Abstract
As more and more applications relying on the use and processing of personal data grow, privacy protection is becoming increasingly important. With the enforcement of the GDPR, such applications must guarantee compliance with the obligations set forth. Integrating a compliance checking mechanism with AI methods is helpful to fulfill this requirement. Toward this end, we investigate the GDPR automatic compliance checking using a planning system including personal data and an agent with actions that process data. We propose a modular framework that is capable to generate possible plans (sequence of data processing) to satisfy a given goal state, check the compliance of the plan with GDPR regulatory constraints, and provide explanation of missing obligations in case of a non-compliant. We use Answer Set Programming(ASP) and event calculus formalism to model the planning problem and make use of SPECIAL policy language as an existing work to translate GDPR requirements into ASP.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agarwal, S., Steyskal, S., Antunovic, F., Kirrane, S.: Legislative compliance assessment: framework, model and GDPR instantiation. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 131–149. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02547-2_8
Bandara, A.K., Lupu, E.C., Russo, A.: Using event calculus to formalise policy specification and analysis. In: Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 26–39. IEEE (2003)
Berreby, F., Bourgne, G., Ganascia, J.-G.: A declarative modular framework for representing and applying ethical principles. In: 16th Conference on Autonomous Agents and MultiAgent Systems 2017)
Bonatti, P.A., Kirrane, S., Petrova, I.M., Sauro, L.: Machine understandable policies and GDPR compliance checking. KI-Künstliche Intelligenz 34(3), 303–315 (2020)
De Vos, M., Padget, J., Satoh, K.: Legal modelling and reasoning using institutions. In: Onada, T., Bekki, D., McCready, E. (eds.) JSAI-isAI 2010. LNCS (LNAI), vol. 6797, pp. 129–140. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25655-4_12
De Vos, M., Kirrane, S., Padget, J., Satoh, K.: ODRL policy modelling and compliance checking. In: Fodor, P., Montali, M., Calvanese, D., Roman, D. (eds.) RuleML+RR 2019. LNCS, vol. 11784, pp. 36–51. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31095-0_3
Gebser, M., Kaminski, R., Kaufmann, B., Schaub, T.: Clingo= asp+ control: preliminary report. arXiv preprint arXiv:1405.3694 (2014)
Kowalski, R., Sergot, M.: A logic-based calculus of events. In: Schmidt, J.W., Thanos, C. (eds.) Foundations of Knowledge base Management, Topics in Information Systems, pp. 23–55. Springer, Berlin (1989)
Le Métayer, D., Rauzy, P.: Capacity: an abstract model of control over personal data. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 64–75 (2018)
Lifschitz, V.: Answer Set Programming. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24658-7
Palmirani, M., Governatori, G., Rotolo, A., Tabet, S., Boley, H., Paschke, A.: LegalRuleML: XML-based rules and norms. In: Olken, F., Palmirani, M., Sottara, D. (eds.) RuleML 2011. LNCS, vol. 7018, pp. 298–312. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24908-2_30
Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: Legal ontology for modelling GDPR concepts and norms. In: Legal Knowledge and Information Systems, pp. 91–100. IOS Press (2018)
Pandit, H.J., et al.: Creating a vocabulary for data privacy. In: Panetto, H., Debruyne, C., Hepp, M., Lewis, D., Ardagna, C.A., Meersman, R. (eds.) OTM 2019. LNCS, vol. 11877, pp. 714–730. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33246-4_44
Robaldo, L., Bartolini, C., Palmirani, M., Rossi, A., Martoni, M., Lenzini, G.: Formalizing GDPR provisions in reified i/o logic: the DAPRECO knowledge base. J. Logic Lang. Inf. 29(4), 401–449 (2020)
Shanahan, M.: The event calculus explained. In: Wooldridge, M.J., Veloso, M. (eds.) Artificial Intelligence Today. LNCS (LNAI), vol. 1600, pp. 409–430. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48317-9_17
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this paper
Cite this paper
Taheri, Y., Bourgne, G., Ganascia, JG. (2023). A Compliance Mechanism for Planning in Privacy Domain Using Policies. In: Yada, K., Takama, Y., Mineshima, K., Satoh, K. (eds) New Frontiers in Artificial Intelligence. JSAI-isAI 2021. Lecture Notes in Computer Science(), vol 13856. Springer, Cham. https://doi.org/10.1007/978-3-031-36190-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-36190-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36189-0
Online ISBN: 978-3-031-36190-6
eBook Packages: Computer ScienceComputer Science (R0)