Abstract
The EU General Data Protection Regulation (GDPR) imposes different requirements for data controllers collecting personal data to protect individuals’ privacy. This fact triggered many studies and projects to investigate Privacy Enhancing Technologies (PETs) for the fulfillment of the compliance requirements. In this paper, after reviewing some of the current challenges and gaps in GDPR compliance, we argue the use of Semantic Technologies in PETs in the form of an Intelligent Compliance Agent (ICA) to support data controllers in carrying out a Data Protection Impact Assessment (DPIA). Models and ontologies representing entities involved in the DPIA process can help data controllers determine the risk of their processing activities. Additionally, an inference engine, equipped with a knowledge base of DPIA-related obligations, can effectively assist data controllers in taking specific actions when a legal fact is triggered based on met conditions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
Business Process Re-engineering and functional toolkit for GDPR compliance.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
References
Information Commissioner’s Office (ICO). Guide to the General Data Protection Regulation (GDPR). https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf
CISCO CYBERSECURITY SERIES 2019. Maximizing the value of your data privacy investments, Data Privacy Benchmark Study, January 2019. https://www.cisco.com/c/dam/global/en_hk/products/security/security-reports/2019_cisco_cybersecurityseries_data_privacy_benchmark_study_en.pdf
Data Protection Act, Data protection act 1998. In: Retrieved June 5, p. 2007 (1998)
Agarwal, S., Steyskal, S., Antunovic, F., Kirrane, S.: Legislative compliance assessment: framework, model and GDPR instantiation. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 131–149. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02547-2_8
Arfelt, E., Basin, D., Debois, S.: Monitoring the GDPR. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 681–699. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_33
Article 29 Working Party, Opinion 03/2013 on purpose limitation (WP 203)
Athan, T., Governatori, G., Palmirani, M., Paschke, A., Wyner, A.: LegalRuleML: design principles and foundations. In: Faber, W., Paschke, A. (eds.) Reasoning Web 2015. LNCS, vol. 9203, pp. 151–188. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21768-0_6
Bartolini, C., Muthuri, R.: Reconciling data protection rights and obligations: an ontology of the forthcoming EU regulation (2015)
Basin, D.A., Klaedtke, F., Zalinescu, E.: The MonPoly monitoring tool. In: RV-CuBES 3, pp. 19–28 (2017)
Basin, D., Klaedtke, F., Müller, S.: Monitoring security policies with metric first-order temporal logic. In: Proceedings of the 15th ACM symposium on Access control models and technologies, pp. 23–34 (2010)
Bench-Capon, T.J.M., Coenen, F.P.: Isomorphism and legal knowledge based systems. Artif. Intell. Law 1(1), 65–86 (1992)
Bonatti, P.A.: Fast Compliance Checking in an OWL2 Fragment. In: IJCAI, pp. 1746–1752 (2018)
BPR4GDPR (Business Process Re-engineering and functional toolkit for GDPR compliance). https://www.bpr4gdpr.eu/
Cisco. From Privacy to Profit: Achieving Positive Returns on Privacy Investments. January (2020). https://www.cisco.com/c/dam/global/en_uk/products/collateral/security/2020-data-privacy-cybersecurity-series-jan-2020.pdf
Cloud for Europe. https://www.fokus.fraunhofer.de/en/dps/projects/cloudforeurope
European Union Agency for Cybersecurity. Privacy Enhancing Technologies. https://www.enisa.europa.eu/topics/data-protection/privacy-enhancing-technologies
DAta Protection REgulation COmpliance (DAPRECO). https://www.fnr.lu/projects/data-protection-regulation-compliance/
De Vos, M., Kirrane, S., Padget, J., Satoh, K.: ODRL policy modelling and compliance checking. In: Fodor, P., Montali, M., Calvanese, D., Roman, D. (eds.) RuleML+RR 2019. LNCS, vol. 11784, pp. 36–51. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31095-0_3
Garijo, D., Gil, Y.: Augmenting PROV with Plans in P-PLAN: Scientific Processes as Linked Data. In: LISC@ ISWC (2012)
Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Generat. Comput. 9(3–4), 365–385 (1991)
Gordon, A.S., Hobbs, J.R.: A formal theory of commonsense psychology: how people think people think. Cambridge University Press, Cambridge (2017)
