition). Technical report, November 2008.
  4. 4.
    Engineering Privacy by Design (2011)Google Scholar
  5. 5.
    Rdf 1.1 primer. Technical report, June 2014.
  6. 6.
    Gupta, A.: Data provenance. In: Liu, L., Özsu, M.T. (eds.) Encyclopedia of Database Systems. Springer, Boston (2009). Scholar
  7. 7.
    Berners-Lee, T., Fielding, R.T., Masinter, L.: Uniform resource identifier (URI): Generic syntax. Technical report (2005).
  8. 8.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). Scholar
  9. 9.
    Camenisch, J., Leenes, R., Sommer, D. (eds.): PRIME - Privacy and Identity Management for Europe. Lecture Notes in Computer Science, vol. 6545. Springer, Berlin (2011). Scholar
  10. 10.
    Collins, C.: A brief history of xml, March 2008.
  11. 11.
    European Commission: Flash eurobarometer 443: e-privacy. Technical report, December 2016.
  12. 12.
    European Commission: Summary report on the public consultation on the evaluation and review of the eprivacy directive. Technical report, August 2016.
  13. 13.
    European Council, European Parliament, and European Commission: Charter of Fundamental Rights of the European Union. Number 83 in Official Journal of the European Union C. European Union, pp. 389–403, March 2010.
  14. 14.
    Cranor, L.F.: Web Privacy with P3P. O’Reilly & Associates Inc., Newton (2002). ISBN 0-596-00371-4Google Scholar
  15. 15.
    Decker, S., Peristeras, V. (eds.): Data Privacy Controls and Vocabularies: A W3C Workshop on Privacy and Linked Data (2017). W3C.
  16. 16.
    Duerst, M., Suignard, M.: Internationalized resource identifiers (iris). Technical report 3987, January 2005.
  17. 17.
    ECHR2010: Convention for the protection of human rights and fundamental freedoms as amended by protocol no. 11 and no. 14, June 2010.
  18. 18.
    Goodman, B., Flaxman, S.: EU regulations on algorithmic decision-making and a “right to explanation”. AI Mag. 38(3) (2017)Google Scholar
  19. 19.
    Holtz, L.-E., Nocun, K., Hansen, M.: Towards displaying privacy information with icons. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IAICT, vol. 352, pp. 338–348. Springer, Heidelberg (2011). Scholar
  20. 20.
    Inchauste, F.: The dirtiest word in UX: Complexity, July 2010.
  21. 21.
    Kinderlerer, J., Dabrock, P., Haker, H., Nys, H., Salvi, M.: Opinion 26 - Ethics of information and communication technologies. Publications Office of the European Union, February 2012. ISBN 978-92-79-22734-9.,
  22. 22.
    Kodagoda, N.: Using machine learning to infer reasoning provenance from user interaction log data: based on the data/frame theory of sensemaking. JCEDM Spec. Issue 11(1), 23–47 (2017)Google Scholar
  23. 23.
    Koops, B.-J.: On Decision Transparency, or How to Enhance Data Protection after the Computational Turn, pp. 196–220 (2013)Google Scholar
  24. 24.
    Krauskopf, T., Miller, J., Resnick, P., Treese, W.: Pics label distribution label syntax and communication protocols. Technical report, October 1996.
  25. 25.
    Lehmann, J., et al.: Distributed semantic analytics using the SANSA stack. In: d’Amato, C., et al. (eds.) ISWC 2017. LNCS, vol. 10588, pp. 147–155. Springer, Cham (2017). Scholar
  26. 26.
    McDonald, A.M.: Footprints Near the Surf: Individual Privacy Decisions in Online Contexts. Ph.D. thesis (2010).
  27. 27.
    McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. I/S: J. Law Policy Inf. Soc. 4(3), 543–568 (2008).,
  28. 28.
    Meis, R., Wirtz, R., Heisel, M.: A taxonomy of requirements for the privacy goal transparency. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 195–209. Springer, Cham (2015). Scholar
  29. 29.
  30. 30.
    Moses, T.: Extensible access control markup language (xacml) v2.0. Technical report (2005).
  31. 31.
    Conference of the Independent Data Protection of the Authorities. The standard data protection model. Technical report (2016).
  32. 32.
    Pandit, H., O’Sullivan, D., Lewis, D.: Queryable provenance metadata for GDPR compliance. Procedia Comput. Sci. 137, 262–268 (2018)CrossRefGoogle Scholar
  33. 33.
    Azraoui, M., Elkhiyaoui, K., Önen, M., Bernsmed, K., De Oliveira, A.S., Sendor, J.: A-PPL: an accountability policy language. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP-2014. LNCS, vol. 8872, pp. 319–326. Springer, Cham (2015). Scholar
  34. 34.
    Sippel, B., European Parliament: Report on the proposal for a regulation of the European parliament and of the council concerning the respect for private life and the protection of personal data in electronic communications and repealing directive 2002/58/ec (regulation on privacy and electronic communications), October 2017.
  35. 35.
    European Union: Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation), May 2016Google Scholar
  36. 36.
    W3C: A P3P preference exchange language 1.0 (APPEL1.0) (2002)Google Scholar
  37. 37.
    W3C: The platform for privacy preferences 1.1 (P3P1.1) specification (2006)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  1. 1.Unabhängiges Landeszentrum für Datenschutz (ULD, Independent Centre for Privacy Protection) Schleswig-HolsteinKielGermany
  2. 2.World Wide Web Consortium/European Research Consortium for Informatics and Mathematics (W3C/ERCIM)Sophia AntipolisFrance

Personalised recommendations