European Commission logo
Englishen
ISA² - Interoperability solutions for public administrations, businesses and citizens

The Core Person Vocabulary and the GDPR

Fidel Santiago

Fidel Santiago, Programme manager for the ISA² Programme, Interoperability Unit, Directorate General for Informatics, European Commission

The General Data Protection Regulation (GDPR) is a big opportunity for semantic data modellers. Thanks to this new regulation, many organisations are reviewing their data management practices to (re)confirm their compliance with the new law and to improve on some new aspects like accountability or record keeping. Benefiting from this internal revision, we, semantic data modellers, can improve our organisations’ (semantic) data models and our metadata management in general. Of the many possibilities opened by the GDPR, in the SEMIC Action we have explored the relationship between the right to data portability and SEMIC’s Core Vocabularies, specially the Core Person Vocabulary.

Core Vocabularies are ‘simplified, reusable, and extensible data models that capture the fundamental characteristics of an entity in a context-neutral manner.’ The Core Person Vocabulary does so, ‘capturing the fundamental characteristics’, of a natural person. Natural persons are one of the main actors in the GDPR: the data subjects. Being context-neutral, Core Vocabularies allow for their use in many different domains and so can address the GDPR needs of organisations operating in different domains: private or public sector, industrial or services, health or communication, etc.

The GDPR incorporates a new right to data portability, which allows us, data subjects, to receive the information we have provided to an organisation ‘in a structured, commonly used and machine-readable format’. It also gives us the right to send that information to another organisation, and to ask the originating organisation to transmit our information to another one on our instructions. Core Vocabularies and, particularly, Core Person Vocabulary would address the requirements of the GDPR when answering data portability requests. When used between organisations, they enable interoperable systems that facilitate the transmission of personal information as the right to data portability mandates in the GDPR.

Expanding and developing this brief thought, in SEMIC we have developed a Study on the potential of Core Vocabularies to support the right to data portability under the GDPR. It examines the use and application of Core Vocabularies and, more precisely, the Core Person Vocabulary  as  a  potential  enabler  for  the data  portability right  contained  in  the  GDPR and  how  public  administrations  in  the  EU  could  comply  with  these  provisions using them.

This is but one example of the relationship between the GDPR and semantic modelling or metadata management; there are still plenty of options to explore regarding this relationship. I hope you find our contribution interesting and valuable. From the SEMIC team, we are looking forward to your comments and insights on this and other aspects of data protection and semantic interoperability.

Monday, 25 February, 2019