Personal agents interacting in the context of web applications, as well as the service agents they collaborate with, are responsible for the security of the users' personal information that they are in charge of. Several regulations apply to them, issued from various normative authorities (laws, regulations, user instructions...) ruling personal data protection. We present here the DLP logic, designed to allow a cognitive agent to represent these norms, to reason about them, to take into account their composite nature and to adapt their behaviour to them in a consistent way.