Skip to main content
SpringerLink
Log in

Challenges in the Implementation of Privacy Enhancing Semantic Technologies (PESTs) Supporting GDPR

  • Conference paper
  • First Online:
AI Approaches to the Complexity of Legal Systems XI-XII (AICOL 2020, AICOL 2018, XAILA 2020)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13048))

Abstract

The EU General Data Protection Regulation (GDPR) imposes different requirements for data controllers collecting personal data to protect individuals’ privacy. This fact triggered many studies and projects to investigate Privacy Enhancing Technologies (PETs) for the fulfillment of the compliance requirements. In this paper, after reviewing some of the current challenges and gaps in GDPR compliance, we argue the use of Semantic Technologies in PETs in the form of an Intelligent Compliance Agent (ICA) to support data controllers in carrying out a Data Protection Impact Assessment (DPIA). Models and ontologies representing entities involved in the DPIA process can help data controllers determine the risk of their processing activities. Additionally, an inference engine, equipped with a knowledge base of DPIA-related obligations, can effectively assist data controllers in taking specific actions when a legal fact is triggered based on met conditions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://eur-lex.europa.eu/eli/reg/2016/679/oj.

  2. 2.

    https://dpvcg.github.io/dpv/.

  3. 3.

    https://www.w3.org/TR/shacl/.

  4. 4.

    Business Process Re-engineering and functional toolkit for GDPR compliance.

  5. 5.

    https://ai.wu.ac.at/policies/policylanguage/#basic-usage-policies.

  6. 6.

    https://ai.wu.ac.at/policies/policylog/.

  7. 7.

    https://www.mirelproject.eu/.

  8. 8.

    https://github.com/dapreco/daprecokb.

  9. 9.

    https://www.w3.org/Submission/SWRL/.

  10. 10.

    https://www.w3.org/2005/rules/wg/charter.html.

  11. 11.

    http://www.estrellaproject.org/lkif-core/.

  12. 12.

    http://www.ruleml.org/.

  13. 13.

    https://www.w3.org/TR/odrl-vocab/.

  14. 14.

    https://www.cnil.fr/en/privacy-impact-assessment-pia.

  15. 15.

    https://ec.europa.eu/commission/presscorner/detail/en/ip_21_1682.

References

  1. Information Commissioner’s Office (ICO). Guide to the General Data Protection Regulation (GDPR). https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf

  2. CISCO CYBERSECURITY SERIES 2019. Maximizing the value of your data privacy investments, Data Privacy Benchmark Study, January 2019. https://www.cisco.com/c/dam/global/en_hk/products/security/security-reports/2019_cisco_cybersecurityseries_data_privacy_benchmark_study_en.pdf

  3. Data Protection Act, Data protection act 1998. In: Retrieved June 5, p. 2007 (1998)

    Google Scholar 

  4. Agarwal, S., Steyskal, S., Antunovic, F., Kirrane, S.: Legislative compliance assessment: framework, model and GDPR instantiation. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 131–149. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02547-2_8

  5. Arfelt, E., Basin, D., Debois, S.: Monitoring the GDPR. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 681–699. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_33

  6. Article 29 Working Party, Opinion 03/2013 on purpose limitation (WP 203)

    Google Scholar 

  7. Athan, T., Governatori, G., Palmirani, M., Paschke, A., Wyner, A.: LegalRuleML: design principles and foundations. In: Faber, W., Paschke, A. (eds.) Reasoning Web 2015. LNCS, vol. 9203, pp. 151–188. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21768-0_6

  8. Bartolini, C., Muthuri, R.: Reconciling data protection rights and obligations: an ontology of the forthcoming EU regulation (2015)

    Google Scholar 

  9. Basin, D.A., Klaedtke, F., Zalinescu, E.: The MonPoly monitoring tool. In: RV-CuBES 3, pp. 19–28 (2017)

    Google Scholar 

  10. Basin, D., Klaedtke, F., Müller, S.: Monitoring security policies with metric first-order temporal logic. In: Proceedings of the 15th ACM symposium on Access control models and technologies, pp. 23–34 (2010)

