Towards Privacy Policy Conceptual Modeling

Abstract

After GDPR enforcement in May 2018, the problem of implementing privacy by design and staying compliant with regulations has been more prominent than ever for businesses of all sizes, which is evident from frequent cases against companies and significant fines paid due to non-compliance. Consequently, numerous research works have been emerging in this area. Yet, to this moment, no publicly available model can offer a comprehensive representation of privacy policies written in natural language, that is machine readable, interoperable and suitable for automatic compliance checking. Meanwhile, regarding the use of personal data, privacy policies stay one of the main means of communication between a Controller and a Data Subject. In this paper, we propose a conceptual model for fine-grained representation of privacy policies. We reuse and adapt existing Semantic Web resources in the spirit of interoperability. We represent our model as an ODRL profile and enrich it with vocabularies for describing personal data processing in great detail, making it suitable for further usage in downstream applications, to support adoption and implementation of privacy by design.