feat(dtpr-ai): rights audit — narrow 4 elements, add 5 new#275
Conversation
Adds the rights-side analog of the existing risks/harms corpus (MIT / Atlas / AIAAIC / AIR 2024). New entries cover EU AI Act Articles 26/27/50/86, the CoE Framework Convention on AI (2024), the Ada Lovelace + AI Now + OGP public-sector algorithmic accountability survey, the DaPIS data-protection icon set, and the Wachter/Edwards/Kaminski right-to-explanation scholarship. Verified by `node plugin/dtpr/evals/verify.mjs` (9 corpus entries, conformance check passed). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Applies the ai__rights category audit on top of the new rights-research corpus. Edits (descriptions narrowed in all 6 locales): - right_algorithmic_transparency: now system-logic disclosure only; the individual-decision explanation right is split out. - right_contest: now post-decision appeal only; the human-review affordance is split out. - right_be_forgotten: tightened to deletion with an explicit cue against right_object (stop processing without deletion). - right_purpose_limitation: tightened to upstream constraint with the same cue. Adds (full 6-locale element bodies + placeholder symbols): - right_to_notice — knowing AI is in operation (AI Act Art. 26/50, CoE Convention Art. 15) - right_individual_decision_explanation — ex-post explanation of a specific decision (AI Act Art. 86, Wachter 2017) - right_to_human_review — non-AI path / meaningful human reconsideration (GDPR Art. 22(3), CCPA ADMT 2025) - right_correction — rectification of inaccurate data (GDPR Art. 16, CPRA, DaPIS Rectification) - right_object — stop processing without deletion (GDPR Art. 21) Validation: - pnpm schema:validate ai@2026-04-27-beta → 11 categories, 74 elements (was 69). - pnpm schema:build ai@2026-04-27-beta → 323 files written; content_hash sha256-e8e0…d344 materialized. Caveats: km/tl translations follow the structural pattern of existing rights elements but should get a native-speaker pass before promotion. The 5 placeholder SVG symbols are functional draft-quality; design refinement is the natural follow-up via dtpr-element-design. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Greptile SummaryThis PR expands the
Confidence Score: 3/5The schema changes are well-structured and the corpus research is thorough, but two element descriptions contain substantive inaccuracies that could mislead citizens about the scope and timing of their legal rights before this beta is promoted. The right_individual_decision_explanation element rests on EU AI Act Art. 86, which the companion corpus entry explicitly warns is forward-dated — yet the element description ships without that caveat. The right_object description presents GDPR Art. 21 as an unconditional stop-now right when it is conditional for most processing, and the English title actively diverges from the 'right to object' framing used in every other locale. Both issues are in citizen-facing disclosure copy. right_individual_decision_explanation.yaml and right_object.yaml need description corrections; rights_object.svg has a confusing visual metaphor that should be revisited before the design-refinement pass.