    Google Scholar 

  11. Bench-Capon, T.J.M., Coenen, F.P.: Isomorphism and legal knowledge based systems. Artif. Intell. Law 1(1), 65–86 (1992)

    Google Scholar 

  12. Bonatti, P.A.: Fast Compliance Checking in an OWL2 Fragment. In: IJCAI, pp. 1746–1752 (2018)

    Google Scholar 

  13. BPR4GDPR (Business Process Re-engineering and functional toolkit for GDPR compliance). https://www.bpr4gdpr.eu/

  14. Cisco. From Privacy to Profit: Achieving Positive Returns on Privacy Investments. January (2020). https://www.cisco.com/c/dam/global/en_uk/products/collateral/security/2020-data-privacy-cybersecurity-series-jan-2020.pdf

  15. Cloud for Europe. https://www.fokus.fraunhofer.de/en/dps/projects/cloudforeurope

  16. European Union Agency for Cybersecurity. Privacy Enhancing Technologies. https://www.enisa.europa.eu/topics/data-protection/privacy-enhancing-technologies

  17. DAta Protection REgulation COmpliance (DAPRECO). https://www.fnr.lu/projects/data-protection-regulation-compliance/

  18. De Vos, M., Kirrane, S., Padget, J., Satoh, K.: ODRL policy modelling and compliance checking. In: Fodor, P., Montali, M., Calvanese, D., Roman, D. (eds.) RuleML+RR 2019. LNCS, vol. 11784, pp. 36–51. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31095-0_3

  19. Garijo, D., Gil, Y.: Augmenting PROV with Plans in P-PLAN: Scientific Processes as Linked Data. In: LISC@ ISWC (2012)

    Google Scholar 

  20. Gelfond, M., Lifschitz, V.: Classical negation in logic programs and disjunctive databases. New Generat. Comput. 9(3–4), 365–385 (1991)

    Google Scholar 

  21. Gordon, A.S., Hobbs, J.R.: A formal theory of commonsense psychology: how people think people think. Cambridge University Press, Cambridge (2017)

    Google Scholar 

  22. Gordon, T.F., Governatori, G., Rotolo, A.: Rules and norms: requirements for rule interchange languages in the legal domain. In: Governatori, G., Hall, J., Paschke, A. (eds.) RuleML 2009. LNCS, vol. 5858, pp. 282–296. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04985-9_26

    Chapter  Google Scholar 

  23. Kingston, J.: Using artificial intelligence to support compliance with the general data protection regulation. Artif. Intell. Law 25(4), 429–443 (2017). https://doi.org/10.1007/s10506-017-9206-9

    Article  Google Scholar 

  24. Lam, H.-P., Governatori, G.: The making of SPINdle. In: Governatori, G., Hall, J., Paschke, A. (eds.) RuleML 2009. LNCS, vol. 5858, pp. 315–322. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04985-9_29

  25. Lebo, T., et al.: Prov-o: The prov ontology. In: W3C recommendation 30 (2013)

    Google Scholar 

  26. Lioudakis, G., et al.: Compliance Ontology (2019)

    Google Scholar 

  27. Makinson, D., Van Der Torre, L.: Input/output logics. J. Philos. Logic 29(4), 383–408 (2000)

    Google Scholar 

  28. Malhotra, A., Arwe, J., Speicher, S.: Linked Data Platform Specification. In: W3C Recommendation (2015)

    Google Scholar 

  29. NetApp. NetApp GDPR Survey, Gauging global awareness of business concerns, April (2018). https://www.netapp.com/pdf.html?item=/media/12568-netappgdprsurveyfindings.pdf

  30. OMG: Semantics of business vocabulary and business rules (SBVR). https://www.omg.org/spec/SBVR/

  31. Palmirani, et al. Legal Ontology for Modelling GDPR Concepts and Norms. In: JURIX, pp. 91–100 (2018)

    Google Scholar 

  32. Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: PrOnto: privacy ontology for legal reasoning. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2018. LNCS, vol. 11032, pp. 139–152. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98349-3_11

