Privacy laws such as the General Data Protection Regulation (GDPR) specify several obligations involving personal data. A privacy policy is a document that provides information for legal compliance on how personal data is collected, used, stored, and shared, which is essential for understanding their privacy implications. Approaches such as the UsablePrivacy project that extract information from the text of the privacy policy need to structure it in a manner suitable for machine processing. Semantic web has been proven to be suitable to represent this knowledge as a set of queryable concepts and relationships. However, there is a large overlap between different projects and approaches targeting the privacy policy that does not take advantage of the significant similarity of its underlying information. This ontology design pattern is aimed to aid these efforts in representing and modelling information related to personal data within a privacy policy. The pattern will assist the existing ecosystem of machine-based approaches for interpretation and visualisation of privacy policies by providing a common structured representation to ease modelling and sharing of related information. 2018-05-30 2018-07-20 Ontology Design Pattern for Personal Data in Privacy Policies The ontology design pattern is useful for depicting information regarding personal data in privacy policies. Links data obtained (collected) by the step/activity that acquired it collectsData denotes Agent from which data was collected collectsDataFromAgent specifies collection mechanism used for collecting data hasCollectionMechanism specifies legal basis for processing hasLegalBasis Indicates sharing of Data through a DataStep sharesData denotes the process/activity/purpose for which the data is shared sharesDataForProcess shares data with Agent sharesDataWith links step with data used usesData Duration of a temporal entity, expressed as a scaled value or nominal value hasDuration The mechanism through which personal data is collected Collection Mechanism This provides the basis for lawful processing of personal data. Lawful Basis DataCollectionStep collects data from the user Data Collection Step 1 Data Sharing Step DataSharingStep shares data with another agent/organisation. These may be internal or external entities. 1 PersonalData is any data pertaining to the user which can contain personally identifiable information or a data set generated by the system using personally identifiable information acquired through direct or indirect means PersonalData A Process describes a 'Plan' of action for carrying out a particular activity that uses or is related to Data or Consent Process Duration of a temporal extent expressed as a decimal number scaled by a temporal unit Duration