- From: Piero Bonatti <pieroandrea.bonatti@unina.it>
- Date: Thu, 7 Apr 2022 16:37:42 +0200
- To: public-dpvcg@w3.org
Hi Iwan,
The SPECIAL project had similar needs and used two data categories:
PersonalData
NonPersonalData
The above categories are mentioned first in one example of deliverable
D2.5
(https://specialprivacy.ercim.eu/images/documents/SPECIAL_D25_M21_V10.pdf)
and then in the formalization of the GDPR
(https://specialprivacy.ercim.eu/images/documents/report-D5.pdf).
The compliance check of privacy policices w.r.t. the GDPR treated
unknown cases conservatively (i.e. assuming that personal data were
involved unless stated otherwise) but you can treat unknown cases
differently of course, depending on your use case.
You may also want to link resources to the above categories with
SPECIAL's hasDataCategory property (documented in D2.5)
Best regards
Piero
PS: PersonalData and NonPersonalData are declared as disjoint classes,
so they should not have any instance in common.
On 06/04/22 20:22, Iwan Aucamp wrote:
> Hi
>
> This is somewhat outside of the scope of your working group, but I want
> to annotate resources explicitly as not processing personal data, so
> that resources that have no annotations can be identified, and so that
> resources can be divided into three groups: resources that process
> personal data (i.e has ?resource rdf:type dpv:PersonalDataHandling),
> resources that do not process personal data, and resources for which it
> is not known if they process personal data. I want to use this to
> annotate a bunch of cloud resources (i.e. databases, blob containers,
> event streams).
>
> Is there an elegant way to explicitly annotate resources as not
> processing personal data that anyone is aware of?
>
> Regards
> Iwan Aucamp
Received on Thursday, 7 April 2022 14:38:12 UTC