A combined rule-based and machine learning approach for automated GDPR compliance checking

Hamdani, Rajaa El; Mustapha, Majd; Amariles, David Restrepo; Troussel, Aurore; Meeùs, Sébastien; Krasnashchok, Katsiaryna

doi:10.1145/3462757.3466081

Cited by 21 publications

(8 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is another field that interests us, and we see that many researchers share our interest, especially since the application of the General Data Protection Regulation. Despite its importance, it is still in its early stages of research, as the junction of these fields highlights new issues and requires new techniques to be developed, presumably combining Deep Learning, LLMs, and Hiding techniques [113].…”

Section: Discussionmentioning

confidence: 99%

A Survey on Challenges and Advances in Natural Language Processing with a Focus on Legal Informatics and Low-Resource Languages

Krasadakis,

Sakkopoulos,

Verykios

2024

Electronics

View full text Add to dashboard Cite

The field of Natural Language Processing (NLP) has experienced significant growth in recent years, largely due to advancements in Deep Learning technology and especially Large Language Models. These improvements have allowed for the development of new models and architectures that have been successfully applied in various real-world applications. Despite this progress, the field of Legal Informatics has been slow to adopt these techniques. In this study, we conducted an extensive literature review of NLP research focused on legislative documents. We present the current state-of-the-art NLP tasks related to Law Consolidation, highlighting the challenges that arise in low-resource languages. Our goal is to outline the difficulties faced by this field and the methods that have been developed to overcome them. Finally, we provide examples of NLP implementations in the legal domain and discuss potential future directions.

show abstract

Section: Discussionmentioning

confidence: 99%

A Survey on Challenges and Advances in Natural Language Processing with a Focus on Legal Informatics and Low-Resource Languages

Krasadakis,

Sakkopoulos,

Verykios

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Automated means for checking compliance and completeness of legal requirements have been also investigated in RE. Hamdani et al [64] present an automated GDPR compliance checking approach that relies on NLP to extract data practices from privacy policies and encodes GDPR rules to check the presence of mandatory information. NLP technologies have been utilized also for solving other problems, e.g., Bhatia et al [19] identify incompleteness in privacy policies, Lippi et al [20] automatically detect potentially unfair clauses in online terms of service, and Sleimi et al [21] extract semantic metadata from legal requirements.…”

Section: Related Workmentioning

confidence: 99%

ML-Based Compliance Verification of Data Processing Agreements against GDPR

Amaral,

Abualhaija,

Briand

2023

2023 IEEE 31st International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Most current software systems involve processing personal data, an activity that is regulated in Europe by the general data protection regulation (GDPR) through data processing agreements (DPAs). Developing compliant software requires adhering to DPA-related requirements in GDPR. Verifying the compliance of DPAs entirely manually is however time-consuming and error-prone. In this paper, we propose an automation strategy based on machine learning (ML) for checking GDPR compliance in DPAs. Specifically, we create, based on existing work, a comprehensive conceptual model that describes the information types pertinent to DPA compliance. We then develop an automated approach that detects breaches of compliance by predicting the presence of these information types in DPAs. On an evaluation set of 30 real DPAs, our approach detects 483 out of 582 genuine violations while introducing 93 false violations, achieving thereby a precision of 83.9% and recall of 83.0%. We empirically compare our approach against an existing approach which does not employ ML but relies on manually-defined rules. Our results indicate that the two approaches perform on par. Therefore, to select the right solution in a given context, we discuss differentiating factors like the availability of annotated data and legal experts, and adaptation to regulation changes.

show abstract

“…Hamdani et al [ 50 ] combine machine learning (ML) with rule-based reasoning and propose a framework for automated GDPR compliance checking. Compliance is based on Article 13 and 14 and uses the OPP-115 [ 51 ] taxonomy to capture 10 rules from these articles.…”

Section: Related Workmentioning

confidence: 99%

“…The studies which automate compliance have experimental PoC implementation; thus cannot be directly deployed and used. Although all these solutions have undergone performance evaluation, a scalability evaluation was performed only for [ 46 , 50 ]. Apart from [ 25 ], none of the studies discussed the ease of adapting their respective approaches to other regulatory frameworks.…”

Section: Related Workmentioning

confidence: 99%

Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

Chhetri

Kurteva

DeLong

et al. 2022

Sensors

View full text Add to dashboard Cite

The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR’s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains.

show abstract

A combined rule-based and machine learning approach for automated GDPR compliance checking

Cited by 21 publications

References 20 publications

A Survey on Challenges and Advances in Natural Language Processing with a Focus on Legal Informatics and Low-Resource Languages

A Survey on Challenges and Advances in Natural Language Processing with a Focus on Legal Informatics and Low-Resource Languages

ML-Based Compliance Verification of Data Processing Agreements against GDPR

Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

Contact Info

Product

Resources

About