Abstract
AbstractData processing is increasingly becoming the subject of various policies and regulations, such as the European General Data Protection Regulation (GDPR) that came into effect in May 2018. One important aspect of GDPR is informed consent, which captures one’s permission for using one’s personal information for specific data processing purposes. Organizations must demonstrate that they comply with these policies. The fines that come with non-compliance are of such importance that it has driven research in facilitating compliance verification. The state-of-the-art primarily focuses on, for instance, the analysis of prescriptive models and posthoc analysis on logs to check whether data processing is compliant to GDPR. We argue that GDPR compliance can be facilitated by ensuring datasets used in processing activities are compliant with consent from the very start. The problem addressed in this paper is how we can generate datasets that comply with given consent “just-in-time”. We propose RDF and OWL ontologies to represent the consent that an organization has collected and its relationship with data processing purposes. We use this ontology to annotate schemas, allowing us to generate declarative mappings that transform (relational) data into RDF driven by the annotations. We furthermore demonstrate how we can create compliant datasets by altering the results of the mapping. The use of RDF and OWL allows us to implement the entire process in a declarative manner using SPARQL. We have integrated all components in a service that furthermore captures provenance information for each step, further contributing to the transparency that is needed towards facilitating compliance verification. We demonstrate the approach with a synthetic dataset simulating users (re-)giving, withdrawing, and rejecting their consent on data processing purposes of systems. In summary, it is argued that the approach facilitates transparency and compliance verification from the start, reducing the need for posthoc compliance analysis common in the state-of-the-art.
Funder
Science Foundation Ireland
Publisher
Springer Science and Business Media LLC
Subject
Artificial Intelligence,Hardware and Architecture,Human-Computer Interaction,Information Systems,Software
Reference31 articles.
1. Landwher C (2019) 2018: a big year for privacy. Commun ACM 62:20–22. https://doi.org/10.1145/3300224
2. Pandit HJ, O’Sullivan D, Lewis D (2018) Queryable provenance metadata For GDPR compliance. In: Proceedings of the 14th international conference on semantic systems (SEMANTiCS 2018), Vienna, Austria, 10–13 Sept 2018. Elsevier, pp 262–268. https://doi.org/10.1016/j.procs.2018.09.026
3. Pan JZ, Vetere G, Gómez-Pérez JM, Wu H (eds) (2017) Exploiting linked data and knowledge graphs in large organisationseds: exploiting linked data and knowledge graphs in large organisations. Springer, Berlin. https://doi.org/10.1007/978-3-319-45654-6
4. Pandit HJ, Fatema K, O’Sullivan D, Lewis D (2018) GDPRtEXT—GDPR as a linked data resource. In: Gangemi A, Navigli R, Vidal M-E, Hitzler P, Troncy R, Hollink L, Tordai A, Alam M (eds) The semantic web: 15th international conference, ESWC 2018, Heraklion, Crete, Greece, 3–7 June 2018, proceedings. Springer, pp 481–495. https://doi.org/10.1007/978-3-319-93417-4_31
5. Fatema K, Hadziselimovic E, Pandit HJ, Debruyne C, Lewis D, O’Sullivan D (2017) Compliance through informed consent: Semantic based consent permission and data management model. In: Brewster C, Cheatham M, d’Aquin M, Decker S, Kirrane S (eds) 5th workshop on society, privacy and the semantic web - policy and technology (PrivOn2017) co-located with 16th international semantic web conference (ISWC 2017), Vienna, Austria, 22 Oct 2017
Cited by
12 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献