Standardisation, Data Interoperability, and GDPR

The General Data Protection Regulation (GDPR) has changed the ecosystem of services involving personal data and information. It emphasises several obligations and rights, amongst which the Right to Data Portability requires providing a copy of the given personal data in a commonly used, structured, and machine-readable format – for interoperability. The GDPR thus explicitly motivates the use and adoption of data interoperability concerning information. This chapter explores the entities and their interactions in the context of the GDPR to provide an information model for the development of interoperable services. The model categorises information and exchanges and explores existing standards and efforts towards use for interoperable interactions. The chapter concludes with an argument for the use and adoption of structured metadata to enable more expressive services through semantic interoperability.

[1]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[2]  Hans Hedbom,et al.  Privacy Impact Assessment Template for Provenance , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[3]  Serena Villata,et al.  Taking stock of legal ontologies: a feature-based comparative analysis , 2019, Artificial Intelligence and Law.

[4]  Georg Disterer,et al.  ISO/IEC 27000, 27001 and 27002 for Information Security Management , 2013 .

[5]  Deborah L. McGuinness,et al.  PROV-O: The PROV Ontology , 2013 .

[6]  Declan O'Sullivan,et al.  GDPRtEXT - GDPR as a Linked Data Resource , 2018, ESWC.

[7]  Christophe Debruyne,et al.  GConsent - A Consent Ontology Based on the GDPR , 2019, ESWC.

[8]  Sabrina Kirrane,et al.  Compliance Using Metadata , 2018, Semantic Applications.

[9]  Douwe Korff,et al.  The Data Protection Officer Handbook , 2019 .

[10]  Nathan Good,et al.  ‘When the Dust Doesn’t Settle’ – GDPR Compliance One Year In , 2019, SSRN Electronic Journal.

[11]  Livio Robaldo,et al.  Towards Legal Compliance by Correlating Standards and Laws with a Semi-automated Methodology , 2016, BNCAI.

[12]  Sandeep Mittal I.P.S. The Role of Consent in Legitimising the Processing of Personal Data Under the Current EU Data Protection Framework , 2017 .

[13]  Axel Polleres,et al.  Transparent Personal Data Processing: The Road Ahead , 2017, SAFECOMP Workshops.

[14]  Tristan Henderson,et al.  How Portable is Portable?: Exercising the GDPR's Right to Data Portability , 2018, UbiComp/ISWC Adjunct.

[15]  Tzanko Tzolov One Model For Implementation GDPR Based On ISO Standards , 2018, 2018 International Conference on Information Technologies (InfoTech).

[16]  Serena Villata,et al.  Semantic Business Process Regulatory Compliance Checking Using LegalRuleML , 2016, EKAW.

[17]  Marina De Vos,et al.  ODRL Policy Modelling and Compliance Checking , 2019, RuleML+RR.

[18]  Paul De Hert,et al.  The cloud computing standard ISO/IEC 27018 through the lens of the EU legislation on data protection , 2016, Comput. Law Secur. Rev..

[19]  Kaniz Fatema,et al.  Linked Data Contracts to Support Data Protection and Data Ethics in the Sharing of Scientific Data , 2017, SemSci@ISWC.

[20]  Pedro Oliveira,et al.  How ISO 27001 Can Help Achieve GDPR Compliance , 2019, 2019 14th Iberian Conference on Information Systems and Technologies (CISTI).

[21]  Christophe Debruyne,et al.  An Exploration of Data Interoperability for GDPR , 2018 .

[22]  Simon Steyskal,et al.  If you can't enforce it, contract it: Enforceability in Policy-Driven (Linked) Data Markets , 2015, SEMANTiCS.

[23]  Gianclaudio Malgieri,et al.  The right to data portability in the GDPR: Towards user-centric interoperability of digital services , 2017, Comput. Law Secur. Rev..

[24]  Axel Polleres,et al.  A Scalable Consent, Transparency and Compliance Architecture , 2018, ESWC.

[25]  Dave Lewis,et al.  Modelling Provenance for GDPR Compliance using Linked Open Data Vocabularies , 2017, PrivOn@ISWC.

[26]  Adauto Trigueiro de Almeida Filho,et al.  Legal ontologies over time: A systematic mapping study , 2019, Expert Syst. Appl..