Consent (Application Profile)

This document describes an application profile, in this case Consent (Application Profile). The application profile specifies a semantic data model covering a set of use cases. The specification consists of terms with their constraints (cardinalities, codelists, usage guidelines).

Summary

The application profile Consent shows how terms out of the accompagnied vocabularium should be used to exchange and processing of personal data of a person who gave consent to do so.

This application profile is part of the TRAPEZE project. A project financed by the European Commission, that delivers a platform as a solution for organisations and citizens with some concrete objectives on security and privacy. It aims to bring stakeholders together under a common framework to provide citizens with the tools and know-how to manage their security and privacy. It wants to support consent mechanisms and checking that data is used in the right way. The aim is to restore citizens' trust in the digital economy by implementing log integrity, non-repudiation and building data lineage and transparency by design. Concrete applications that must prove their usefulness are worked out for three domains: government, telecom and the financial sector.

Digital Flanders is working together with Solid who is working on the use of Pods to give citizens back their ownership of their personal data. In the light of this collaboration we tried to model consent for the use of personal data semantically. The model maximized the reuse and conformance to related international standars, such as DPV, GConsent, CCCEV, OSLO Generic etc.

Link to Consent vocabulary: https://purl.eu/ns/consent

Status of this document

This application profile has the status of https://data.vlaanderen.be/id/concept/StandaardStatus/KandidaatStandaard published on 2022-02-23.

Information about the process and the decisions involved in the creation of this specification are consultable at the registry of standards.

License

This specification of Digitaal Vlaanderen is published under "Model license Free Reuse - v1.0".

Conformance

An implementation is conformant with this application profile if it satisfies these rules.

Overview

This document describes the usage of the following datatypes for a correct usage of the Application Profile:
| Identifier | Location | Period Of Time |

Entities

Agent

Description: Someone or something that can perform actions or produce an effect.
Properties: No properties have been defined for this entity.

Description: Consent of the data subject regarding processing of their personal data
Subclass of
: Legal Basis
Properties: For this entity the following properties are defined: consent document, creation time, for personal data, invalidates, is consent for data subject, is invalidated by, is previous consent for, is provided by data subject, is provided by delegation, is provided to, is provided to controller, location, medium, notice, status.

Property	Expected Range	Cardinality	Description	Usage
`consent document`	Document	0..*	An human readable document is provided of the consent.
`creation time`	DateTime	1	The moment in time in which this specific version of the consent was created	This moment changes whenever the status of the consent is being updated. For example, when a data controller requests a consent a consent will be made with the creation time being equal with the moment of the request. When later on the data subject gives consent a new consent will be made with a new status (e.g. explicitlyGiven) and the creation time of this consent will be equal to the moment in which the data subject has granted consent.
`for personal data`	Personal Data	0..*	The personal data for which the consent was given
`invalidates`	Consent	0..*	A newer version of a consent invalidates a previous version of the consent
`is consent for data subject`	Data Subject	1	Links a consent instance with the data subject it is associated with.
`is invalidated by`	Consent	0..1	A previous version of the consent is invalidated by a newer version of the consent
`is previous consent for`	Consent	0..1	Denotes that this consent instance is the previous consent for the specified consent instance.
`is provided by data subject`	Data Subject	1	Indicates that the consent is given by the data subject.
`is provided by delegation`	Delegation	1	Specifies the delegation that provided this consent.
`is provided to`	Delegation	1	Indicates the Person or Data Controller the consent was provided to.
`is provided to controller`	Data Controller	1	The consent that is provided to the data controller
`location`	Location	1	The location where this specific version of the consent was created	Similar use as for CreationTime
`medium`	Medium Type	1	The way this specific version of the consent was created
`notice`	LangString	1	Additional note added to the consent
`status`	Consent Status	1	Represents the status of consent for the data subject.	This allows persisting the determination of the validatity or suitability of consent (as an entity or instance) for use in processing and other activities. Examples: consent is given, consent is requested but not given, consent was withdrawn.

Criterion

Description: Condition for evaluation or assessment.
Usage: Checking the Criterion can require extra info (hence the class InformationRequirement) which in turn can require the class Evidence. A full description of this class is to be found in the CCCEV-ontology.
Properties: No properties have been defined for this entity.

