This repository has been archived by the owner on Oct 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
318 lines (300 loc) · 27.2 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
@ -0,0 +1,40 @@
<!DOCTYPE html>
<html>
<head>
<title>Justifications for Rights Exercising</title>
<meta http-equiv='Content-Type' content='text/html;charset=utf-8' />
<script src="https://www.w3.org/Tools/respec/respec-w3c" class="remove" defer></script>
<script type="text/javascript" class="remove">
var respecConfig = {
title: "Justifications for Rights Exercising",
subtitle: "A DPV extension to record machine-readable rights exercising",
shortName: "justifications",
specStatus: "unofficial",
latestVersion: "https://besteves4.github.io/justifications/",
publishDate: "2024-02-07",
doJsonLd: true,
maxToclevel: 3,
github: "besteves4/justifications",
includePermalinks: false,
editors: [{
name: "Beatriz Esteves",
url: "mailto:beatriz.gesteves@upm.es",
company: "Ontology Engineering Group, Universidad Politécnica de Madrid",
companyURL: "https://oeg.fi.upm.es/"
}],
authors: [{
name: "Beatriz Esteves",
url: "mailto:beatriz.gesteves@upm.es",
company: "Ontology Engineering Group, Universidad Politécnica de Madrid",
companyURL: "https://oeg.fi.upm.es/"
}],
};
</script>
</head>
<body>
<section id="abstract">
<p>
This document outlines the identified concepts required to justify the exercising of data subject's rights,
including justifications to delay or not fulfil such rights.
</p>
</section>
<section id="overview">
<h2>Overview</h2>
<p>The motivation for this work is derived from the need to create and maintain records of the exercising
of data subject's rights under the GDPR.
This work was developed (and is already integrated) within the context of the DPVCG and was started with
the main objectives of indicating</p>
<ul>
<li>what rights exist</li>
<li>where such rights can be exercised</li>
<li>what information needs to be recorded and maintained when a concrete instance of a right is being/was exercise</li>
</ul>
<p>
As such, the flows of information between a data subject and a data controller for the
exercising of a right request, according to the GDPR, were analysed to extract the relevant concepts to be recorded.
<a href="#DSR">Figure 1</a> illustrates these flows.
</p>
<p>
After sending a notice to the data subject
confirming that the request was received, the controller must be able to identify the data subject in
order to proceed with the request (Article 12.2, second sentence). If the controller cannot
identify the data subject, then the data subject must provide additional information to enable the
controller to identify them (Article 11.2). If the controller disregards the request or has
a justification for not fulfilling the right, then the data subject does not receive any information
related to the right request (Article 12.2, second sentence). In case the controller has
a justification to delay the request due to its complexity or a high number of requests, then
the controller has a 2-month extension to fulfil its duty (Article 12.3, second sentence).
Moreover, in case the request is unfounded or excessive, the controller can charge a fee and the
data subject will get the information once this fee is paid (Article 12.5, first sentence). As
it is visible by the diagram, at any point if the data controller does not fulfil its duty then a GDPR
breach occurs and the data subject does not receive their requested information.
</p>
<figure>
<img id="DSR" src="./img/GDPR-DSR.png" alt="Flow diagram of GDPR data subject rights exercising" width="100%">
<figcaption>Flow diagram of GDPR data subject rights exercising, according to Article 12.</figcaption>
</figure>
<p>
As will be explored in the next section, from the analysis of these flows of information,
a set of high-level concepts was proposed and adopted by the
<a href="https://www.w3.org/groups/cg/dpvcg/" target="_blank">DPVCG</a>
(general concepts on Rights are modelled in the main DPV specification at
<a href="https://w3id.org/dpv#vocab-rights" target="_blank">https://w3id.org/dpv#vocab-rights</a>
and GDPR-specific ones in the GDPR extension at
<a href="https://w3id.org/dpv/legal/eu/gdpr#vocab-rights" target="_blank">https://w3id.org/dpv/legal/eu/gdpr#vocab-rights</a>
).
</p>
<p>
Missing from these set of initial concepts adopted by the CG were terms to justify the fulfillment, non-fulfillment and
delay in rights exercising. These shall be the main contribution presented in this document.
</p>
</section>
<section id="concepts">
<h2>Concepts</h2>
<p>
This section highlights the concepts defined in DPV for the expression of information related to the exercising of data subject rights.
In particular,
</p>
<ul>
<li>
<a href="#base">Base concepts</a> refer to the concepts already defined in DPV for associating rights with notices,
right exercise activities and records, as well as request status.