|
| Filename | Overview |
|---|---|
| api/schemas/ai/2026-04-27-beta/elements/right_individual_decision_explanation.yaml | New element anchored to EU AI Act Art. 86, which does not apply until 2 August 2026; the corpus entry explicitly flags this but the element description omits the temporal caveat. |
| api/schemas/ai/2026-04-27-beta/elements/right_object.yaml | New element; English title and description overstate GDPR Art. 21 as unconditional when it is in fact conditional, and the English title diverges from the 'right to object' framing used in all other locales. |
| api/schemas/ai/2026-04-27-beta/symbols/rights_object.svg | Placeholder SVG; the prohibition-circle combined with a partial padlock at 0.55 opacity creates an ambiguous visual metaphor that could be read as 'no lock / unlock' rather than 'object to processing'. |
| api/schemas/ai/2026-04-27-beta/elements/right_to_notice.yaml | New element; well-anchored to EU AI Act Art. 50 + CoE Convention Art. 15; all 6 locales present; description and cross-references are clear. |
| api/schemas/ai/2026-04-27-beta/elements/right_to_human_review.yaml | New element; clean separation from right_contest (pre-decision vs post-decision); all 6 locales present and consistent. |
| api/schemas/ai/2026-04-27-beta/elements/right_correction.yaml | New element anchored to GDPR Art. 16; all 6 locales present; clear distinguishing cues against right_be_forgotten and right of access. |
| api/schemas/ai/2026-04-27-beta/elements/right_algorithmic_transparency.yaml | Edited to narrow scope to system-logic disclosure only; cross-reference to new right_individual_decision_explanation added in all 6 locales; clean change. |
| api/schemas/ai/2026-04-27-beta/elements/right_contest.yaml | Edited to narrow scope to post-decision appeal only, removing the bundled human-review affordance; all 6 locales updated consistently. |
| api/schemas/ai/2026-04-27-beta/elements/right_be_forgotten.yaml | Edited to add distinguishing cue against right_object (deletion vs. stop-without-deletion); consistent across all 6 locales. |
| plugin/dtpr/research/2026-04-27T1010-eu-ai-act-rights-provisions.md | New corpus entry covering EU AI Act Arts. 26/27/50/86; well-structured with application-date caution for Art. 86, but that caution is not carried through into the dependent element description. |
| plugin/dtpr/research/INDEX.md | Five new entries appended to the append-only index; slug convention and all required frontmatter columns are present and consistent. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
subgraph BEFORE["Before this PR (6 elements)"]
AT_old["right_algorithmic_transparency\n(system logic + decision explanation bundled)"]
RC_old["right_contest\n(appeal + human review bundled)"]
BF["right_be_forgotten"]
PL["right_purpose_limitation"]
end
subgraph AFTER["After this PR (11 elements)"]
direction TB
AT_new["right_algorithmic_transparency\n(system-logic disclosure only)"]
IDE["right_individual_decision_explanation
(Art. 86 - forward-dated Aug 2026)"]
RN["right_to_notice\n(AI Act Art. 50 + CoE Art. 15)"]
RC_new["right_contest\n(post-decision appeal only)"]
HR["right_to_human_review\n(GDPR Art. 22(3))"]
BF2["right_be_forgotten\n(deletion only)"]
COR["right_correction\n(GDPR Art. 16)"]
PL2["right_purpose_limitation\n(upstream constraint)"]
OBJ["right_object\n(GDPR Art. 21 - conditional)"]
end
AT_old -->|narrowed| AT_new
AT_old -->|split off| IDE
RC_old -->|narrowed| RC_new
RC_old -->|split off| HR
BF -->|tightened| BF2
PL -->|tightened| PL2
Prompt To Fix All With AI
Fix the following 4 code review issues. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 4
api/schemas/ai/2026-04-27-beta/elements/right_individual_decision_explanation.yaml:54-56
**Art. 86 temporal caveat absent from element description**
The companion corpus entry (`2026-04-27T1010-eu-ai-act-rights-provisions.md`) explicitly warns: *"Citing Art. 86 as a live right today in a DTPR datachain is technically forward-dated for some system classes — flag this in any element description that hangs on Art. 86 specifically."* EU AI Act Article 86 enters into force on 2 August 2026, meaning a DTPR datacard published today citing this element would represent a right that isn't yet legally operative for most high-risk AI system classes. The element description — and the corpus entry's own caution — call for a temporal qualifier in the description text (or at minimum in the element `variables`) to make this forward-dated status visible to authors filling in a datachain.
### Issue 2 of 4
api/schemas/ai/2026-04-27-beta/elements/right_object.yaml:17-22
**GDPR Art. 21 right to object is conditional, not an unconditional "stop-now" affordance**
The English description says "The right to ask an organization to stop using your personal data" without qualification, but GDPR Article 21 right to object is not unconditional for most processing: the controller may continue if they demonstrate compelling legitimate grounds that override the data subject's interests, rights and freedoms. The only absolute branch is Article 21(2) (objecting to direct-marketing processing). Presenting this as a blanket stop-now affordance could cause citizens to believe they can halt any processing on demand, which overstates the right. The Spanish/French/Portuguese titles correctly preserve the "right to object" framing (`oponerse`, `opposition`, `opor-se`) while the English title "Right to Stop Processing" elides this conditionality. Consider qualifying the description (e.g., "in circumstances where the law does not provide a legitimate override") or aligning the English title to the same "right to object" framing used in the other locales.