Gordon, T.F., Governatori, G., Rotolo, A.: Rules and norms: requirements for rule interchange languages in the legal domain. In: Governatori, G., Hall, J., Paschke, A. (eds.) RuleML 2009. LNCS, vol. 5858, pp. 282–296. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04985-9_26
Kingston, J.: Using artificial intelligence to support compliance with the general data protection regulation. Artif. Intell. Law 25(4), 429–443 (2017). https://doi.org/10.1007/s10506-017-9206-9
Lam, H.-P., Governatori, G.: The making of SPINdle. In: Governatori, G., Hall, J., Paschke, A. (eds.) RuleML 2009. LNCS, vol. 5858, pp. 315–322. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04985-9_29
Lebo, T., et al.: Prov-o: The prov ontology. In: W3C recommendation 30 (2013)
Lioudakis, G., et al.: Compliance Ontology (2019)
Makinson, D., Van Der Torre, L.: Input/output logics. J. Philos. Logic 29(4), 383–408 (2000)
Malhotra, A., Arwe, J., Speicher, S.: Linked Data Platform Specification. In: W3C Recommendation (2015)
NetApp. NetApp GDPR Survey, Gauging global awareness of business concerns, April (2018). https://www.netapp.com/pdf.html?item=/media/12568-netappgdprsurveyfindings.pdf
OMG: Semantics of business vocabulary and business rules (SBVR). https://www.omg.org/spec/SBVR/
Palmirani, et al. Legal Ontology for Modelling GDPR Concepts and Norms. In: JURIX, pp. 91–100 (2018)
Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: PrOnto: privacy ontology for legal reasoning. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2018. LNCS, vol. 11032, pp. 139–152. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98349-3_11
Pandit, H J., Lewis, D.: Modelling Provenance for GDPR Compliance using Linked Open Data Vocabularies. In: PrivOn@ ISWC (2017)
Pandit, H J., O’Sullivan, D., Lewis, D.: Queryable provenance metadata for GDPR compliance. Proc. Comput. Sci. 137, 262–268 (2018)
Pandit, H.J., O’Sullivan, D., Lewis, D.: Exploring GDPR compliance over provenance graphs using SHACL. In: SEMANTICS Posters&Demos (2018)
Pandit, H.J., Debruyne, C., O’Sullivan, D., Lewis, D.: GConsent - a consent ontology based on the GDPR. In: Hitzler, P., et al. (eds.) ESWC 2019. LNCS, vol. 11503, pp. 270–282. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21348-0_18
Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. In: Gangemi, A., et al. (eds.) ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93417-4_31
Article 29 data protection working party. Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01). https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236
Robaldo, L., Sun, X.: Reified input/output logic: combining input/ output logic and reification to represent norms coming from existing legislation. J. Logic Comput. 27(8), 2471–2503 (2017)
Robaldo, L., et al.: Formalizing GDPR provisions in reified I/O logic: the DAPRECO knowledge base. J. Logic. Lang. Inf. 29(4) 401–449 (2020)
Sambra, A.V., et al.: Solid: a platform for decentralized social applications based on linked data. In: Technical report, MIT CSAIL & Qatar Computing Research Institute (2016)
Sambra, A.V., Story, H., Berners-Lee, T.: WebID Specification (2014)
Nikolaos Dellas, S.L.G., Lorenzo Bracciale, U.R.M., Adrián Juan-Verdejo, C.A.S.: Initial Specification of BPR4GDPR architecture (2019)
Solid- Web Access Control (WAC). https://github.com/solid/web-access-control-spec
SPECIAL (Scalable Policy-aware Linked Data Architecture For Privacy, Transparency and Compliance). https://www.specialprivacy.eu/
Studer, R., Benjamins, V.R., Fensel, D.: Knowledge engineering: principles and methods. Data Knowl. Eng. 25(1–2), 161–197 (1998)
Van Engers, T., et al.: Ontologies in the legal domain. In: Chen, H., et al. (eds) Digital Government, pp. 233–261, Springer, Boston (2008)
Acknowledgements
This research has been supported by European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813497 (PROTECT).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Saniei, R. (2021). Challenges in the Implementation of Privacy Enhancing Semantic Technologies (PESTs) Supporting GDPR. In: Rodríguez-Doncel, V., Palmirani, M., Araszkiewicz, M., Casanovas, P., Pagallo, U., Sartor, G. (eds) AI Approaches to the Complexity of Legal Systems XI-XII. AICOL AICOL XAILA 2020 2018 2020. Lecture Notes in Computer Science(), vol 13048. Springer, Cham. https://doi.org/10.1007/978-3-030-89811-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-89811-3_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89810-6
Online ISBN: 978-3-030-89811-3
eBook Packages: Computer ScienceComputer Science (R0)