</li>
<li>
<a href="#justifications">Justifications</a> refer to a collection of generic justification concepts for the the non-fulfillment,
delay of fulfillment and exercise of rights, which can be provided in a DPV justifications extension, based on GDPR clauses.
</li>
</ul>
<h3 id="base">Base concepts</h3>
<figure>
<img id="rights" src="https://w3c.github.io/dpv/1.0/diagrams/rights.png" alt="Core concepts of DPV's rights taxonomy" width="100%">
<figcaption>Core concepts of DPV's rights taxonomy</figcaption>
</figure>
<p>
Beyond modelling concepts for applicable <code>Right</code>s and <code>DataSubjectRight</code>s, to indicate the association of concepts
with a particular right, the <code>hasRight</code> property is also modelled in <a href="https://w3id.org/dpv" target="_blank">DPV</a>.
Additionally, to make a distinction between actionable and non-actionable rights, the <code>ActiveRight</code> and <code>PassiveRight</code>
concepts were created to distinguish between rights that require an action to be taken for them to be exercised and rights that don't require
any action and are always applicable.
</p>
<p>
The <code>isExercisedAt</code> property should be used to connect a right with a <code>RightExerciseNotice</code>.
This notice provides contextual information regarding how to exercise a right.
Specialised notice concepts for rights that can be fulfilled and those that cannot are modelled as <code>RightFulfilmentNotice</code> and
<code>RightNonFulfilmentNotice</code>, respectively.
</p>
<p>
To represent concrete records of rights being exercised, the <code>RightExerciseRecord</code> concept can be used to associate a particular
request, or even distinct requests from the same data subject, with corresponding rights exercising activities, modelled as
<code>RightExerciseActivity</code>, using the
<a href="https://www.dublincore.org/specifications/dublin-core/dcmi-terms/" target="_blank">DCMI Metadata Terms</a> <code>hasPart</code> property.
Additionally, to track the status of rights exercising activities, a set of request statuses are modelled in
<a href="https://w3id.org/dpv" target="_blank">DPV</a>, including <code>RequestAccepted</code> for a request being accepted towards fulfilment,
<code>RequestRejected</code> for a request being rejected towards non-fulfilment or <code>RequestRequiresAction</code> for a request requiring
an action to be performed from another party.
<a href="#status">Figure 3</a> showcases the lifecycle of the request status
defined in DPV.
</p>
<figure>
<img id="status" src="./img/request-status.png" alt="Request status cycle to track the status of rights exercising activities">
<figcaption>Request status cycle to track the status of rights exercising activities.</figcaption>
</figure>
<p>
While this modelling was inspired by the GDPR, the concepts are described in a jurisdiction-agnostic manner so that they can be used to tackle
data protection regulations in different jurisdictions.
</p>
<h3 id="justifications">Justifications</h3>
<figure>
<img src="./img/justifications.png" alt="Justification concepts for the non-fulfillment, delay or exercise of rights.">
<figcaption>Justification concepts for the non-fulfillment, delay or exercise of rights</figcaption>
</figure>
<p>
A collection of justifications for the non-fulfillment, delay of fulfillment and exercise of rights were modelled as subclasses of the
<code>NonPerformanceJustification</code>, <code>DelayJustification</code> and <code>ExerciseJustification</code> concepts.