Data Controller

Description: A Data Controller is defined as "The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data."
Properties: For this entity the following properties are defined: can withdraw consent, was provided consent.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`can withdraw consent`	Consent	0..*	Refering to the possibility for a data controller to withdraw the consent	This should be used in cases where the data controller made a mistake in the consent. To stop the request or make a new one the controller should first withdraw the previous consent.
`was provided consent`	Consent	0..*	The consent was provided to the data controller

Data Processor

Description: A processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Usage: A data processor will only be used if the controller is commissioned by the data controller to perform the processing for the data controller.
Subclass of
: Third Party
Properties: For this entity the following properties are defined: identifier, legal name.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`identifier`	Identifier	1..*	Unique method to prove the identify of the Data Processor.
`legal name`	LangString	1	The legal name under which the Data Processor is registered.

Data Retention

Description: The policies of persistent data management for meeting legal and business data archival requirements
Properties: For this entity the following properties are defined: data retention policy document, expiry date, expiry time, legal basis, live data, processing, start date.

Property	Expected Range	Cardinality	Description
`data retention policy document`	Document	0..*	An human readable document is provided explaining what are the data retention requirements related to the consent.
`expiry date`	DateTime	0..1	The date on which the data retention stops
`expiry time`	Period Of Time	0..1	The duration of the data retention, starting from the start date
`legal basis`	Legal Basis	1	The legal basis that substantiates the data retention
`live data`	Boolean	1	Stating if the data should be a snapshot (i.e., not live data) or if the consent requires access to the latest version of the data (i.e., live data)
`processing`	Processing Type	0..*	Processing specifies what is happening to/with the data.
`start date`	DateTime	1	The moment in time when the data retention starts

Data Subject

Description: The individual whose personal data is being processed.
Properties: For this entity the following properties are defined: can cancel consent, has consent, provided consent.

Property	Expected Range	Cardinality	Description
`can cancel consent`	Consent	0..*	Refering to the possibility for a data subject to cancel a previously given consent
`has consent`	Consent	0..*	Links a data subject to their consent.
`provided consent`	Consent	0..*	The data subject is the entity which provided the consent

Delegation

Description: A Delegation of consent occurs when another entity, whether a data subject or their representative or an automated mechanism, provides the consent on behalf of the intended Data Subject.
Properties: For this entity the following properties are defined: has consent given by delegate, is consent delegation for, provided consent.

Property	Expected Range	Cardinality	Description
`has consent given by delegate`	Agent	1	The delegation has been provided by a certain delegate.
`is consent delegation for`	Data Subject	0..1	The delegation is a consent delegation for someone to give consent in name of the data subject
`provided consent`	Consent	0..*	The entity which provided the consent is the one to whom the consent has been delegated.

Document

Description: Document containing detailed information on the identity of the controller, the planned processing operations, the purpose and legal basis and on the measures taken to protect its data.
Properties: No properties have been defined for this entity.

Evidence Type

Description: Information about the characteristics of an Evidence.
Usage: A full description of this class is to be found in the CCCEV-ontology.
Properties: No properties have been defined for this entity.

Expiry

Description: Specifying when or under which quantifiable condition(s) the consent will expire
Subclass of
: Criterion
Properties: For this entity the following properties are defined: expiry cadance, expiry date, expiry frequency, expiry time.

Property	Expected Range	Cardinality	Description
`expiry cadance`	Period Of Time	0..1	The time between moments in time when the data may be retreived for processing
`expiry date`	DateTime	0..1	The moment in time up to which the data may be processed
`expiry frequency`	Integer	1..*	The number of times the data may be processed
`expiry time`	Period Of Time	0..1	The duration during which the data may be processed

Filter

Description: A filter added to the personal data to further limit the specifications of the personal data.
Properties: For this entity the following properties are defined: period.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`period`	Period Of Time	0..1	A period of time.

Description: Represents a consent entity that is considered given whether implicitly, explicitly, or by delegation.
Subclass of
: Consent
Properties: No properties have been defined for this entity.

Information Required

Description: Requested data that is to be proven by Evidence.
Usage: A full description of this class is to be found in the CCCEV-ontology.
Properties: No properties have been defined for this entity.

Legal Basis

Description: The Legal basis used to justify processing of personal data
Properties: For this entity the following properties are defined: oSLO:is legal basis for, type.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`oSLO:is legal basis for`	Personal Data Handling	0..*	The legal basis under which the data handling takes place
`type`	Legal Basis Type	1	The type of legal basis.

Minor Data Subject

Description: A Minor is a Data Subject who cannot provide their own consent (that is legally valid). Therefore, their consent must be obtained via a Guardian or Legal Representative or Parent.
Subclass of
: Data Subject
Properties: No properties have been defined for this entity.

Personal Data

Description: Any information relating to an identified or identifiable natural person (i.e., the DataSubject).
Properties: For this entity the following properties are defined: is personal data for consent, personal data document.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`is personal data for consent`	Consent	1	Links personal data with the consent it is associated with.
`personal data document`	Document	0..*	An human readable document is provided explaining what personal data which is part of the consent.

