The Data Agreement Vocabulary provides terms to describe and represent information related to processing of personal data based on established requirements such as for the EU General Data Protection Regulation (GDPR).
Description: Defines the context of any this document. E.g. the link to the JSON-LD
Description: Identifier to the data agreement instance addressed to a specific individual (Data Subject).
Description: Version number of the data agreement
Description: Identifier to the template of the data agreement.
Description: Version number of the data agreement template
Description: An organisation constituted as a legally defined entity in any jurisdiction.
|https://w3c.github.io/dpv/dpv/#LegalEntity||Happy Shopping AB|
Description: Organisation or data controller URL.
Description: This is the legal ID to the data controller
|https://schema.org/leiCode||Organisation number, e.g. Swedish org no. 559133-2720, DUNS number etc.|
Description: Describes the purpose for which a data controller (Data Source or Data Using Service) uses personal data for. This is also the purpose for which the data agreeent is being formulated
|http://www.w3.org/ns/dpv#Purpose||Marketing and Campaign|
Description: Provides description of the purpose for which the personal data us used, comprehensive to the individual whose data is being used by the data controller.
|https://schema.org/Text||Collecting user data for offering custom tailored shopping experience|
Description: An organization processing personal data to have a valid legal basis for that personal data processing activity. GDPR, for e.g., provides six legal bases for processing personal data, consent being one.
Possible values as per GDPR are: consent, legal_obligation, contract, vital_interest, public_task and legitimate_interest.
Description: This is used to describe whether controller is using personal data for internal purposes of for data exchange towards an external third party. Data exchange could be for exposing data (as a Data Source) or consuming data as a Data Using Service.
Description: Encapsulate the data policies used in the use of personal data.
Description: The amount of time that an organization holds onto any personal data, in days.
:::Note Example: GDPR does not specify retention periods for personal data. Instead, it states that personal data may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed. Typical limit is for 3 years. :::
Description: The geographic restrictions required or followed regarding storage of data.
Description: Indicate or restrict scope for interpretation and application of purpose in a domain.
Description: Indicates a legal jurisdiction, e.g. of some legislation, or where some government service is based.
Description: The geographic location where the personal data is stored
Description: This is a boolean value to indicate that the DA is used for third party data disclosures. This indicates that some data disclosures will happen and is used to release personal data to DUS based on an agreement
|https://schema.org/Boolean||True or False|
Description: The data controller may follow a code of conduct which sets the proper application of privacy regulation taking into account specific features within a sector. The code of conduct shall reference the name of the code of conduct and with a public accessible reference.
Description: Encapsulates the attributes used for the the usage purpose defined. Its an array of personal data attributes.
Description: A category of personal data.
Description: Identifiery for the attribute.
Description: Name of the attribute
Description: Indicates that personal data is sensitive or belongs to a special category as per a regulations, typically requiring additional measures of handling.
Description: [OPTIONAL] If provided, this can be used t restrict where the data is being consumed from. Its an array of attribute retrictions
Description: Encapsulate the organisation performing the Data Protection Impact Assessment (DPIA).
Description: The date on which the DPIA report is generated after a DPIA.
Description: The URl providing the DPIA result reports, summary etc that can be verified by any interested parties.
Description: Encapsulates the data agreement lifecyle event data. For e.g. Data Agreement Offer, Accept, Reject, Terminate etc.
Description: The DID associated with the entity executing the event. E.g. An organisation (Data Controller) or an Individual (Data Subject).
Description: The identifier of the event.
Description: The current state of the event during a data agreement lifecycle. E.g. Offer, Accept, Reject and Terminate
Description: The time at which the event occurred.
Description: Decentralised Identifier (DID) of the individual (Data Subject)
Description: Encapsulates the event signatures that allows anyone (e.g. an auditor) to verify the authencity and source of the data agreement. Its uses linked data proofs as per W3C and contains a set of attributes that represent a Linked Data digital proof and the parameters required to verify it.
Description: Identifier of the proof
Description: Type of the proof
Description: Creation time of the proof
Description: Purpose of the proof
Description: Value of the proof (Signature digest)
Description: Method of verification for the proof
Description: Link to the storage location of the recocation list for the agreement
Description: Expiry for the agreement (in epoch time - seconds)
|https://schema.org/Duration||Epoc time in seconds|