当前位置:
X-MOL 学术
›
Knowl. Inf. Syst.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
"Just-in-time" generation of datasets by considering structured representations of given consent for GDPR compliance.
Knowledge and Information Systems ( IF 2.5 ) Pub Date : 2020-04-15 , DOI: 10.1007/s10115-020-01468-x Christophe Debruyne 1 , Harshvardhan J Pandit 1 , Dave Lewis 1 , Declan O'Sullivan 1
Knowledge and Information Systems ( IF 2.5 ) Pub Date : 2020-04-15 , DOI: 10.1007/s10115-020-01468-x Christophe Debruyne 1 , Harshvardhan J Pandit 1 , Dave Lewis 1 , Declan O'Sullivan 1
Affiliation
Data processing is increasingly becoming the subject of various policies and regulations, such as the European General Data Protection Regulation (GDPR) that came into effect in May 2018. One important aspect of GDPR is informed consent, which captures one’s permission for using one’s personal information for specific data processing purposes. Organizations must demonstrate that they comply with these policies. The fines that come with non-compliance are of such importance that it has driven research in facilitating compliance verification. The state-of-the-art primarily focuses on, for instance, the analysis of prescriptive models and posthoc analysis on logs to check whether data processing is compliant to GDPR. We argue that GDPR compliance can be facilitated by ensuring datasets used in processing activities are compliant with consent from the very start. The problem addressed in this paper is how we can generate datasets that comply with given consent “just-in-time”. We propose RDF and OWL ontologies to represent the consent that an organization has collected and its relationship with data processing purposes. We use this ontology to annotate schemas, allowing us to generate declarative mappings that transform (relational) data into RDF driven by the annotations. We furthermore demonstrate how we can create compliant datasets by altering the results of the mapping. The use of RDF and OWL allows us to implement the entire process in a declarative manner using SPARQL. We have integrated all components in a service that furthermore captures provenance information for each step, further contributing to the transparency that is needed towards facilitating compliance verification. We demonstrate the approach with a synthetic dataset simulating users (re-)giving, withdrawing, and rejecting their consent on data processing purposes of systems. In summary, it is argued that the approach facilitates transparency and compliance verification from the start, reducing the need for posthoc compliance analysis common in the state-of-the-art.
中文翻译:
通过考虑GDPR合规性的给定同意的结构化表示,“及时”生成数据集。
数据处理正日益成为各种政策和法规的主题,例如,于2018年5月生效的欧洲通用数据保护法规(GDPR)。GDPR的一个重要方面是知情同意,它获得了使用个人信息的许可。用于特定的数据处理目的。组织必须证明他们遵守这些政策。违规所带来的罚款是如此重要,以至于它推动了有关促进遵从性验证的研究。现有技术主要集中在例如描述性模型的分析和对日志的事后分析,以检查数据处理是否符合GDPR。我们认为,从一开始就通过确保处理活动中使用的数据集符合同意,可以促进GDPR的遵守。本文解决的问题是我们如何生成符合“即时”给定同意的数据集。我们建议使用RDF和OWL本体来表示组织已收集的同意及其与数据处理目的的关系。我们使用该本体对模式进行注释,从而允许我们生成声明性映射,以将(关系)数据转换为由注释驱动的RDF。我们还将演示如何通过更改映射结果来创建兼容的数据集。使用RDF和OWL允许我们使用SPARQL以声明的方式实现整个过程。我们已将所有组件集成到一项服务中,该服务还可以捕获每个步骤的出处信息,从而进一步提高了促进合规性验证所需的透明度。我们用综合数据集演示了该方法,该数据集模拟了用户(重新)给予,撤回和拒绝他们对系统数据处理目的的同意。总而言之,有人认为该方法从一开始就促进了透明度和合规性验证,从而减少了对最新技术中常见的事后合规性分析的需求。
更新日期:2020-04-15
中文翻译:
通过考虑GDPR合规性的给定同意的结构化表示,“及时”生成数据集。
数据处理正日益成为各种政策和法规的主题,例如,于2018年5月生效的欧洲通用数据保护法规(GDPR)。GDPR的一个重要方面是知情同意,它获得了使用个人信息的许可。用于特定的数据处理目的。组织必须证明他们遵守这些政策。违规所带来的罚款是如此重要,以至于它推动了有关促进遵从性验证的研究。现有技术主要集中在例如描述性模型的分析和对日志的事后分析,以检查数据处理是否符合GDPR。我们认为,从一开始就通过确保处理活动中使用的数据集符合同意,可以促进GDPR的遵守。本文解决的问题是我们如何生成符合“即时”给定同意的数据集。我们建议使用RDF和OWL本体来表示组织已收集的同意及其与数据处理目的的关系。我们使用该本体对模式进行注释,从而允许我们生成声明性映射,以将(关系)数据转换为由注释驱动的RDF。我们还将演示如何通过更改映射结果来创建兼容的数据集。使用RDF和OWL允许我们使用SPARQL以声明的方式实现整个过程。我们已将所有组件集成到一项服务中,该服务还可以捕获每个步骤的出处信息,从而进一步提高了促进合规性验证所需的透明度。我们用综合数据集演示了该方法,该数据集模拟了用户(重新)给予,撤回和拒绝他们对系统数据处理目的的同意。总而言之,有人认为该方法从一开始就促进了透明度和合规性验证,从而减少了对最新技术中常见的事后合规性分析的需求。
京公网安备 11010802027423号