### Issue 3 of 4
api/schemas/ai/2026-04-27-beta/symbols/rights_object.svg:1-7
**Visual metaphor may read as "no lock" or "unlock" rather than "object to processing"**
The icon combines a prohibition circle-slash with the top arc of a padlock (`M14 17V14C14 12.34…`) at `opacity="0.55"`. The conventional reading of this combination — a prohibition mark over a lock shape — is "unlocked" or "data cannot be secured," the opposite of restricting processing. DaPIS's own comprehension research (cited in the corpus) finds that abstract rights icons with ambiguous compound symbols consistently underperform concrete metaphors in user testing. A simpler alternative — such as a raised-palm stop sign — would better communicate the "stop processing" intent without the semantic collision.
### Issue 4 of 4
api/schemas/ai/2026-04-27-beta/elements/right_to_notice.yaml:58-60
**`citation: []` across all 9 elements despite PR's stated rationale for co-shipping**
All five new elements and all four edited elements ship with `citation: []`. The PR description states "The two pieces ship together because the schema descriptions cite the corpus," implying the corpus entries are the evidentiary backing for the element text. If the `citation` field is reserved for future machine-readable corpus linkage, populating it here (e.g., with slug references such as `2026-04-27T1010-eu-ai-act-rights-provisions`) would make the stated rationale verifiable by downstream tooling. This applies equally to `right_individual_decision_explanation`, `right_correction`, `right_to_human_review`, and `right_object`.
Reviews (1): Last reviewed commit: "feat(dtpr-ai): rights audit — narrow 4 e..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| citation: [] | ||
| symbol_id: rights_decision-explanation | ||
| variables: [] |
There was a problem hiding this comment.
The companion corpus entry (2026-04-27T1010-eu-ai-act-rights-provisions.md) explicitly warns: "Citing Art. 86 as a live right today in a DTPR datachain is technically forward-dated for some system classes — flag this in any element description that hangs on Art. 86 specifically." EU AI Act Article 86 enters into force on 2 August 2026, meaning a DTPR datacard published today citing this element would represent a right that isn't yet legally operative for most high-risk AI system classes. The element description — and the corpus entry's own caution — call for a temporal qualifier in the description text (or at minimum in the element variables) to make this forward-dated status visible to authors filling in a datachain.
Prompt To Fix With AI
This is a comment left during a code review.
Path: api/schemas/ai/2026-04-27-beta/elements/right_individual_decision_explanation.yaml
Line: 54-56
Comment:
**Art. 86 temporal caveat absent from element description**
The companion corpus entry (`2026-04-27T1010-eu-ai-act-rights-provisions.md`) explicitly warns: *"Citing Art. 86 as a live right today in a DTPR datachain is technically forward-dated for some system classes — flag this in any element description that hangs on Art. 86 specifically."* EU AI Act Article 86 enters into force on 2 August 2026, meaning a DTPR datacard published today citing this element would represent a right that isn't yet legally operative for most high-risk AI system classes. The element description — and the corpus entry's own caution — call for a temporal qualifier in the description text (or at minimum in the element `variables`) to make this forward-dated status visible to authors filling in a datachain.
How can I resolve this? If you propose a fix, please make it concise.| - locale: en | ||
| value: >- | ||
| The right to ask an organization to stop using your personal data, even when the data itself is not deleted. | ||
| This is separate from the right to be forgotten (which deletes the data) and from the right to purpose | ||
| limitation (which constrains the original stated purposes). It is the user-invoked stop-now affordance — your | ||
| data may stay on file, but no further processing should happen against it. |
There was a problem hiding this comment.
