How to Manage My Data? With Machine--Interpretable GDPR Rights!

TL;DR

This paper proposes a standardized, machine-interpretable framework for managing GDPR rights using semantic web standards, enhancing automation and clarity for individuals and organizations.

Contribution

It introduces a comprehensive specification based on the Data Privacy Vocabulary to automate GDPR rights management, addressing technological and procedural gaps.

Findings

Developed a semantic web-based rights management specification.

Enabled automated, consistent handling of GDPR rights.

Improved clarity and efficiency in data rights management.

Abstract

The EU GDPR is a landmark regulation that introduced several rights for individuals to obtain information and control how their personal data is being processed, as well as receive a copy of it. However, there are gaps in the effective use of rights due to each organisation developing custom methods for rights declaration and management. Simultaneously, there is a technological gap as there is no single consistent standards-based mechanism that can automate the handling of rights for both organisations and individuals. In this article, we present a specification for exercising and managing rights in a machine-interpretable format based on semantic web standards. Our approach uses the comprehensive Data Privacy Vocabulary to create a streamlined workflow for individuals to understand what rights exist, how and where to exercise them, and for organisations to effectively manage them. This work pushes the state of the art in GDPR rights management and is crucial for data reuse and rights management under technologically intensive developments, such as Data Spaces.