Type

Journal Article

Authors

Declan O'Sullivan
David Lewis
Harshvardhan Jitendra Pandit
Christophe Debruyne

Subjects

Computer Science

Topics
general data protection regulation gdpr rdf ontology owl ontology gdpr state of the art data processing consent data integration

“Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance (2020)

Abstract Data processing is increasingly becoming the subject of various policies and regulations, such as the European General Data Protection Regulation (GDPR) that came into effect in May 2018. One important aspect of GDPR is informed consent, which captures one’s permission for using one’s personal information for specific data processing purposes. Organizations must demonstrate that they comply with these policies. The fines that come with non-compliance are of such importance that it has driven research in facilitating compliance verification. The state-of-the-art primarily focuses on, for instance, the analysis of prescriptive models and posthoc analysis on logs to check whether data processing is compliant to GDPR. We argue that GDPR compliance can be facilitated by ensuring datasets used in processing activities are compliant with consent from the very start. The problem addressed in this paper is how we can generate datasets that comply with given consent “just-in-time”. We propose RDF and OWL ontologies to represent the consent that an organization has collected and its relationship with data processing purposes. We use this ontology to annotate schemas, allowing us to generate declarative mappings that transform (relational) data into RDF driven by the annotations. We furthermore demonstrate how we can create compliant datasets by altering the results of the mapping. The use of RDF and OWL allows us to implement the entire process in a declarative manner using SPARQL. We have integrated all components in a service that furthermore captures provenance information for each step, further contributing to the transparency that is needed towards facilitating compliance verification. We demonstrate the approach with a synthetic dataset simulating users (re-)giving, withdrawing, and rejecting their consent on data processing purposes of systems. In summary, it is argued that the approach facilitates transparency and compliance verification from the start, reducing the need for posthoc compliance analysis common in the state-of-the-art
Collections Ireland -> Trinity College Dublin -> School of Computer Science and Statistics
Ireland -> Trinity College Dublin -> RSS Feeds
Ireland -> Trinity College Dublin -> Computer Science
Ireland -> Trinity College Dublin -> RSS Feeds
Ireland -> Trinity College Dublin -> Computer Science (Scholarly Publications)

Full list of authors on original publication

Declan O'Sullivan, David Lewis, Harshvardhan Jitendra Pandit, Christophe Debruyne

Experts in our system

1
Declan O'Sullivan
Trinity College Dublin
Total Publications: 93
 
2
David Lewis
Trinity College Dublin
Total Publications: 86
 
3
Harshvardhan Jitendra Pandit
Trinity College Dublin
Total Publications: 29
 
4
Christophe Debruyne
Trinity College Dublin
Total Publications: 12