The English description says "The right to ask an organization to stop using your personal data" without qualification, but GDPR Article 21 right to object is not unconditional for most processing: the controller may continue if they demonstrate compelling legitimate grounds that override the data subject's interests, rights and freedoms. The only absolute branch is Article 21(2) (objecting to direct-marketing processing). Presenting this as a blanket stop-now affordance could cause citizens to believe they can halt any processing on demand, which overstates the right. The Spanish/French/Portuguese titles correctly preserve the "right to object" framing (oponerse, opposition, opor-se) while the English title "Right to Stop Processing" elides this conditionality. Consider qualifying the description (e.g., "in circumstances where the law does not provide a legitimate override") or aligning the English title to the same "right to object" framing used in the other locales.
Prompt To Fix With AI
This is a comment left during a code review.
Path: api/schemas/ai/2026-04-27-beta/elements/right_object.yaml
Line: 17-22
Comment:
**GDPR Art. 21 right to object is conditional, not an unconditional "stop-now" affordance**
The English description says "The right to ask an organization to stop using your personal data" without qualification, but GDPR Article 21 right to object is not unconditional for most processing: the controller may continue if they demonstrate compelling legitimate grounds that override the data subject's interests, rights and freedoms. The only absolute branch is Article 21(2) (objecting to direct-marketing processing). Presenting this as a blanket stop-now affordance could cause citizens to believe they can halt any processing on demand, which overstates the right. The Spanish/French/Portuguese titles correctly preserve the "right to object" framing (`oponerse`, `opposition`, `opor-se`) while the English title "Right to Stop Processing" elides this conditionality. Consider qualifying the description (e.g., "in circumstances where the law does not provide a legitimate override") or aligning the English title to the same "right to object" framing used in the other locales.
How can I resolve this? If you propose a fix, please make it concise.| <svg viewBox="0 0 36 36" fill="none" xmlns="http://www.w3.org/2000/svg"> | ||
| <g transform="translate(0,0)"> | ||
| <circle cx="18" cy="18" r="10" stroke="currentColor" stroke-width="1.6"/> | ||
| <path d="M11 11L25 25" stroke="currentColor" stroke-width="1.6" stroke-linecap="round"/> | ||
| <path d="M14 17V14C14 12.34 15.34 11 17 11C18.66 11 20 12.34 20 14V17" stroke="currentColor" stroke-width="1.2" stroke-linecap="round" stroke-linejoin="round" opacity="0.55"/> | ||
| </g> | ||
| </svg> |
There was a problem hiding this comment.
The icon combines a prohibition circle-slash with the top arc of a padlock (M14 17V14C14 12.34…) at opacity="0.55". The conventional reading of this combination — a prohibition mark over a lock shape — is "unlocked" or "data cannot be secured," the opposite of restricting processing. DaPIS's own comprehension research (cited in the corpus) finds that abstract rights icons with ambiguous compound symbols consistently underperform concrete metaphors in user testing. A simpler alternative — such as a raised-palm stop sign — would better communicate the "stop processing" intent without the semantic collision.
Prompt To Fix With AI
This is a comment left during a code review.
Path: api/schemas/ai/2026-04-27-beta/symbols/rights_object.svg
Line: 1-7
Comment:
**Visual metaphor may read as "no lock" or "unlock" rather than "object to processing"**
The icon combines a prohibition circle-slash with the top arc of a padlock (`M14 17V14C14 12.34…`) at `opacity="0.55"`. The conventional reading of this combination — a prohibition mark over a lock shape — is "unlocked" or "data cannot be secured," the opposite of restricting processing. DaPIS's own comprehension research (cited in the corpus) finds that abstract rights icons with ambiguous compound symbols consistently underperform concrete metaphors in user testing. A simpler alternative — such as a raised-palm stop sign — would better communicate the "stop processing" intent without the semantic collision.