</p>
<ul>
<li><code>NonPerformanceJustification</code>: Justification to reject or not complete a process</li>
<ul>
<li><code>NotRequiredJustification</code>: JJustification to reject or not complete a process as it does not apply</li>
<li><code>RightNonFulfilmentJustification</code>: Justification to reject or not complete a right exercising activity</li>
</ul>
<li><code>DelayJustification</code>: Justification to delay a process</li>
<ul>
<li><code>RightFulfilmentDelayJustification</code>: Justification to delay a right exercising activity</li>
</ul>
<li><code>ExerciseJustification</code>: Justification to exercise or iniciate a process</li>
<ul>
<li><code>RightExerciseJustification</code>: Justification to exercise or iniciate a right exercising activity</li>
</ul>
</ul>
<p>The modelled concepts for each type of justification are defined below and the used GDPR clause is also introduced.</p>
<p>The following set of concepts can be used to reject a certain process or activity (<code>NotRequiredJustification</code>):</p>
<ul>
<li><code>JNotReq-TOMSafeguard</code>: Justification that the process is not required as it is safeguarded by appropriate technical and organisational measures <b>[Art.34-3-a GDPR]</b></li>
<li><code>JNotReq-UnlikelyRightsImpact</code>: Justification that the process is not required as it is considered to be an unlikely impact on rights and freedoms <b>[Art.A34-3-b GDPR]</b></li>
<li><code>JNotReq-DisproportionateEffort</code>: Justification that the process is not required as it would require a disproportionate effort <b>[Art.34-3-c GDPR]</b></li>
</ul>
<p>The following set of concepts can be used to express generic justifications for the non-fulfillment of rights exercising (<code>RightNonFulfilmentJustification</code>):</p>
<ul>
<li><code>JNonFulf-IdentityVerificationFailure</code>: Justification that the process could not be fulfilled or was not successfull because identity verification failed <b>[Art.12-2 GDPR]</b></li>
<li><code>JNonFulf-ProcessExcessive</code>: Justification that the process could not be fulfilled or was not successfull because it was found to be excessive in nature <b>[Art.12-5 GDPR]</b></li>
<li><code>JNonFulf-ProcessFrivolous</code>: Justification that the process could not be fulfilled or was not successfull because it was found to be based on frivolous reasons <b>[Art.12-5 GDPR]</b></li>
<li><code>JNonFulf-ProcessMalicious</code>: Justification that the process could not be fulfilled or was not successfull because it was found to be malicious e.g. with intent to cause disruption or harassment <b>[Art.12-5 GDPR]</b></li>
<li><code>JNonFulf-ProcessUnfounded</code>: Justification that the process could not be fulfilled or was not successfull because it was found to be based on manifestly unfounded reasons <b>[Art.12-5 GDPR]</b></li>
<li><code>JNonFulf-EntityAlreadyInformed</code>: Justification that the process could not be fulfilled or was not successfull because the entity already has the information <b>[Arts.13-4, 14-5-a GDPR]</b></li>
<li><code>JNonFulf-DisproportionateEffortRequired</code>: Justification that the process could not be fulfilled or was not successfull because it requires a disproportionate effort <b>[Arts.14-5-b, 19 GDPR]</b></li>
<li><code>JNonFulf-ImpairObjectives</code>: Justification that the process could not be fulfilled or was not successfull because it impairs the objectives of associated context <b>[Art.14-5-b GDPR]</b></li>
<li><code>JNonFulf-ImpossibleToFulfil</code>: Justification that the process could not be fulfilled or was not successfull because it is impossible to fulfil <b>[Arts.14-5-b, 19 GDPR]</b></li>
<li><code>JNonFulf-LegallyExempted</code>: Justification that the process could not be fulfilled or was not successfull because it falls under legal exemption i.e. a law allows the non-fulfillment <b>[Arts.14-5-c, 17-3-b, 22-2-b GDPR]</b></li>
<li><code>JNonFulf-ConfidentialityObligation</code>: Justification that the process could not be fulfilled or was not successfull because it would compromise a confidentiality obligation <b>[Art.14-5-d GDPR]</b></li>
<li><code>JNonFulf-FreedomOfExpression</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the right of freedom of expression and information of others <b>[Art.17-3-a GDPR]</b></li>
<li><code>JNonFulf-SafeguardPublicInterest</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with necessary tasks carried out for public interest <b>[Arts.17-3-b, 20-3, 21-6, 23-1-e GDPR]</b></li>
<li><code>JNonFulf-ExerciseOfficialAuthority</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the exercise of official authorities <b>[Arts.17-3-b, 20-3, 23-1-h GDPR]</b></li>
<li><code>JNonFulf-SafeguardPublicHealth</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with necessary tasks carried out for public health reasons <b>[Art.17-3-c GDPR]</b></li>
