Towards Legal Compliance by Correlating Standards and Laws with a Semi-automated Methodology

Bartolini, Cesare; Giurgiu, Andra; Lenzini, Gabriele; Robaldo, Livio

doi:10.1007/978-3-319-67468-1_4

Cited by 18 publications

(15 citation statements)

References 35 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To this end, there have been several critical studies that provide an overview of legal ontologies to date (Leone, Di Caro, & Villata, 2019;Rodrigues, Freitas, Barreiros, Azevedo, & de Almeida Filho, 2019) that present the state of legal ontologies and their usage in the community. At the same time, there are efforts to automate the association of legal requirements with applicable standards -specifically those regarding GDPR and ISO (Bartolini, Giurgiu, Lenzini, & Robaldo, 2017). This provides an important step in the automation of legal compliance by enabling machine-readable and queryable information regarding applicable standards for a specific legal clause.…”

Section: Emerging Effortsmentioning

confidence: 99%

Standardisation, Data Interoperability, and GDPR

Pandit

Debruyne

O’Sullivan

et al. 2020

Shaping the Future Through Standardization

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) has changed the ecosystem of services involving personal data and information. It emphasises several obligations and rights, amongst which the Right to Data Portability requires providing a copy of the given personal data in a commonly used, structured, and machine-readable format – for interoperability. The GDPR thus explicitly motivates the use and adoption of data interoperability concerning information. This chapter explores the entities and their interactions in the context of the GDPR to provide an information model for the development of interoperable services. The model categorises information and exchanges and explores existing standards and efforts towards use for interoperable interactions. The chapter concludes with an argument for the use and adoption of structured metadata to enable more expressive services through semantic interoperability.

show abstract

Section: Emerging Effortsmentioning

confidence: 99%

Standardisation, Data Interoperability, and GDPR

Pandit

Debruyne

O’Sullivan

et al. 2020

Shaping the Future Through Standardization

View full text Add to dashboard Cite

show abstract

“…∃ ee [(RexistAtT ime e e t) ∧ (elegant e e x)] ) ∈ C A more complex example, taken from the DAPRECO knowledge base, is the representation in reified Input/Output logic of the provision in Article 12, paragraph 7, of the GDPR, shown in (13). Other examples are provided in (Bartolini et al, 2016;).…”

Section: Using Input/output Logic For Legal Reasoningmentioning

confidence: 99%

“…Within the DAPRECO project we provide some possible, early legal interpretations of GDPR provisions in terms of correlations between them and the controls in some ISO security standards (see (Bartolini et al, 2016)).…”

Section: Legal Interpretationsmentioning

confidence: 99%

Formalizing GDPR Provisions in Reified I/O Logic: The DAPRECO Knowledge Base

Robaldo

Bartolini

Palmirani

et al. 2019

J of Log Lang and Inf

Self Cite

View full text Add to dashboard Cite

The DAPRECO knowledge base is the main outcome of the interdisciplinary project bearing the same name 1. It is a repository of rules written in LegalRuleML, an XML formalism designed to be a standard for representing the semantic and logical content of legal documents. The rules represent the provisions of the General Data Protection Regulation (GDPR), the new Regulation that is significantly affecting the digital market in the European Union and beyond. The DAPRECO knowledge base builds upon the Privacy Ontology (PrOnto) (Palmirani et al., 2018c), which provides a model for the legal concepts involved in the GDPR, by adding a further layer of constraints in the form of if-then rules, referring either to standard first order logic implications or to deontic statements. If-then rules are formalized in reified Input/Output logic (Robaldo and Sun, 2017) and then codified in LegalRuleML. Reified Input/Output logic is an application of standard Input/Output logic for legal reasoning, in which Input/Output logic is combined with the reification-based approach in (Hobbs and Gordon, 2017). The DAPRECO knowledge base is then a case study for reified Input/Output logic, and it shows that the formalism indeed appears to be a good candidate to effectively formalize, via uniform and simple (flat) representations, complex linguistic/deontic phenomena that may be found in legal texts. To date, the DAPRECO knowledge base is the biggest knowledge base in LegalRuleML and Input/Output logic freely available online 2 .

show abstract

“…The second requirement can easily be satisfied when definitions are available (such is the case in the GDPR and in ISO 27018), so that matching definitions can correspond to equivalent concepts. For example, the definition of "personally identifiable information (PII)" in ISO 27018 (Article 3.2) is nearly identical to that of "personal data" in the GDPR [Article 4(a)], so it is safe to assume that the PII in the ISO 27018 conceptual model corresponds to the concept of personal data in privacy ontology (PrOnto) (see Palmirani et al 1 for more concrete application examples).…”

Section: Scenario 1: Finding Correlations Between the Gdpr And Iso 27018mentioning

confidence: 99%

“…Using defeasibility, which is one of the features of RIO logic, the DAPRECO knowledge base can be extended by incorporating additional legal interpretations (possibly incompatible with each other) of the GDPR provisions. 1 Defeasibility is not supported in PrOnto, as it is not a feature of the OWL language.…”

Section: Legal Rules: the Dapreco Knowledge Basementioning

confidence: 99%

The DAta Protection REgulation COmpliance Model

Bartolini

Lenzini

Robaldo

2019

IEEE Secur. Privacy

Self Cite

View full text Add to dashboard Cite

Understanding whether certain technical measures comply with the General Data Protection Regulation's (GDPR's) principles is complex legal work. This article describes a model of the GDPR that allows for a semiautomatic processing of legal text and the leveraging of state-of-the-art legal informatics approaches, which are useful for legal reasoning, software design, information retrieval, or compliance checking.

show abstract

Towards Legal Compliance by Correlating Standards and Laws with a Semi-automated Methodology

Cited by 18 publications

References 35 publications

Standardisation, Data Interoperability, and GDPR

Standardisation, Data Interoperability, and GDPR

Formalizing GDPR Provisions in Reified I/O Logic: The DAPRECO Knowledge Base

The DAta Protection REgulation COmpliance Model

Contact Info

Product

Resources

About