  33. Pandit, H J., Lewis, D.: Modelling Provenance for GDPR Compliance using Linked Open Data Vocabularies. In: PrivOn@ ISWC (2017)

    Google Scholar 

  34. Pandit, H J., O’Sullivan, D., Lewis, D.: Queryable provenance metadata for GDPR compliance. Proc. Comput. Sci. 137, 262–268 (2018)

    Google Scholar 

  35. Pandit, H.J., O’Sullivan, D., Lewis, D.: Exploring GDPR compliance over provenance graphs using SHACL. In: SEMANTICS Posters&Demos (2018)

    Google Scholar 

  36. Pandit, H.J., Debruyne, C., O’Sullivan, D., Lewis, D.: GConsent - a consent ontology based on the GDPR. In: Hitzler, P., et al. (eds.) ESWC 2019. LNCS, vol. 11503, pp. 270–282. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21348-0_18

  37. Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. In: Gangemi, A., et al. (eds.) ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93417-4_31

  38. Article 29 data protection working party. Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01). https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236

  39. Robaldo, L., Sun, X.: Reified input/output logic: combining input/ output logic and reification to represent norms coming from existing legislation. J. Logic Comput. 27(8), 2471–2503 (2017)

    Google Scholar 

  40. Robaldo, L., et al.: Formalizing GDPR provisions in reified I/O logic: the DAPRECO knowledge base. J. Logic. Lang. Inf. 29(4) 401–449 (2020)

    Google Scholar 

  41. Sambra, A.V., et al.: Solid: a platform for decentralized social applications based on linked data. In: Technical report, MIT CSAIL & Qatar Computing Research Institute (2016)

    Google Scholar 

  42. Sambra, A.V., Story, H., Berners-Lee, T.: WebID Specification (2014)

    Google Scholar 

  43. Nikolaos Dellas, S.L.G., Lorenzo Bracciale, U.R.M., Adrián Juan-Verdejo, C.A.S.: Initial Specification of BPR4GDPR architecture (2019)

    Google Scholar 

  44. Solid- Web Access Control (WAC). https://github.com/solid/web-access-control-spec

  45. SPECIAL (Scalable Policy-aware Linked Data Architecture For Privacy, Transparency and Compliance). https://www.specialprivacy.eu/

  46. Studer, R., Benjamins, V.R., Fensel, D.: Knowledge engineering: principles and methods. Data Knowl. Eng. 25(1–2), 161–197 (1998)

    Google Scholar 

  47. Van Engers, T., et al.: Ontologies in the legal domain. In: Chen, H., et al. (eds) Digital Government, pp. 233–261, Springer, Boston (2008)

    Google Scholar 

Download references

Acknowledgements

This research has been supported by European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813497 (PROTECT).

Author information

Authors and Affiliations

  1. Ontology Engineering Group, Universidad Politécnica de Madrid, Madrid, Spain

    Rana Saniei

Authors
  1. Rana Saniei
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rana Saniei .

Editor information

Editors and Affiliations

  1. Technical University of Madrid, Madrid, Spain

    Víctor Rodríguez-Doncel

  2. University of Bologna, Bologna, Italy

    Monica Palmirani

  3. Jagiellonian University, Krakow, Poland

    Michał Araszkiewicz

  4. La Trobe University, Melbourne, VIC, Australia

    Pompeu Casanovas

  5. University of Turin, Turin, Italy

    Ugo Pagallo

  6. University of Bologna, Bologna, Italy

    Giovanni Sartor

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Saniei, R. (2021). Challenges in the Implementation of Privacy Enhancing Semantic Technologies (PESTs) Supporting GDPR. In: Rodríguez-Doncel, V., Palmirani, M., Araszkiewicz, M., Casanovas, P., Pagallo, U., Sartor, G. (eds) AI Approaches to the Complexity of Legal Systems XI-XII. AICOL AICOL XAILA 2020 2018 2020. Lecture Notes in Computer Science(), vol 13048. Springer, Cham. https://doi.org/10.1007/978-3-030-89811-3_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89811-3_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89810-6

  • Online ISBN: 978-3-030-89811-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation