论文信息 - An Ontology Design Pattern for Describing Personal Data in Privacy Policies

An Ontology Design Pattern for Describing Personal Data in Privacy Policies

Privacy laws such as the General Data Protection Regulation (GDPR) specify several obligations involving personal data. A privacy policy is a document that provides information for legal compliance on how personal data is collected, used, stored, and shared, which is essential for understanding their privacy implications. Approaches such as the UsablePrivacy project that extract information from the text of the privacy policy need to structure it in a manner suitable for machine processing. Semantic web has been proven to be suitable to represent this knowledge as a set of queryable concepts and relationships. However, there is a large overlap between different projects and approaches targeting the privacy policy that does not take advantage of the significant similarity of its underlying information. We present an ontology design pattern to aid these efforts in representing and modelling information related to personal data within a privacy policy. The pattern aims to assist the existing ecosystem of machine-based approaches for interpretation and visualisation of privacy policies by providing a common structured representation to ease modelling and sharing of related information.

[1] Paolo Torroni,et al. CLAUDETTE meets GDPR: Automating the Evaluation of Privacy Policies using Artificial Intelligence , 2018 .

[2] Norman M. Sadeh,et al. PrivOnto: A semantic framework for the analysis of privacy policies , 2017 .

[3] Shinsaku Kiyomoto,et al. PrivacyGuide: Towards an Implementation of the EU GDPR on Internet Privacy Policy Evaluation , 2018, IWSPA@CODASPY.

[4] Declan O'Sullivan,et al. GDPRtEXT - GDPR as a Linked Data Resource , 2018, ESWC.

[5] Benjamin Fabian,et al. Large-scale readability analysis of privacy policies , 2017, WI.

[6] Fabio Vitali,et al. Modelling OWL Ontologies with Graffoo , 2014, ESWC.

[7] Dave Lewis,et al. Modelling Provenance for GDPR Compliance using Linked Open Data Vocabularies , 2017, PrivOn@ISWC.

[8] Toru Nakamura,et al. I Read but Don't Agree: Privacy Policy Benchmarking using Machine Learning and the EU GDPR , 2018, WWW.

[9] Colin Potts,et al. Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.

[10] Frederick Liu,et al. The Creation and Analysis of a Website Privacy Policy Corpus , 2016, ACL.

[11] Philipp Koehn,et al. Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers) , 2016 .