ODRL Regulatory Compliance Profile

The Open Digital Rights Language (ODRL) is a policy expression language that provides a flexible and interoperable information model, vocabulary, and encoding mechanisms for representing statements about the usage of content and services.

This document constitutes an ODRL profile that adapts the ODRL Core Model and Vocabulary with concepts and terms to support regulatory compliance checking of business policies.

In essence, ODRL Regulatory Compliance Profile policies are used to represent regulatory permissions, prohibitions, obligations, and dispensations, which may be limited by constraints (e.g., temporal, spatial).

Significant portions of this document are reproduced from the ODRL Information Model standard. We would particularly like to thank Benedict Whittamsmith (Refinitiv) and Piero Bonatti (CeRICT) for their comments on this draft specification.

ODRL Regulatory Compliance Profile

The ODRL Regulatory Compliance Profile model represents Policies that express Permissions, Prohibitions, Obligations, and Dispensations related to actions.

The figure below shows the ODRL Regulatory Compliance Profile model, which is an adaptation of the ODRL Information model.

The ODRL Regulatory Compliance Profile model (Also available in SVG format)

The ODRL Regulatory Compliance Profile model has the following core classes:

Policy - A non-empty Set of Permissions (via the permission property) and/or Prohibitions (via the prohibition property) and/or Obligations (via the obligation property) and/or Dispensations (via the dispensation property).
ConflictTerm - A means to specific the conflict resolution strategy.
Rule - An abstract concept that represents the common characteristics of Permissions, Prohibitions, Obligations and Dispensations.
Action - An operation referred to in a Rule.
Resource - An object referred to in a Rule.
Party - An entity referred to in a Rule.
Constraint - An abstract concept denoting constraints used to refine a Rule. The profile currently supports PredicateConstraints.

Policy Class

The Policy class has the following properties:

A Policy MUST have one uid property value (of type IRI [[!rfc3987]]) to identify the Policy.
A Policy MUST have at least one permission, prohibition, obligation or dispensation property of type Rule. (See the Permission, Prohibition, Obligation and Dispensation sections for more details.)
A Policy MUST use a profile property value (of type IRI [[!rfc3987]]) to identify the ODRL Regulatory Compliance Profile.
A Policy MAY have none, one, or many inheritFrom property values (of type IRI [[!rfc3987]]) to identify the parent Policy from which this child Policy inherits from.
A Policy MAY have none or one conflict property values (of type ConflictTerm) for Conflict Strategy Preferences indicating how to handle Policy conflicts.

Set subClass

An ODRL Policy of subclass Set represents any combination of Rules. The Set Policy subclass is also the default subclass of Policy (if none is specified).

conflict property

The conflict property is used to establish strategies to resolve conflicts that arise from the merging of Policies or conflicts between Permissions, Prohibitions and Obligations in the same Policy. Conflicts may arise when merging Policies as a result of policy inheritance and the resultant Rules are inconsistent.

inheritedFrom property

A property which is used to cater for policies inheritance.

profile property

A property which is used to specify the policies profile.

permission/prohibition/obligation/dispensation properties

Properties that relate rules of type Permission, Prohibition, Obligation, or Dispensation to a Policy.

ConflictTerm Class

The conflict property is used to establish strategies to resolve conflicts that arise from the merging of Policies or conflicts between Permissions/Obligations and Prohibitions in the same Policy. Conflicts may arise when merging Policies, as a result of policy inheritance, or when Rules are inconsistent.

The conflict property SHOULD take one of the following conflict strategy preference values (instances of the ConflictTerm class):

perm: Permissions and Obligations MUST override the Prohibitions
prohibit: Prohibitions MUST override the Permissions and Obligations
invalid: the entire Policy MUST be void if any conflict is detected

If the conflict property is not explicitly set, the default of invalid will be used.

