Machine Understandable Policies and GDPR Compliance Checking

The European General Data Protection Regulation (GDPR) calls for technical and organizational measures to support its implementation. Towards this end, the SPECIAL H2020 project aims to provide a set of tools that can be used by data controllers and processors to automatically check if personal data processing and sharing complies with the obligations set forth in the GDPR. The primary contributions of the project include: (i) a policy language that can be used to express consent, business policies, and regulatory obligations; and (ii) two different approaches to automated compliance checking that can be used to demonstrate that data processing performed by data controllers/processors complies with consent provided by data subjects, and business processes comply with regulatory obligations set forth in the GDPR.

[1]  Marek Sergot,et al.  On the characterization of law and computer systems: the normative systems perspective , 1994 .

[2]  Marek J. Sergot,et al.  The British Nationality Act as a logic program , 1986, CACM.

[3]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[4]  Henry Prakken,et al.  Law and logic: A review from an argumentation perspective , 2015, Artif. Intell..

[5]  Guido Governatori,et al.  A modal and deontic defeasible reasoning system for modelling policies and multi-agent systems , 2009, Expert Syst. Appl..

[6]  Siani Pearson,et al.  Sticky Policies: An Approach for Managing Privacy across Multiple Parties , 2011, Computer.

[7]  Mustafa Hashmi,et al.  Enabling Reasoning with LegalRuleML , 2016, RuleML.

[8]  Jeff Z. Pan,et al.  Rules and Rule Markup Languages for the Semantic Web , 2003, Lecture Notes in Computer Science.

[9]  Declan O'Sullivan,et al.  GDPRtEXT - GDPR as a Linked Data Resource , 2018, ESWC.

[10]  PrakkenHenry,et al.  Law and logic , 2015 .

[11]  Piero A. Bonatti,et al.  Datalog for Security, Privacy and Trust , 2010, Datalog.

[12]  Birte Glimm,et al.  Konclude: System description , 2014, J. Web Semant..

[13]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[14]  Yevgeny Kazakov,et al.  From Polynomial Procedures to Efficient Reasoning with EL Ontologies , 2013 .

[15]  Guido Governatori,et al.  OASIS LegalRuleML , 2013, ICAIL.

[16]  Sebastian Thelen,et al.  Electronic Government and the Information Systems Perspective , 2015, Lecture Notes in Computer Science.

[17]  Livio Robaldo,et al.  PrOnto: Privacy Ontology for Legal Reasoning , 2018, EGOVIS.

[18]  Serena Villata,et al.  Normative Requirements as Linked Data , 2017, JURIX.

[19]  V. S. Costa,et al.  Theory and Practice of Logic Programming , 2010 .

[20]  Axel Polleres,et al.  Creating a Vocabulary for Data Privacy - The First-Year Report of Data Privacy Vocabularies and Controls Community Group (DPVCG) , 2019, OTM Conferences.

[21]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[22]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[23]  Gian Piero Zarri,et al.  Representation and Management of Narrative Information - Theoretical Principles and Implementation , 2008, Advanced Information and Knowledge Processing.

[24]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[25]  Serena Villata,et al.  Semantic Business Process Regulatory Compliance Checking Using LegalRuleML , 2016, EKAW.

[26]  J. Horty Agency and Deontic Logic , 2001 .

[27]  Piero A. Bonatti Fast Compliance Checking in an OWL2 Fragment , 2018, IJCAI.

[28]  Cristiana Santos,et al.  Using Ontologies to Model Data Protection Requirements in Workflows , 2015, JSAI-isAI Workshops.

[29]  Markus Krötzsch,et al.  The Incredible ELK , 2013, Journal of Automated Reasoning.

[30]  Piero A. Bonatti,et al.  A Rule-Based Trust Negotiation System , 2010, IEEE Transactions on Knowledge and Data Engineering.

[31]  Boris Motik,et al.  HermiT: An OWL 2 Reasoner , 2014, Journal of Automated Reasoning.

[32]  Guido Governatori,et al.  Computing Strong and Weak Permissions in Defeasible Logic , 2012, Journal of Philosophical Logic.

[33]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[34]  Guido Governatori,et al.  LegalRuleML: XML-Based Rules and Norms , 2011, RuleML America.