Big Data and Analytics in the Age of the GDPR

The new European General Data Protection Regulation places stringent restrictions on the processing of personally identifiable data. The GDPR does not only affect European companies, as the regulation applies to all the organizations that track or provide services to European citizens. Free exploratory data analysis is permitted only on anonymous data, at the cost of some legal risks. We argue that for the other kinds of personal data processing, the most flexible and safe legal basis is explicit consent. We illustrate the approach to consent management and compliance with the GDPR being developed by the European H2020 project SPECIAL, and highlight some related big data aspects.

[1]  Piero A. Bonatti Fast Compliance Checking in an OWL2 Fragment , 2018, IJCAI.

[2]  Declan O'Sullivan,et al.  GDPRtEXT - GDPR as a Linked Data Resource , 2018, ESWC.

[3]  Yufei Tao,et al.  Transparent anonymization: Thwarting adversaries who know the algorithm , 2010, TODS.

[4]  Birte Glimm,et al.  Konclude: System description , 2014, J. Web Semant..

[5]  Sarah Spiekermann,et al.  Networks of Control: A Report on Corporate Surveillance, Digital Tracking, Big Data & Privacy , 2016 .

[6]  Boris Motik,et al.  HermiT: An OWL 2 Reasoner , 2014, Journal of Automated Reasoning.

[7]  Golden G. Richard,et al.  Toward a more dependable hybrid analysis of android malware using aspect-oriented programming , 2018, Comput. Secur..

[8]  Rathindra Sarathy,et al.  Evaluating Laplace Noise Addition to Satisfy Differential Privacy for Numeric Data , 2011, Trans. Data Priv..

[9]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[10]  Lori L. Pollock,et al.  Automatic generation of natural language summaries for Java classes , 2013, 2013 21st International Conference on Program Comprehension (ICPC).

[11]  Chris Clifton,et al.  How Much Is Enough? Choosing ε for Differential Privacy , 2011, ISC.

[12]  Livio Robaldo,et al.  PrOnto: Privacy Ontology for Legal Reasoning , 2018, EGOVIS.

[13]  Antoinette Abel Getting ready for GDPR , 2018 .

[14]  Livio Robaldo,et al.  Legal Ontology for Modelling GDPR Concepts and Norms , 2018, JURIX.

[15]  Karuna Pande Joshi,et al.  An Integrated Knowledge Graph to Automate GDPR and PCI DSS Compliance , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[16]  Chris Clifton,et al.  On syntactic anonymity and differential privacy , 2013, 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW).

[17]  Mani B. Srivastava,et al.  SenseGen: A deep learning architecture for synthetic sensor data generation , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[18]  Josep Domingo-Ferrer,et al.  Privacy by design in big data: An overview of privacy enhancing technologies in the era of big data analytics , 2015, ArXiv.

[19]  Ninghui Li,et al.  On sampling, anonymization, and differential privacy or, k-anonymization meets differential privacy , 2011, ASIACCS '12.

[20]  Yevgeny Kazakov,et al.  From Polynomial Procedures to Efficient Reasoning with EL Ontologies , 2013 .

[21]  Siani Pearson,et al.  Sticky Policies: An Approach for Managing Privacy across Multiple Parties , 2011, Computer.

[22]  Piero A. Bonatti,et al.  Datalog for Security, Privacy and Trust , 2010, Datalog.

[23]  Gianclaudio Malgieri,et al.  The right to data portability in the GDPR: Towards user-centric interoperability of digital services , 2017, Comput. Law Secur. Rev..

[24]  Paolo Giorgini,et al.  Toward GDPR-Compliant Socio-Technical Systems: Modeling Language and Reasoning Framework , 2017, PoEM.

[25]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[26]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[27]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[28]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[29]  Collin McMillan,et al.  Automatic documentation generation via source code summarization of method context , 2014, ICPC 2014.

[30]  Karuna Pande Joshi,et al.  A Knowledge Representation of Cloud Data Controls for EU GDPR Compliance , 2018, 2018 IEEE World Congress on Services (SERVICES).

[31]  Prateek Mittal,et al.  Dependence Makes You Vulnberable: Differential Privacy Under Dependent Tuples , 2016, NDSS.

[32]  Piero A. Bonatti,et al.  A Rule-Based Trust Negotiation System , 2010, IEEE Transactions on Knowledge and Data Engineering.