The conflict strategy requirements include:

If a Policy has the conflict property of perm then any conflicting Permission/Obligation Rule MUST override the Prohibition Rule.
If a Policy has the conflict property of prohibit then any conflicting Prohibition Rule MUST override the Permission/Obligation Rule.
If a Policy has the conflict property of invalid then any conflicting Rules MUST void the entire Policy.
If a Policy has multiple conflict property values (for example, after a Policy merge or inheritance) and there are conflicting Rules then the entire Policy MUST be void.

Action Class

An Action class indicates an operation.

The ODRL Regulatory Compliance Profile model defines the following top-level Actions:

Processing - actions that involve processing by parties.
Transfer - actions that involve transfers between parties.

The Action class has the following properties:

An Action SHOULD have one uid property value (of type IRI [[!rfc3987]]) to identify the Action.

Based on the analysis of Articles 6 and 46 of the GDPR, we propose the following subclasses of the Processing class:

ProcessingEffectingFundamentalRightsAndFreedomsOfTheDataSubject

Resource Class

A Resource class is a resource or a collection of resources that are the subject of a Rule. The Resource can be any form of identifiable resource, such as data/information, content/media, applications, services, or physical artefacts.

The Resource class has the following properties:

A Resource SHOULD have one uid property value (of type IRI [[!rfc3987]]) to identify the Resource.

Based on the analysis of Articles 6 and 46 of the GDPR, we propose the following entities of type Resource :

PersonalData
AppropriateSafeguards
EnforceableDataSubjectRights
LegallyBindingEnforceableInstrument
BindingCorporateRules
StandardDataProtectionClauses
ApprovedCodeOfConduct

hasPolicy property

An ODRL Policy class MAY also be referenced by the hasPolicy property. This supports ODRL Policy Rules being the object of external metadata expressions (that identifies a Resource). When hasPolicy has been asserted between a metadata expression and an ODRL Policy, the Resource being identified MUST be inferred to be the resource of all the Rules of that Policy. If there are multiple Rules in the Policy, then the inferred Resource will be the target Resource to every Rule in the Policy.

Party Class

A Party is an entity or a collection of entities that undertake roles in a Rule, such as a person, collection of people, organisation, or agent. The Party performs (or does not perform) Actions or has a function in an Obligation.

The Party class has the following properties:

A Party SHOULD have one uid property value (of type IRI [[!rfc3987]]) to identify the Party.

Based on the analysis of Articles 6 and 46 of the GDPR, we propose the following entities of type Party:

Controller
Processor
PublicAuthority
InternationalOrganisation

LegalBasis Class

A class denoting the legal basis for processing.

The profile has the following subclasses of type LegalBasis that are associated with an action via the legalBasis property:

Consent
Contract
LegalObligation
VitalInterest
PublicInterest
ExerciseOfficialAuthority
LegitimateInterest

Location Class

A class denoting the location of the processing.

The profile has the following subclasses of type Location that are associated with an action via the location property:

ThirdCountry
EU

Purpose Class

A class denoting the reason for the processing.

The profile has the following subclasses of type Purpose that are associated with an action via the purpose property:

PublicAuthorityTask
PersonalRecommendations

Constraint Class

The Constraint class is used to specify expressions that can be used to refine the semantics of an Action or declare the conditions applicable to a Rule. When multiple Constraints apply to the same Rule or Action, then they are interpreted as conjunction and all MUST be satisfied.

PredicateConstraint subClass

A PredicateConstraint class is used for expressions which compare two operands by one relational operator, where the leftOperand is a predicate and the rightOperand is an object. If the comparison returns a match the PredicateConstraint is satisfied, otherwise it is not satisfied. The Constraint class formulates a comparison expression, such as, orcp:organisationType (the leftOperand) must be equal to (the operator) orcp:InternationalOrganisation (the rightOperand).

The Constraint class has the following properties:

A Constraint MUST have none or one uid property value (of type IRI [[!rfc3987]]) to identify the Constraint.
A Constraint MUST have one leftOperand property value of type LeftOperand.
A Constraint MUST have one operator property value of type Operator.
A Constraint MUST have one rightOperand property value of type RightOperator.

leftOperand property

Used to define the predicate of the constraint which must be satisfied.

operator property

Used to define the operator for the constraint which must be satisfied.

