Re: 12 Use Cases for improving Trust on the Web using Open Government Data

Hi Henry, everyone.
I'm replying specifically for #12 regarding GDPR policies.

On 17/03/2020 13:02, Henry Story wrote:
> 12. Machine Readable GDPR Policies
> The following blog post details in a couple of paragraphs each of
> these points with illustrations and links where helpful

What you are describing in your post
is essentially what P3P ( was supposed to be in 

The largest challenge to having machine-readable privacy policies is (IMHO):

(1) the lack of a legal impetus or requirement to provide them as such.
Even when a law, such as the GDPR, requires some specific information to 
be included,
organisations routines do not provide such information.

(2) lack of structured machine-readable metadata to specify information 
to be
presented in a privacy policy. P3P was an effort in this direction.
I have been involved in a related effort called the Data Privacy 
Vocabulary (DPV)
which can be applied in the context of specifying privacy policy metadata.
To date, AFAIK, there isn't a 'complete' solution for specifying the 
of privacy policy in the form of machine-readable metadata.

(3) even where the onus of providing metadata is on the organisation, 
the onus of
developing tools/solutions to interpret the metadata (even if for 
falls on the society at large - and currently I think only academia is 
looking at
this solution from a research project POV.
Current focus is mostly related to abstract categorisation of privacy policy
(see UsablePrivacy ; Polisis
and/or on consent, and using that to display visualisation, graphs, 
analysis of
privacy policy and consent information.
However, a privacy policy is supposed to contain information other than 
currently captured/represented, such as other legal bases/justifications,
applicable laws/jurisdictions, rights, etc.
There is ongoing work, (e.g. see Polisis above and CLAUDETTE
given GDPR's obligations on inclusion of certain data,
but again - this is a social/community effort with diverging approaches 
and a marked
lack of open data regarding privacy policy metadata or ontology which 
everyone can
use, adopt, and build upon to provide the solution you allude to in your 

Harshvardhan Pandit
PhD Researcher
ADAPT Centre
Trinity College Dublin

Received on Tuesday, 17 March 2020 22:16:22 UTC