User consent modeling for ensuring transparency and compliance in smart cities

Smart city infrastructures such as transportation and energy networks are evolving into so-called cyber physical social systems (CPSSs), which collect and leverage citizens’ data in order to adapt services to citizens’ needs. The privacy implications of such systems are, however, significant and need to be addressed. Current systems either try to escape the privacy challenge via anonymization or use very rigid, hard-coded workflows that have been agreed with a data protection authority. In the case of the latter, there is a severe impact on data quality and richness, whereas in the former, only these hard-coded flows are permitted resulting in diminished functionality and potential. We address these limitations via user modeling in terms of investigating how to model and semantically represent user consent, preferences, and data usage policies that will guide the processing of said data in the data lake. Data protection is a horizontal field and consequently very wide. Therefore, we focus on a concrete setting where we extend the domain-agnostic SPECIAL policy language for a smart mobility use case supplied by Vienna’s largest utility provider. To that end, (1) we create an extension of SPECIAL in terms of a core CPSS vocabulary that lowers the semantic gap between the domain agnostic terms of SPECIAL and the vocabulary of the use case; (2) we propose a workflow that supports defining domain-specific vocabularies for complex CPSSs; and (3) show that these two contributions allow successfully achieving the goals of our setting.

[1]  Noël Crespi,et al.  Dynamic Social Structure of Things: A Contextual Approach in CPSS , 2015, IEEE Internet Computing.

[2]  Rafael Accorsi,et al.  Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[3]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[4]  Luís Soares Barbosa,et al.  A taxonomy for planning and designing smart mobility services , 2018, Gov. Inf. Q..

[5]  Alberto Córdoba,et al.  Ontology Based Road Traffic Management , 2012, IDC.

[6]  Steffen Staab,et al.  Designing core ontologies , 2011, Appl. Ontology.

[7]  Alexander V. Smirnov,et al.  Socio-cyberphysical system for proactive driver support approach and case study , 2015, 2015 12th International Conference on Informatics in Control, Automation and Robotics (ICINCO).

[8]  Marco Montali,et al.  Compliance monitoring in business processes: Functionalities, application, and tool-support , 2015, Inf. Syst..

[9]  Roel Peeters,et al.  Distributed privacy-preserving transparency logging , 2013, WPES.

[10]  James A. Hendler,et al.  Analyzing web access control policies , 2007, WWW '07.

[11]  Fei-Yue Wang,et al.  The Emergence of Intelligent Enterprises: From CPS to CPSS , 2010, IEEE Intelligent Systems.

[12]  Piero A. Bonatti,et al.  Big Data and Analytics in the Age of the GDPR , 2019, 2019 IEEE International Congress on Big Data (BigDataCongress).

[13]  Panos Kalnis,et al.  Fast Data Anonymization with Low Information Loss , 2007, VLDB.

[14]  Deborah L. McGuinness,et al.  PROV-O: The PROV Ontology , 2013 .

[15]  M P van der AalstWil,et al.  Compliance monitoring in business processes , 2015 .

[16]  Fenghua Zhu,et al.  Cyber-physical-social system in intelligent transportation , 2015, IEEE/CAA Journal of Automatica Sinica.

[17]  Piero A. Bonatti,et al.  A Rule-Based Trust Negotiation System , 2010, IEEE Transactions on Knowledge and Data Engineering.

[18]  Lorrie Faith Cranor,et al.  Web privacy with P3P - the platform for privacy preferences , 2002 .

[19]  Dave Lewis,et al.  Modelling Provenance for GDPR Compliance using Linked Open Data Vocabularies , 2017, PrivOn@ISWC.

[20]  Yves Raimond,et al.  RDF 1.1 Primer , 2014 .

[21]  Paola Espinoza-Arias,et al.  Ontological Representation of Smart City Data: From Devices to Cities , 2018, Applied Sciences.

[22]  Bing Li,et al.  An Assistive Navigation Framework for the Visually Impaired , 2015, IEEE Transactions on Human-Machine Systems.

[23]  Feng Gao,et al.  Butler, Not Servant: A Human-Centric Smart Home Energy Management System , 2017, IEEE Communications Magazine.

[24]  Christophe Debruyne,et al.  Compliance through Informed Consent: Semantic Based Consent Permission and Data Management Model , 2017, PrivOn@ISWC.

[25]  Pearl Brereton,et al.  Using mapping studies as the basis for further research - A participant-observer case study , 2011, Inf. Softw. Technol..

[26]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[27]  Mihir Bellare,et al.  Forward Integrity For Secure Audit Logs , 1997 .

[28]  Ramesh C. Jain,et al.  A Real-time Complex Event Discovery Platform for Cyber-Physical-Social Systems , 2014, ICMR.

[29]  Marcello Pellicciari,et al.  A framework to design a human-centred adaptive manufacturing system for aging workers , 2017, Adv. Eng. Informatics.

[30]  Boris Motik,et al.  OWL 2 Web Ontology Language: structural specification and functional-style syntax , 2008 .

[31]  Philip S. Yu,et al.  A General Survey of Privacy-Preserving Data Mining Models and Algorithms , 2008, Privacy-Preserving Data Mining.

[32]  Axel Polleres,et al.  Transparent Personal Data Processing: The Road Ahead , 2017, SAFECOMP Workshops.

[33]  Andrew Sutton,et al.  Blockchain Enabled Privacy Audit Logs , 2017, International Semantic Web Conference.

[34]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[35]  Mireille Hildebrandt,et al.  Smart Technologies and the End(s) of Law. Novel Entanglements of Law and Technology , 2015 .

[36]  Dan Brickley,et al.  FOAF Vocabulary Specification , 2004 .

[37]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..