This profile adopts the following top-level Operators:

isA
isAnyOf

RightOperand Class

Used to define the object of the constraint that must be satisfied.

Rule Class

The Rule class is the parent of the Permission, Prohibition, Obligations and Dispensation classes. The Rule class represents the common characteristics of these five classes. A Rule class MUST be disjoint with all other Rule subclasses.

The Rule class has the following properties:

A Rule MAY have none or one uid property values (of type IRI [[!rfc3987]]) to identify the Rule so it MAY be referenced by other Rules.
A Rule MUST have one action property value of type Action.
A Rule MAY have none, one or many permission, prohibition, obligation or dispensation property values of type Rule.
A Rule MAY have none, one or many constraint property values of type Constraint.
A Rule MAY have none or one legalBasis property values to identify the LegalBasis for processing.
A Rule MAY have none or one purpose property values to identify the Purpose of the processing.
A Rule MAY have none or one location property values to identify the Location of the resource.

We need to determine where we are going to host this page as it effects the namespace "@context": "https://ai.wu.ac.at/policies/orcp/odrl_regulatory_profile.jsonid",

Permission subClass

A Permission allows an action to be exercised if all constraints are satisfied and if all obligations are fulfilled.

The Permission class is a subclass of, and inherits all the properties from, the Rule class.

Example: Article 6, Paragraph 1, of the GDPR.
"Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party....

For now we ignore the exception specified in Article 6, paragraph 1, point f. We will deal with this in examples 3 & 4.

{
    "@context": "https://ai.wu.ac.at/policies/orcp/odrl_regulatory_profile.jsonid",
    "@type": "Set",
    "uid": "http://example.com/policy:gdpr-article6",
    "profile": "http://example.com/odrl:profile:regulatory-compliance",
    "permission": [{
        "uid": "http://example.com/policy:gdpr-article6-para1",
        "action": "Processing",
        "data": "PersonalData",
        "predicateConstraint": {
	    "leftOperand": "legalBasis",
            "operator": "isAnyOf",
            "rightOperand": {
                "@list": [
                    { "@id": "Consent" },
                    { "@id": "Contract" },
                    { "@id": "LegalObligation" },
                    { "@id": "VitalInterest" },
                    { "@id": "PublicInterest" },
                    { "@id": "ExerciseOfOfficialAuthority" },
                    { "@id": "LegitimateInterest" }
                ]
            }
        }
    }]
}


<http://example.com/policy:gdpr-article6> a orcp:Set ;
    orcp:permission <http://example.com/policy:gdpr-article-para1> ;
    odrl:profile <http://example.com/odrl:profile:regulatory-compliance> .

<http://example.com/policy:gdpr-article-para1> odrl:action orcp:Processing ;
    orcp:data orcp:PersonalData ;
    odrl:predicateConstraint
	[ odrl:leftOperand orcp:legalBasis ;
          odrl:operator odrl:isAnyOf ;
          odrl:rightOperand ( orcp:Consent
                              orcp:Contract
                              orcp:LegalObligation
                              orcp:VitalInterest
                              orcp:PublicInterest
                              orcp:ExerciseOfOfficialAuthority
                              orcp:LegitimateInterest )
        ] .

Prohibition subClass

A Prohibition disallows an action to be exercised if all constraints are satisfied.

The Prohibition class is a subclass of, and inherits all the properties from, the Rule class.