<li><code>JNonFulf-ImpairArchiving</code>: Justification that the process could not be fulfilled or was not successfull because it impairs archiving for public interest <b>[Art.17-3-d GDPR]</b></li>
<li><code>JNonFulf-ImpairScientificOrHistoricalResearch</code>: Justification that the process could not be fulfilled or was not successfull because it impairs scientific or historical research <b>[Art.17-3-d GDPR]</b></li>
<li><code>JNonFulf-ImpairStatistics</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with official statistics <b>[Art.17-3-d GDPR]</b></li>
<li><code>JNonFulf-EstablishLegalClaim</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the establishment of legal claims <b>[Arts.17-3-e, A21-1 GDPR]</b></li>
<li><code>JNonFulf-ExerciseLegalClaim</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the exercise of legal claims <b>[Arts.17-3-e, A21-1 GDPR]</b></li>
<li><code>JNonFulf-DefendLegalClaim</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the defence of legal claims <b>[Arts.17-3-e, A21-1 GDPR]</b></li>
<li><code>JNonFulf-SafeguardThirdPartyRights</code>: Justification that the process could not be fulfilled or was not successfull because it would affect the rights and freedoms of others <b>[Arts.20-4, 23-1-i GDPR]</b></li>
<li><code>JNonFulf-LegitimateInterest</code>: Justification that the process could not be fulfilled or was not successfull because it the legitimate interest of teh controller overrides the interests or rights of the data subject <b>[Art.21-1 GDPR]</b></li>
<li><code>JNonFulf-NecessityContractPerformance</code>: Justification that the process could not be fulfilled or was not successfull because it is necessary for the performance of a contract <b>[Art.22-2-a GDPR]</b></li>
<li><code>JNonFulf-NecessityEnterContract</code>: Justification that the process could not be fulfilled or was not successfull because it is necessary for entering into a contract <b>[Art.22-2-a GDPR]</b></li>
<li><code>JNonFulf-ConsentBased</code>: Justification that the process could not be fulfilled or was not successfull because it is based on explicit consent <b>[Art.22-2-c GDPR]</b></li>
<li><code>JNonFulf-SafeguardNationalSecurity</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with necessary tasks to safeguard national security <b>[Art.23-1-a GDPR]</b></li>
<li><code>JNonFulf-SafeguardDefence</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with necessary tasks to safeguard defence <b>[Art.23-1-b GDPR]</b></li>
<li><code>JNonFulf-SafeguardPublicSecurity</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with necessary tasks to safeguard public security <b>[Art.23-1-c GDPR]</b></li>
<li><code>JNonFulf-PreventCriminalOffences</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the prevention of criminal offences <b>[Art.23-1-d GDPR]</b></li>
<li><code>JNonFulf-InvestigateCriminalOffences</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the investigation of criminal offences <b>[Art.23-1-d GDPR]</b></li>
<li><code>JNonFulf-DetectCriminalOffences</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the detection of criminal offences <b>[Art.23-1-d GDPR]</b></li>
<li><code>JNonFulf-ProsecuteCriminalOffences</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the prosecution of criminal offences <b>[Art.23-1-d GDPR]</b></li>
<li><code>JNonFulf-ExecuteCriminalPenalties</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the execution of criminal penalties <b>[Art.23-1-d GDPR]</b></li>
<li><code>JNonFulf-SafeguardJudicialIndependence</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the protection of judicial independence and proceedings <b>[Art.23-1-f GDPR]</b></li>
<li><code>JNonFulf-PreventEthicsBreach</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the prevention of breaches of ethics for regulated professions <b>[Art.23-1-g GDPR]</b></li>
<li><code>JNonFulf-InvestigateEthicsBreach</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the investigation of breaches of ethics for regulated professions <b>[Art.23-1-g GDPR]</b></li>
<li><code>JNonFulf-DetectEthicsBreach</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the detection of breaches of ethics for regulated professions <b>[Art.23-1-g GDPR]</b></li>
<li><code>JNonFulf-ProsecuteEthicsBreach</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the prosecution of breaches of ethics for regulated professions <b>[Art.23-1-g GDPR]</b></li>
<li><code>JNonFulf-SafeguardDataSubject</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the protection of the data subject <b>[Art.23-1-i GDPR]</b></li>
<li><code>JNonFulf-EnforceCivilLawClaim</code>: Justification that the process could not be fulfilled or was not successfull because it would interfere with the enforcement of civil law claims <b>[Art.23-1-j GDPR]</b></li>
