Mark up for Terms of Services and Privacy notices

This page provides background information for a proposed extension of schema.org dedicated to Terms of Services and Privacy Notices (i.e. Legal Documents). This extension is part of the overall LegiCrowd project and, more specifically, of the part of the project (LegiCrowd Onto) dedicated to the building of an ontology for the description of such legal documents.

This extension was built by taking both a top down approach from various sources of information such as the P3P, some previous work towards to extend the P3P with GDPR specific input for data and policies, cases from ToS;DR, as well as a bottom up approach cornerstoned by the LegiCrowd annotation environment.

The LegiCrowd Onto project team is composed of Sofia Almpani, Dr. Alain Couillault (Project Leader), Theodoros Mitsikas, Alexandros Nousias and Prof. Petros Stefaneas.

See also our partners and acknowledgements page.

Overview

Modeling Online Legal documents requires to handle types of objects:

  • Legal documents themselves, which need to be put into the hierarchy.
  • Users data, which encompass a wide range of data types including personal data (such as a user’s first name), sensitive data (for example about his beliefs or health), etc.
  • Actions performed by the platform itself or the users (e.g. collect or share data, input content or cancels a contract).
  • Managing users’ consent to several actions performed by the platform.
  • Describing the users’ and the platforms’ rights and commitments.

The following maps gives an overview of the whole hierarchy.

  • Nodes marked with a cross () are types we add to the existing version of schema.org.
  • Nodes marked with a star () are types already in the current version of schema.org but we suggest to modify.
  • All other types are standard schema.org types we use to describe legal documents.

Legal documents

New types : LegalDocument, PrivacyNotice

The current version of schema.org types Terms of Services as a Property, we propose a more generic approach: a legal document is a type of WebPage and has several subtypes, Privacy Notices and Terms of Services. The model is hence as follows (nodes with a + sign are proposed new types):

In our case, PrivacyNotice and termsofServices are not different, but this model leaves rooms for specific properties for each. It has to be noted that the properties attached to the current termofServices can be inherited from the proposed LegalDocument type.

New type: WebpageSection

We propose to create a type WebpageSection type to describe the content of each section of a Webpage through the hasPart property inherited from the CreativeWork type. Though a section is not a creative work per se, the hasPart property provides some leeway as it is described as “Indicat[ing] an item or CreativeWork that is part of this item, or CreativeWork (in some sense).”

New property: readability, of type ratingvalue, attached to type WebPage

The existing WebPage type receives the property readability, which describes the readability level of the current text. It is a type of ratingvalue from which it inherits values of type text (for example: High, Low) or number (e.g. a Fleisch index).

Contacts

The terms of use web pages usually provide some contact information such as company email or postal address. The GDPR requires to provide contact information for the company Data Processing Officer (DPO). We hence need to add this type of contact using the ResponsablePerson property inherited from the CreativeWork type. We do so by creating a new type DPO as a subtype of Person.

Alternately, we could use the property JobTitle of the type Person but we think that this type of Responsible person is highly relevant in the context of Legal Documents. See discussion here.

The Person and Organization types of schema.org come with a large set of properties (i.e. name, email address, postal address…) which are useful for Legal Documents annotation.

Personal Data

The handling (i.e. protecting, collecting, sharing) of users’ personal data is a core topic of online legal documents. A wide range of personal data can already be described with the existing types and properties, but are not marked as personal data. To achieve this, we propose to create a PersonalData type as a subtype of Intangible and to which existing or new personal data types are attached, rather than to create a specific property which appear difficult to attach to some existing data types.

There are several types of PersonalData necessary to describe the content of Legal Document. The propose the following list of types:

  • SensitiveData as described in the GDPR;
  • PhysicalData related to a person in the real world;
  • OnlineData related to a person’s online self.

Each type of data has subtypes as described in the hierarchy below.

Actions on Data

We mostly rely on the large existing set of action types to describe actions necessary to tag terms of services which includes the ShareAction, potentialAction (currently first letter lower case in schema.org), UpdateAction, RemedyAction, and TransferAction types. The existing ChooseAction comes a handy to describe the user’s action of giving consent.

We propose to add a RetainAction type to describes everything related to the retention of an object, and more specifically to users’ data or user generated content. We also need to be able to describe the duration of the retention, and thus we propose to add the existing duration property to the Action type.

User’s and platform’s rights and commitment

We suggest to add an hasRight property to describe the rights attached Organization or Person, such as unsubscribe, data portability, users’ data collection or sharing…

In addition, we add a type to describe the Guarantee attached to a Service to describe the platform’s commitment by adding a specific type of property.

Managing users consents

We consider three types of consents as actionOptions:

  • implicit consent,
  • explicit consent,
  • minor explicit consent.

This allows to describe consents to various types of actions, such as collect, share, port… data.

Checking minors consent

We need to enhance the existing FindAction type in order to cater for checking the minor’s responsible person identifier. This involves both to change the description of the FindAction and CheckAction types, and to add the type Person as a property of FindAction which in then inherited by the CheckAction type.

Additional types of legal documents

Beyond describing terms of services and privacy notices, the LegalDocument type can be used to described various types of documents, such as official government forms or web related documents. This could include:

a court document to file or answer a lawsuit (1)
a USCIS form to fill out to apply for a visa (1)
an official CDC declaration form to fill out and give to your landlord to protect yourself from eviction (1)
Trackers Policy (2)
Parent Organization Terms (2)
Parent Organization Privacy Policy (2)
Developer Terms (2)
Community Guidelines (2)
Acceptable Use Policy (2)
Restricted Use Policy (2)
Commercial Terms (2)
Copyright Claims Policy (2)
Law Enforcement Guidelines (2)
Human Rights Policy (2)
In-App Purchases Policy (2)
Review Guidelines (2)
Brand Guidelines (2)
Quality Guidelines (2)
Data Controller Agreement (2)
Data Processor Agreement (2)
User Consent Policy (2)
Closed Captioning Policy (2)
Seller Warranty (2)
Single Sign-On Policy (2)
Vulnerability Disclosure Policy (2)
Live Policy (2)

(1) from https://lists.w3.org/Archives/Public/public-schemaorg/2020Mar/0022.html

(2) from https://github.com/ambanum/CGUs/blob/master/src/app/types.json#L32