Example: Article 6, Paragraph 1, of the GDPR.
"Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

{
    "@context": "https://ai.wu.ac.at/policies/orcp/odrl_regulatory_profile.jsonid",
    "@type": "Set",
    "uid": "http://example.com/policy:gdpr-article6",
    "profile": "http://example.com/odrl:profile:regulatory-compliance",
    "permission": [{
        "uid": "http://example.com/policy:gdpr-article6-para1",
        "action": "Processing",
        "data": "PersonalData",
        "predicateConstraint": {
	    "leftOperand": "legalBasis",
            "operator": "isAnyOf",
            "rightOperand": {
                "@list": [
                    { "@id": "Consent" },
                    { "@id": "Contract" },
                    { "@id": "LegalObligation" },
                    { "@id": "VitalInterest" },
                    { "@id": "PublicInterest" },
                    { "@id": "ExerciseOfOfficialAuthority" },
                    { "@id": "LegitimateInterest" }
                ]
            }
        },
        "prohibition": [{
            "legalBasis": "LegitimateInterest",
            "predicateConstraint": [{
		"leftOperand": "action",
		"operator": "isA",
		"rightOperand": "ProcessingEffectingFundamentalRightsAndFreedomsOfTheDataSubject"
            }]
        }]

    }]
}


<http://example.com/policy:gdpr-article6> a orcp:Set ;
    orcp:permission <http://example.com/policy:gdpr-article-para1> ;
    odrl:profile <http://example.com/odrl:profile:regulatory-compliance> .

<http://example.com/policy:gdpr-article-para1> odrl:action orcp:Processing ;
    orcp:data orcp:PersonalData ;
    odrl:predicateConstraint
	[ odrl:leftOperand orcp:legalBasis ;
          odrl:operator odrl:isAnyOf ;
          odrl:rightOperand ( orcp:Consent
                              orcp:Contract
                              orcp:LegalObligation
                              orcp:VitalInterest
                              orcp:PublicInterest
                              orcp:ExerciseOfOfficialAuthority
                              orcp:LegitimateInterest )
	] ;
    orcp:prohibition
        [ orcp:legalBasis orcp:LegitimateInterest ;
	  odrl:predicateConstraint
	      [ odrl:leftOperand odrl:action ;
                odrl:operator odrl:isA ;
                odrl:rightOperand orcp:ProcessingEffectingFundamentalRightsAndFreedomsOfTheDataSubject
              ]
        ].

Obligation subClass

An Obligation is requirement to perform an action. An Obligation is fulfilled if all constraints are satisfied and if its action has been exercised.

The Obligation class is a subclass of, and inherits all the properties from, the Rule class.

Example: transfers. Transfers are permitted if there are binding corporate rules in accordance with Article 47; ....

 {
    "@context": "https://ai.wu.ac.at/policies/orcp/odrl_regulatory_profile.jsonid",
    "@type": "Set",
    "uid": "http://example.com/policy:gdpr-article46",
    "profile": "http://example.com/odrl:profile:regulatory-compliance",

    "permission": [{
        "action": "Transfer",
	"data": "PersonalData",
        "predicateConstraint": [{
            "or": {
                "@list": [{
                    "leftOperand": "organisationType",
                    "operator": "isA",
                    "rightOperand": { "@id": "InternationalOrganisation" }
                 },{
                    "leftOperand": "recipientLocation",
                    "operator": "isA",
                    "rightOperand": { "@id": "ThirdCountry" }
                }]
	    }
        }],
        "obligation": [{
            "predicateConstraint": [{
		"leftOperand": "appropriateSafeguards",
                "operator": "isAnyOf",
                "rightOperand": {
                    "@list": [
                    	{ "@id": "LegallyBindingEnforceableInstrument" },
                        { "@id": "BindingCorporateRules"  },
                        { "@id": "StandardDataProtectionClauses" },
                        { "@id": "ApprovedCodeOfConduct"  },
                        { "@id": "ApprovedCertificateMechanism"  }
                ]}
            }]
        },{
	     "predicateConstraint": [{
             	"leftOperand": "dataSubjectProvisions",
             	"operator": "isA",
             	"rightOperand": { "@id": "EnforceableDataSubjectRights"}
             }]
        },{
	     "predicateConstraint": [{
             	"leftOperand": "dataSubjectProvisions",
             	"operator": "isA",
             	"rightOperand": { "@id": "LegalRemediesForDataSubjects"}
             }]
        }]
    }]
}


