This demo shows an ODRL editor where RDF policies can be defined and enforced to grant access to personal data stored in Solid Pods. Policies are represented using OAC, the ODRL profile for Access Control, which allows the definition of complex, fine-grained permissive and prohibitive policies that are aligned with GDPR requirements regarding the processing of personal data. In addition, a second demonstrator is presented to simulate an app's request for data and examples of policies and consent record modelling are showcased.
This article surveys existing vocabularies, ontologies and policy languages that can be used to represent informational items referenced in GDPR rights and obligations, such as the ‘notification of a data breach’, the ‘controller’s identity’ or a ‘DPIA’. Rights and obligations in GDPR are analyzed in terms of information flows between different stakeholders, and a complete collection of 57 different informational items that are mentioned by GDPR is described. 13 privacy-related policy languages and 9 data protection vocabularies and ontologies are studied in relation to this list of informational items. ODRL and LegalRuleML emerge as the languages that can respond positively to a greater number of the defined comparison criteria if complemented with DPV and GDPRtEXT, since 39 out of the 57 informational items can be modelled. Online supplementary material is provided, including a simple search application and a taxonomy of the identified entities.
This paper aims to describe a research project focused on the digital representation of information related to the privacy and data protection domain. Currently, privacy policies are used by data controllers as a tool to achieve compliance with data protection regulations such as the EU GDPR, instead of being a privacy instrument at the disposal of both controllers and data subjects. On the other hand, data subjects lack the tools to effectively establish preferences when it comes to the processing and disclosure of their personal data, as well as to easily exercise their rights. In this regard, this paper discusses the challenges of the implementation of a service based on decentralised Web technologies and Semantic Web standards and specifications to facilitate the communication between data subjects and data controllers in the light of the GDPR. The main challenges that this service intends to address are linked to the exercising of GDPR-related rights and obligations, the negotiation of privacy terms and the governance of access to personal data stores. A case study in the healthcare and genomics domain will be explored to experiment with the developed tools. Early-stage results related to the implementation of semantic policies for the representation of GDPR rights and obligations are presented.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.