Greater Control and Transparency in Personal Data Processing

Although the European General Data Protection Regulation affords data subjects more control over how their personal data is stored and processed, there is a need for technical solutions to support these legal rights. In this position paper we assess the level of control, transparency and compliance offered by three different approaches (i.e., defacto standard, SPECIAL, Solid). We propose a layered decentralised architecture based on combining SPECIAL and Solid. Finally, we introduce our usage control framework, which we use to compare and contrast the level of control and compliance offered by the four different approaches.

[1]  Qiang Tang,et al.  On Using Encryption Techniques to Enhance Sticky Policies Enforcement , 2008 .

[2]  Declan O'Sullivan,et al.  GDPRtEXT - GDPR as a Linked Data Resource , 2018, ESWC.

[3]  Roel Peeters,et al.  Distributed privacy-preserving transparency logging , 2013, WPES.

[4]  Yolanda Gil,et al.  A survey of trust in computer science and the Semantic Web , 2007, J. Web Semant..

[5]  Alessandro Acquisti,et al.  Gone in 15 Seconds: The Limits of Privacy Transparency and Control , 2013, IEEE Security & Privacy.

[6]  Mihir Bellare,et al.  Forward Integrity For Secure Audit Logs , 1997 .

[7]  Timothy W. Finin,et al.  A Policy Based Approach to Security for the Semantic Web , 2003, SEMWEB.

[8]  Jamal Bentahar,et al.  A survey on trust and reputation models for Web services: Single, composite, and communities , 2015, Decis. Support Syst..

[9]  Christoph Lange,et al.  Linked Data Notifications: A Resource-Centric Communication Protocol , 2017, ESWC.

[10]  N. Shahmehri,et al.  An Integration of Reputation-based and Policy-based Trust Management , 2005 .

[11]  Guido Governatori,et al.  LegalRuleML: XML-Based Rules and Norms , 2011, RuleML America.

[12]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[13]  Siani Pearson,et al.  End-to-end policy based encryption techniques for multi-party data management , 2014, Comput. Stand. Interfaces.

[14]  Michael Backes,et al.  Anonymous Webs of Trust , 2010, Privacy Enhancing Technologies.

[15]  Rolf Oppliger,et al.  Does trusted computing remedy computer security problems? , 2005, IEEE Security & Privacy Magazine.

[16]  Jordi Sabater-Mir,et al.  Computational trust and reputation models for open multi-agent systems: a review , 2013, Artificial Intelligence Review.

[17]  Rafael Accorsi,et al.  Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[18]  Nicola Greco,et al.  Solid : A Platform for Decentralized Social Applications Based on Linked Data , 2016 .

[19]  Marina De Vos,et al.  ODRL Policy Modelling and Compliance Checking , 2019, RuleML+RR.

[20]  Muthucumaru Maheswaran,et al.  Evolving and managing trust in grid computing systems , 2002, IEEE CCECE2002. Canadian Conference on Electrical and Computer Engineering. Conference Proceedings (Cat. No.02CH37373).

[21]  James A. Hendler,et al.  Metcalfe's law, Web 2.0, and the Semantic Web , 2008, J. Web Semant..

[22]  Cristiana Santos,et al.  Using Ontologies to Model Data Protection Requirements in Workflows , 2015, JSAI-isAI Workshops.

[23]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[24]  Ahmad-Reza Sadeghi,et al.  Trusted Computing , 2010, Handbook of Financial Cryptography and Security.

[25]  Jennifer Golbeck,et al.  Trust on the World Wide Web: A Survey , 2006, Found. Trends Web Sci..

[26]  Piero A. Bonatti,et al.  Rule-Based Policy Representation and Reasoning for the Semantic Web , 2007, Reasoning Web.

[27]  Piero A. Bonatti,et al.  Big Data and Analytics in the Age of the GDPR , 2019, 2019 IEEE International Congress on Big Data (BigDataCongress).

[28]  Fabio Vitali,et al.  MetaLex XML and the Legal Knowledge Interchange Format , 2008, Computable Models of the Law, Languages, Dialogues, Games, Ontologies.

[29]  Guido Governatori,et al.  OASIS LegalRuleML , 2013, ICAIL.

[30]  Axel Polleres,et al.  Transparent Personal Data Processing: The Road Ahead , 2017, SAFECOMP Workshops.