Open Digital Rights Language (ODRL)
The Open Digital Rights Language (ODRL) is a policy expression language designed to represent statements about the use of content and services. It provides a flexible information model, vocabulary, Validator and Evaluator and encoding mechanisms to ensure interoperability. ODRL policies define:
- Permitted, mandatory and prohibited actions for specific assets that parties must comply with.
- Additional elements such as restrictions (e.g. temporal or spatial limits) and duties (e.g. payments) linked to permissions.
The ODRL Profile for Data Sovereignty enhances the ODRL core model by introducing terms for expressing usage restrictions, obligations, and modifications. These policies can be converted into technology-specific languages, such as the MYDATA Control Technologies Policy Language, to enable enforcement in systems.
RightsML is an Rights Expression Language designed for the media industry, allowing news providers and publishers to annotate media assets with machine-readable instructions detailing permissions and restrictions.
The Market Data Profile for ODRL extends ODRL with vocabulary and semantics to specify rights and obligations for using market data.
DUC is a Rights Expression Language tailored for the big data industry. It enables news data providers and publishers to annotate data assets with machine-readable instructions that define permissions and restrictions.
The ODRL Profile for Access Control (OAC) defines flexible access rules for decentralized data storage, specifying who can access data and under what conditions. It integrates privacy and data protection terms using the Data Privacy Vocabulary (DPV) to ensure compliance with legal and ethical standards.
The ODRL Profile aims to enable clear and precise referencing of verifiable credential claims within ODRL policies. This allows assignors to enforce policies with trustworthy, verifiable claims from assignees, enhancing trust and confidence in policy enforcement.
ODRL for Language Resources (ODRL-LR) is a specialized extension of the W3C ODRL framework, designed to represent policies and licenses for language resources. It uses RDF for encoding and follows ODRL Profile Best Practices. Developed under the Prêt-à-LLOD project, it provides a tailored vocabulary for common licenses and builds upon the Metashare Rights ontology.
The ODRL Regulatory Compliance Profile is a specialised extension aimed at enabling automatic compliance checking of business policies. It supports the representation of regulatory permissions, prohibitions, obligations, and dispensations, often constrained by specific factors like time or location. The primary objective is to provide a framework and vocabularies for expressing these regulatory elements in a way that facilitates automated compliance verification.
Most of its concepts define data processing, with actions such as processing and transferring, and its examples focus on GDPR compliance. For example:
<http://example.com/policy:gdpr-article46> a orcp:Set ;
odrl:profile <http://example.com/odrl:profile:regulatory-compliance> ;
orcp:permission
[ odrl:action orcp:Transfer ;
orcp:data orcp:PersonalData ;
odrl:predicateConstraint
[ odrl:or (
[ odrl:leftOperand orcp:organisationType ;
odrl:operator odrl:isA ;
odrl:rightOperand orcp:InternationalOrganisation
]
[ odrl:leftOperand orcp:recipientLocation ;
odrl:operator odrl:isA ;
odrl:rightOperand orcp:ThirdCountry
] )
] ;
] .The Privacy Paradigm ODRL Profile (PPOP) extends ODRL, DPV, and related specifications to enhance transparency in privacy and data protection. It defines core concepts such as new entities in the data economy, individual and group rights, organisational duties, and safeguards, drawing on legal and ethical sources. Key Sources:
- Legal: GDPR, DGA, eIDAS 2, DSA, EDPB and Article 29 guidelines, and case law like the WhatsApp Ireland decision.
- Ethical: AI HLEG, AI Turing, OECD, UNESCO, ECHR, and additional ethical literature.