PoV: CoreVocs and GDPR

Point-of-view: The Core Person Vocabulary and the GDPR

Published on: 25/02/2019
Last update: 07/06/2019

Fidel Santiago, programme manager of the ISA² Programme*, explains why the General Data Protection Regulation (GDPR) is a big opportunity for semantic data modellers and illustrates how the solutions developed by the Semantic Interoperability Community action (SEMIC), such as Core Vocabularies, can play a key role in this context.

SEMIC PoV Fidel Santiago


The General Data Protection Regulation (GDPR) is a big opportunity for semantic data modellers. Thanks to this new regulation, many organisations are reviewing their data management practices to (re)confirm their compliance with the new law and to improve on some new aspects like accountability or record keeping. Benefiting from this internal revision, we, semantic data modellers, can improve our organisations’ (semantic) data models and our metadata management in general. Of the many possibilities opened by the GDPR, in SEMIC we have explored the relationship between the right to data portability and SEMIC’s Core Vocabularies, specially the Core Person Vocabulary.

Core Vocabularies are ‘simplified, reusable, and extensible data models that capture the fundamental characteristics of an entity in a context-neutral manner.’ The Core Person Vocabulary does so, ‘capturing the fundamental characteristics’, of a natural person. Natural persons are one of the main actors in the GDPR: the data subjects. Being context-neutral, Core Vocabularies allow for their use in many different domains and so can address the GDPR needs of organisations operating in different domains: private or public sector, industrial or services, health or communication, etc.

The GDPR incorporates a new right to data portability, which allows us, data subjects, to receive the information we have provided to an organisation ‘in a structured, commonly used and machine-readable format’. It also gives us the right to send that information to another organisation, and to ask the originating organisation to transmit our information to another one on our instructions. Core Vocabularies and, particularly, Core Person Vocabulary would address the requirements of the GDPR when answering data portability requests. When used between organisations, they enable interoperable systems that facilitate the transmission of personal information as the right to data portability mandates in the GDPR.

Expanding and developing this brief thought, in SEMIC we have developed a Study on the potential of Core Vocabularies to support the right to data portability under the GDPR. It examines the use and application of Core Vocabularies and, more precisely, the Core Person Vocabulary  as  a  potential  enabler  for  the data  portability right  contained  in  the  GDPR and  how  public  administrations  in  the  EU  could  comply  with  these  provisions using them.

This is but one example of the relationship between the GDPR and semantic modelling or metadata management; there are still plenty of options to explore regarding this relationship. I hope you find our contribution interesting and valuable. From the SEMIC team, we are looking forward to your comments and insights on this and other aspects of data protection and semantic interoperability.

* The ISA² programme is managed by the Interoperability Unit of the Directorate-General Informatics (DIGIT) of the European Commission.