Proposed methodology for setting the definitions

[michaelgeamanu]

The definitions of the OSLO Consent associated classes, attributes and relationships should stem from definitions of existing data models and ontologies (such as GConsent, DPV, and CCCEV) as much as possible.

To give a few examples:

• Consent: As per Article 4(11) of the GDPR, ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; In the case of this ontology, 'Consent' is a concept as well as a tangible entity (something that has a provenance record). To separate this distinction with relation to the data subject, the Consent class represents the consent of the data subject in its entirely, including any history and annotations for it. Source: https://openscience.adaptcentre.ie/ontologies/GConsent/docs/ontology#Consent
• LegalBasis: The Legal basis used to justify processing of personal data. Source: https://w3c.github.io/dpv/dpv/#LegalBasis
• Criterion: A condition for evaluation or assessment. Source: https://semiceu.github.io/CCCEV/releases/2.00/

Whenever a definition needs to be created, input should be sought from the GDPR regulation in the first instance and from other formal sources in the second instance. To give an example:

• DataRetention: the retention of the personal data which should be lawful where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims. Source: https://eur-lex.europa.eu/eli/reg/2016/679/oj

Comments, suggestions or questions on this approach are most welcome.

[michaelgeamanu]

It was highlighted that a definition from an existing vocabulary cannot be changed, however in an application profile you can further elaborate, deviate, be more specific in the usage notes. Meaning it is good to use short and clear definitions and use the usage notes for more details. As the definitions from GConsent tend to be longer DPV will mainly be used.