<http://example.com/policy:gdpr-article46> a orcp:Set ;
    odrl:profile <http://example.com/odrl:profile:regulatory-compliance> ;
    orcp:permission
	[ odrl:action orcp:Transfer ;
	  orcp:data orcp:PersonalData ;
          odrl:predicateConstraint
		[ odrl:or (
                        [ odrl:leftOperand orcp:organisationType ;
                          odrl:operator odrl:isA ;
                          odrl:rightOperand orcp:InternationalOrganisation
                        ]
                        [ odrl:leftOperand orcp:recipientLocation ;
                          odrl:operator odrl:isA ;
                          odrl:rightOperand orcp:ThirdCountry
                        ] )
		] ;
          orcp:obligation
		[ odrl:predicateConstraint
			[ odrl:leftOperand orcp:dataSubjectProvisions ;
                          odrl:operator odrl:isA ;
                          odrl:rightOperand orcp:EnforceableDataSubjectRights
                        ]
                ],
                [ odrl:predicateConstraint
			[ odrl:leftOperand orcp:dataSubjectProvisions ;
                          odrl:operator odrl:isA ;
                          odrl:rightOperand orcp:LegalRemediesForDataSubjects
                        ]
		],
                [ odrl:predicateConstraint
			[ odrl:leftOperand orcp:appropriateSafeguards ;
                          odrl:operator odrl:isAnyOf ;
                          odrl:rightOperand ( orcp:LegallyBindingEnforceableInstrument
					      orcp:BindingCorporateRules
                                              orcp:StandardDataProtectionClauses
					      orcp:ApprovedCodeOfConduct
                                              orcp:ApprovedCertificateMechanism )
                        ]
		]
	] .

Dispensation subClass

A Dispensation is an exemption from the obligation to perform an action.

The Dispensation class is a subclass of, and inherits all the properties from, the Rule class.

Example: Article 6 paragraph 2. ...... Point f of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.

{
    "@context": "https://ai.wu.ac.at/policies/orcp/odrl_regulatory_profile.jsonid",
    "@type": "Set",
    "uid": "http://example.com/policy:gdpr-article6",
    "profile": "http://example.com/odrl:profile:regulatory-compliance",
    "permission": [{
        "uid": "http://example.com/policy:gdpr-article6-para1",
        "action": "Processing",
        "data": "PersonalData",
        "predicateConstraint": {
	    "leftOperand": "legalBasis",
            "operator": "isAnyOf",
            "rightOperand": {
                "@list": [
                    { "@id": "Consent" },
                    { "@id": "Contract" },
                    { "@id": "LegalObligation" },
                    { "@id": "VitalInterest" },
                    { "@id": "PublicInterest" },
                    { "@id": "ExerciseOfOfficialAuthority" },
                    { "@id": "LegitimateInterest" }
                ]
            }
        },
        "prohibition": [{
            "legalBasis": "LegitimateInterest",
            "predicateConstraint": [{
		"leftOperand": "action",
		"operator": "isA",
		"rightOperand": "ProcessingEffectingFundamentalRightsAndFreedomsOfTheDataSubject"
            }],
            "dispensation": [{
                "predicateConstraint": [{
                    "and": {
                        "@list": [{
                            "leftOperand": "organisationType",
                            "operator": "isA",
                            "rightOperand": "PublicAuthority"
                         },{
                            "leftOperand": "purpose",
                            "operator": "isA",
                            "rightOperand": "PublicAuthorityTask"
                        }]
	            }
                }]
            }]
        }]

    }]
}


<http://example.com/policy:gdpr-article6> a orcp:Set ;
    orcp:permission <http://example.com/policy:gdpr-article-para1> ;
    odrl:profile <http://example.com/odrl:profile:regulatory-compliance> .