</ul>
<p>The following set of concepts can be used to express generic delay justifications for the exercising of rights (<code>RightFulfilmentDelayJustification</code>):</p>
<ul>
<li><code>JDelay-IdentityVerification</code>: Justification that the process could not be fulfilled or was not successfull because identiy verification is required <b>[Arts.12-1, 12-6 GDPR]</b></li>
<li><code>JDelay-Complexity</code>: Justification that the process is delayed due to complexity in fulfilling it <b>[Art.12-3 GDPR]</b></li>
<li><code>JDelay-HighVolume</code>: Justification that the process is delayed due to high volume of similar processes required to be fulfilled <b>[Art.12-3 GDPR]</b></li>
<li><code>JDelay-InformationRequirement</code>: Justification that the process is delayed due to additional information being required <b>[Art.12-6 GDPR]</b></li>
</ul>
<p>The following set of concepts can be used to express generic justifications for the exercising of rights (<code>RightExerciseJustification</code>):</p>
<ul>
<li><code>JExercise-NonNecessity</code>: Justification that the process should be carried out due to non-necessity of specified context <b>[Arts.17-1-a, 18-1-c GDPR]</b></li>
<li><code>JExercise-LackOfFurtherLegality</code>: Justification that the process should be carried out due to lack of further legality of legal basis to justify continuation of specified context <b>[Art.17-1-b GDPR]</b></li>
<li><code>JExercise-Objection</code>: Justification that the process should be carried out due to specified objection(s) <b>[Arts.17-1-c, 18-1-d GDPR]</b></li>
<li><code>JExercise-UnlawfulActivity</code>: Justification that the process should be carried out due to it being an unlawful activity <b>[Arts.17-1-d, 18-1-b GDPR]</b></li>
<li><code>JExercise-LegalObligation</code>: Justification that the process should be carried out due to it being a legal obligation <b>[Art.17-1-e GDPR]</b></li>
<li><code>JExercise-InformationSocietyServicesOffer</code>: Justification that the process should be carried out due to it being related to the offer of information society services <b>[Art.17-1-f GDPR]</b></li>
<li><code>JExercise-ContestAccuracy</code>: Justification that the process should be carried out due to the accuracy of data being contested by the data subject <b>[Art.18-1-a GDPR]</b></li>
</ul>
</section>
<section id="examples">
<h2>Usage examples</h2>
<aside class="example" id="RequestRejected" title="Request rejected due to identity verification failure">
<p>
This is an example of a right exercise activity recording the justification on why a data subject
access request was rejected. In this case, the justification was due to a failure in the
verification of the identity of the data subject.
</p>
<div>
<pre class="nohighlight">
PREFIX dcterms: <http://purl.org/dc/terms/>
PREFIX dpv: <https://w3id.org/dpv#>
PREFIX ex: <https://example.com/>
PREFIX justif: <https://w3id.org/people/besteves/justifications#>
PREFIX prov: <http://www.w3.org/ns/prov#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
ex:SARRejected a dpv:RightExerciseActivity, prov:Activity ;
dcterms:description "Data controller rejects the request" ;
dcterms:date "2023-11-02T15:57:31"^^xsd:dateTime ;
prov:wasAssociatedWith ex:DataController ;
dpv:hasRecipient ex:DataSubject ;
dpv:hasStatus dpv:RequestRejected ;
dpv:hasJustification justif:JNonFulf-IdentityVerificationFailure ;
dpv:isAfter ex:SARAcknowledged .
</pre>
</div>
</aside>
<aside class="example" id="RequestRequiresAction" title="Request rejected due to identity verification failure">
<p>
Follow-up right exercise activity where the data controller requests further information
to verify the data subject's identity, using as justification that before, with the information
they had available, it was not possible to do so.
</p>
<div>
<pre class="nohighlight">
PREFIX dcterms: <http://purl.org/dc/terms/>
PREFIX dpv: <https://w3id.org/dpv#>
PREFIX ex: <https://example.com/>
PREFIX justif: <https://w3id.org/people/besteves/justifications#>
PREFIX pd: <https://w3id.org/dpv/pd#>
PREFIX prov: <http://www.w3.org/ns/prov#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
ex:SARRequiresAction a dpv:RightExerciseActivity, prov:Activity ;
dcterms:description "Data controller requires further actions" ;
dcterms:date "2023-11-02T16:09:21"^^xsd:dateTime ;
prov:wasAssociatedWith ex:DataController ;
dpv:hasRecipient ex:DataSubject ;
dpv:hasStatus dpv:RequestRequiresAction ;
dpv:hasJustification justif:JNonFulf-IdentityVerificationFailure ;
dpv:hasPersonalDataHandling [
dpv:hasPersonalData pd:OfficialID ;
dpv:hasProcessing dpv:MakeAvailable ;
dpv:hasPurpose dpv:IdentityVerification ;
dpv:hasRecipientDataController ex:DataController ;
dpv:isImplementedByEntity ex:DataSubjectUsername ] ;
dpv:isAfter ex:SARRejected .
</pre>
</div>
</aside>
</section>
</body>
</html>