Personal Data Handling

Description: A high-level Class to describe 'data handling'. This can consist of personal data being processed for a purpose, involving entities, using technical and organisational, applicable risks, rights, and legal basis.
Properties: For this entity the following properties are defined: data handling document, has legal basis, live data, measure, personal data category, personal data type, right, risk.

Property	Expected Range	Cardinality	Description
`data handling document`	Document	0..*	An human readable document explaining how the personal data will be handled.
`has legal basis`	Legal Basis	0..1	Indicates that the handling of personal data has a legal basis.
`live data`	LiveData	1	Stating if the data should be a snapshot (i.e., not live data) or if the consent requires access to the latest version of the data (i.e., live data)
`measure`	Technical Organisational Measure	0..*	Technical measures required/followed when processing data of the declared category
`personal data category`	Personal Data Category	1	A category of personal data
`personal data type`	Personal Data Type	1	A type of personal data
`right`	Right	1	The right(s) applicable, provided, or expected.
`risk`	Risk	1	A risk or possibility or uncertainty of negative effects, impacts, or consequences.

Processing

Description: Processing specifies what is happening to/with the data.
Properties: For this entity the following properties are defined: involves third party, type.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`involves third party`	Third Party	0..*	Indicates wheter a ThirdParty in involved in processing the data or not.	For example the dataProcessor that processes the data on behalf of the DataController.
`type`	Processing Type	1	The type of processing.

Purpose

Description: Purpose refers to the aim or goal towards which the data is processed (or associated with any other form of action).
Properties: For this entity the following properties are defined: type.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`type`	Purpose Type	1	The type of purpose.

Registered Organisation

Description: An organization that is legally registered
Subclass of
: Agent, Organisation
Properties: For this entity the following properties are defined: legal name, registration.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`legal name`	LangString	1	The legal name of the organisation.
`registration`	Identifier	1	The registration is a fundamental relationship between a legal entity and the authority with which it is registered and that confers legal status upon it.

Registered Person

Description: Person whose information is recorded in a register.
Subclass of
: Agent, Person
Properties: For this entity the following properties are defined: full name, registration.

Property	Expected Range	Cardinality	Description	Usage	Codelist
`full name`	String	1	The full name of the person, in a general a combination of the first and last name.
`registration`	Identifier	1	Identification code of the person in the register.

Right

Description: The right(s) applicable, provided, or expected.
Properties: No properties have been defined for this entity.

Risk

Description: A risk or possibility or uncertainty of negative effects, impacts, or consequences.
Properties: No properties have been defined for this entity.

Third Party

Description: Represents an Agent that is a Person or an Organisation other than the current entity (w.r.t. data protection laws).
Properties: No properties have been defined for this entity.

Datatypes

Identifier

Description: Information used to uniquely identify of an object.
Usage: The basic principle here is that this string is assigned by an organisation and that this is done according to a well-defined system.
Properties: we have defined the following properties for this datatype: attributed at, attributed by, attributed by as string, identifier.

Property	Expects Type	Cardinality	Description	Usage
`attributed at`	DateTime	0..1	The date on which the identifier was issued.
`attributed by`	Agent	0..1	Link to the Agent that issued the identifier.
`attributed by as string`	String	0..1	Name of the Agent that issued the identifier.
`identifier`	Literal	0..1	String used to uniquely identify the object.	The type of the string refers to the identification system (including its version), the string itself refers to the actual identifier.

Location

Description: A location can be an identifiable geographic place (ISO 19112), but it can also be a non-geographic place such as a directory, row, or column. As such, there are numerous ways in which location can be expressed, such as by a coordinate, address, landmark, and so forth.
Properties: There are no properties defined for this datatype.

Period Of Time

Description: A temporal entity with non-zero extent or duration.
Properties: we have defined the following properties for this datatype: end, start.

Property	Expects Type	Cardinality	Description	Usage	Codelist
`end`	DateTime	0..1	Time instant at which the Period was terminated.
`start`	DateTime	1	Time instant at which the Period was initiated.

JSON-LD context

(non-normative)

A reusable JSON-LD context definition for this application profile is retrievable at: /doc/applicationprofile/consent/kandidaatstandaard/2022-02-23/context/OSLO-consent-ap_en.jsonld

SHACL template

(non-normative)

A reusable SHACL template for this application profile is retrievable at: /doc/applicationprofile/consent/kandidaatstandaard/2022-02-23/shacl/OSLO-consent-ap_en-SHACL.ttl