<http://example.com/policy:gdpr-article-para1> odrl:action orcp:processing ;
    orcp:data orcp:PersonalData ;
    odrl:predicateConstraint
	[ odrl:leftOperand orcp:legalBasis ;
          odrl:operator odrl:isAnyOf ;
          odrl:rightOperand ( orcp:Consent
                              orcp:Contract
                              orcp:LegalObligation
                              orcp:VitalInterest
                              orcp:PublicInterest
                              orcp:ExerciseOfOfficialAuthority
                              orcp:LegitimateInterest )
	] ;
    orcp:prohibition
	[ orcp:legalBasis orcp:LegitimateInterest ;
	  odrl:predicateConstraint
	       [ odrl:leftOperand odrl:action ;
              	 odrl:operator odrl:isA ;
              	 odrl:rightOperand orcp:ProcessingEffectingFundamentalRightsAndFreedomsOfTheDataSubject
               ] ;
	  orcp:dispensation
	      [ odrl:predicateConstraint
		     [ odrl:and (
                         [ odrl:leftOperand orcp:organisationType ;
                           odrl:operator odrl:isA ;
                           odrl:rightOperand orcp:PublicAuthority
                         ]
                         [ odrl:leftOperand orcp:purpose ;
                           odrl:operator odrl:isA ;
                           odrl:rightOperand orcp:PublicAuthorityTask
                         ] )
		     ]
               ]
	] .

relation property

A relation property is used to link a Rule to a Resource. The relation property itself is abstract; sub-properties represent explicit semantics of the relationship between the Resource and the Rule.

The profile has the following sub-properties of relation:

data: indicates the Resource referred to in the rule.

function property

A function property is used to link a Rule to a Party, indicating the function undertaken by the Party in respect to the Rule that links to it. The function property itself is abstract; sub-properties represent explicit semantics of the functional role between the Party and the Rule.

The profile has the following sub-properties of function:

controller
processor
sender
recipient
responsibleParty

action property

A property that is used to relate an Action to a Rule.

constraint property

Specifies a constraint which must be satisfied in order for the rule to be valid.

permission/prohibition/obligation/dispensation property

A property that allows for the nesting of rules of type Permission, Prohibition, Obligation, or Dispensation.

legalBasis property

A property used to assert the legal basis for processing. This property is used to link a Rule to a LegalBasis.

purpose property

A property used to assert the purpose for the processing. This property is used to link a Rule to a Purpose.

processingLocation property

A property used to assert the location of the processing. This property is used to link a Rule to a Location.

recipientLocation property

A property used to assert the location where the recipient is located. This property is used to link a Rule to a Location.

organisationType property

A property used to assert the type of organisation. This property is used to link a Rule to a Party.

appropriateSafeguards property

A property used to assert the type of safeguards that are in place. This property is used to link a Rule to a Resource of type AppropriateSafeguards.

dataSubjectProvisions property

A property used to assert the data subject provisions that are in place. This property is used to link a Rule to a Resource of type DataSubjectProvisions.

Examples

In this chapter we demonstrate how Article 6 Lawfulness of processing and Article 46 Transfers subject to appropriate safeguards would be modelled using the proposed ODRL Regulatory Compliance Profile.

Introduction

Aims of the Model

Terminology

ODRL Regulatory Compliance Profile

Policy Class

Set subClass

conflict property

inheritedFrom property

profile property

permission/prohibition/obligation/dispensation properties

ConflictTerm Class

Action Class

Resource Class

hasPolicy property

Party Class

LegalBasis Class

Location Class

Purpose Class

Constraint Class

PredicateConstraint subClass

leftOperand property

operator property

RightOperand Class

Rule Class

Permission subClass

Prohibition subClass

Obligation subClass

Dispensation subClass

relation property

function property

action property

constraint property

permission/prohibition/obligation/dispensation property

legalBasis property

purpose property

processingLocation property

recipientLocation property

organisationType property

appropriateSafeguards property

dataSubjectProvisions property

Examples

GDPR Lawfulness of Processing

Article 6 Lawfulness of processing

Business policy permission for Processing, inside the EU, with consent of the data subject

GDPR Lawfulness of Transfers

Article 46 Transfers subject to appropriate safeguards

Business policy permission request for international organisation.