How can I resolve this? If you propose a fix, please make it concise.Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
| citation: [] | ||
| symbol_id: rights_notice | ||
| variables: [] |
There was a problem hiding this comment.
citation: [] across all 9 elements despite PR's stated rationale for co-shipping
All five new elements and all four edited elements ship with citation: []. The PR description states "The two pieces ship together because the schema descriptions cite the corpus," implying the corpus entries are the evidentiary backing for the element text. If the citation field is reserved for future machine-readable corpus linkage, populating it here (e.g., with slug references such as 2026-04-27T1010-eu-ai-act-rights-provisions) would make the stated rationale verifiable by downstream tooling. This applies equally to right_individual_decision_explanation, right_correction, right_to_human_review, and right_object.
Prompt To Fix With AI
This is a comment left during a code review.
Path: api/schemas/ai/2026-04-27-beta/elements/right_to_notice.yaml
Line: 58-60
Comment:
**`citation: []` across all 9 elements despite PR's stated rationale for co-shipping**
All five new elements and all four edited elements ship with `citation: []`. The PR description states "The two pieces ship together because the schema descriptions cite the corpus," implying the corpus entries are the evidentiary backing for the element text. If the `citation` field is reserved for future machine-readable corpus linkage, populating it here (e.g., with slug references such as `2026-04-27T1010-eu-ai-act-rights-provisions`) would make the stated rationale verifiable by downstream tooling. This applies equally to `right_individual_decision_explanation`, `right_correction`, `right_to_human_review`, and `right_object`.
How can I resolve this? If you propose a fix, please make it concise.The hand-drawn placeholder SVGs in the prior commit were draft-quality and inconsistent with the existing rights icon language. Swap them for the canonical generic dtpr_api symbol (copied in from app/public/dtpr-icons/symbols/dtpr_api.svg) until a designer can produce real icons. All 5 new rights elements now point at symbol_id: dtpr_api. Validation: 11 categories, 74 elements, builds clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 participant
Summary
The
ai__rightscategory in the AI datachain schema previously shipped 6 elements; two of them —right_algorithmic_transparencyandright_contest— quietly bundled multiple distinct rights into one icon, and several rights now codified at international-treaty level (notice of AI use, individual-decision explanation, human review, correction, opt-out of processing) had no element at all. This PR raises the category to 11 elements with clean semantic slots, anchored to 5 new research-corpus entries that mirror the risks-side citation set we already ship.The two pieces ship together because the schema descriptions cite the corpus.
Research corpus (5 new entries under
plugin/dtpr/research/)The rights-side analog of the existing risks/harms corpus (MIT / Atlas / AIAAIC / AIR 2024).
eu-ai-act-rights-provisionscoe-framework-convention-ai-2024ada-lovelace-ai-now-ogp-algorithmic-accountabilitydapis-data-protection-icon-setwachter-edwards-right-to-explanationSchema changes (in
api/schemas/ai/2026-04-27-beta/)Edits (4 elements, all 6 locales):
right_algorithmic_transparencynarrows to system-logic disclosure only.right_contestnarrows to post-decision appeal only.right_be_forgottentightens to deletion with an explicit distinguishing cue againstright_object.right_purpose_limitationtightens to upstream constraint with the same cue.Adds (5 new elements + placeholder symbols, all 6 locales):
right_to_noticeright_individual_decision_explanationright_to_human_reviewright_correctionright_objectValidation
pnpm schema:validate ai@2026-04-27-beta→ 11 categories, 74 elements (was 69), validates clean.pnpm schema:build ai@2026-04-27-beta→ 323 dist files written;content_hash sha256-e8e00549…d344materialized.node plugin/dtpr/evals/verify.mjs→ 9 corpus entries, conformance check passed.Known follow-ups before promote
kmandtltranslations follow the structural pattern of existing rights elements but should get a native-speaker pass.rights_notice,rights_decision-explanation,rights_human-review,rights_correction,rights_object) are functional draft-quality. Design refinement is the natural next pass via thedtpr-element-designskill.