How to Manage My Data? With Machine--Interpretable GDPR Rights!
Journal:
arXiv
Published Date:
Dec 19, 2024
Abstract
The EU GDPR is a landmark regulation that introduced several rights for
individuals to obtain information and control how their personal data is being
processed, as well as receive a copy of it. However, there are gaps in the
effective use of rights due to each organisation developing custom methods for
rights declaration and management. Simultaneously, there is a technological gap
as there is no single consistent standards-based mechanism that can automate
the handling of rights for both organisations and individuals. In this article,
we present a specification for exercising and managing rights in a
machine-interpretable format based on semantic web standards. Our approach uses
the comprehensive Data Privacy Vocabulary to create a streamlined workflow for
individuals to understand what rights exist, how and where to exercise them,
and for organisations to effectively manage them. This work pushes the state of
the art in GDPR rights management and is crucial for data reuse and rights
management under technologically intensive developments, such as Data Spaces.
