Using Ontologies to Model Data Protection Requirements in Workflows

Bartolini, Cesare; Muthuri, Robert; Santos, Cristiana

doi:10.1007/978-3-319-50953-2_17

Cited by 22 publications

(25 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the interim, a preliminary version of a legal ontology for the GDPR has been defined already [4]. Albeit partial and based on an older version of the GDPR, it was designed to express the duties of the controller.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Towards Legal Compliance by Correlating Standards and Laws with a Semi-automated Methodology

Bartolini

Giurgiu

Lenzini

et al. 2017

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

Abstract. Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of compliance in favour of the implementing party, provided there is a clear correspondence between the provisions of a specific standard and the regulation's requirements. However, identifying such correspondences is a complex process which is complicated further by the fact that the established correlations may be overridden in time e.g., because newer court decisions change the interpretation of certain legal provisions. To help solve these problems, we present a framework that supports legal experts in recognizing correlations between provisions in a standard and requirements in a given law. The framework relies on state-of-the-art Natural Language Semantics techniques to process the linguistic terms of the two documents, and maintains a knowledge base of the logic representations of the terms, together with their defeasible correlations, both formal and substantive. An application of the framework is shown by comparing a provision of the European General Data Protection Regulation with the ISO/IEC 27018:2014 standard.

show abstract

Section: Methodsmentioning

confidence: 99%

“…The Regulation enhances the responsibility of data controllers and strengthens the rights of the data subject. Controllers will face heavy administrative fines in case of non-compliance with its provisions [13], which go as high as four percent of the total worldwide annual turnover of an undertaking 4 .…”

Section: The Data Protection Reformmentioning

confidence: 99%

Towards Legal Compliance by Correlating Standards and Laws with a Semi-automated Methodology

Bartolini

Giurgiu

Lenzini

et al. 2017

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…For the most part, the queries for the data protection ontology are the SPARQL representation of the competency questions that have been introduced in [8], to perform the assessment of that ontology.…”

Section: Validationmentioning

confidence: 99%

“…This means that the test suite (and, therefore, the competency questions from [8]) cover little more than half the named classes of the ontology. By measuring the coverage on the mutants, the results are highly variable: the minimum coverage is 31.03%, whereas the maximum one is 81.82%.…”

Section: Validationmentioning

confidence: 99%

Software Testing Techniques Revisited for OWL Ontologies

Bartolini

2017

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

Abstract. Ontologies are an essential component of semantic knowledge bases and applications, and nowadays they are used in a plethora of domains. Despite the maturity of ontology languages, support tools and engineering techniques, the testing and validation of ontologies is a field which still lacks consolidated approaches and tools. This paper attempts at partly bridging that gap, taking a first step towards the extension of some traditional software testing techniques to ontologies expressed in a widely-used format. Mutation testing and coverage testing, revisited in the light of the peculiar features of the ontology language and structure, can can assist in designing better test suites to validate them, and overall help in the engineering and refinement of ontologies and software based on them.

show abstract

“…In particular, GDPR focuses on the use of consent and personal data and provides the data subject with several rights. These new changes have spurred innovation within the community -both in the industry as well as in academia [3,5,6,21] -that targets compliance with the various obligations of the GDPR. While such solutions claim assistance to the various provisions of the GDPR, comparing and collecting such solutions is a difficult undertaking due to the inability of consolidating them in an efficient manner.…”

Section: Introductionmentioning

confidence: 99%

GDPRtEXT - GDPR as a Linked Data Resource

et al. 2018

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) is the new European data protection law whose compliance affects organisations in several aspects related to the use of consent and personal data. With emerging research and innovation in data management solutions claiming assistance with various provisions of the GDPR, the task of comparing the degree and scope of such solutions is a challenge without a way to consolidate them. With GDPR as a linked data resource, it is possible to link together information and approaches addressing specific articles and thereby compare them. Organisations can take advantage of this by linking queries and results directly to the relevant text, thereby making it possible to record and measure their solutions for compliance towards specific obligations. GDPR text extensions (GDPRtEXT) uses the European Legislation Identifier (ELI) ontology published by the European Publications Office for exposing the GDPR as linked data. The dataset is published using DCAT and includes an online webpage with HTML id attributes for each article and its subpoints. A SKOS vocabulary is provided that links concepts with the relevant text in GDPR. To demonstrate how related legislations can be linked to highlight changes between them for reusing existing approaches, we provide a mapping from Data Protection Directive (DPD), which was the previous data protection law, to GDPR showing the nature of changes between the two legislations. We also discuss in brief the existing corpora of research that can benefit from the adoption of this resource.

show abstract

Using Ontologies to Model Data Protection Requirements in Workflows

Cited by 22 publications

References 24 publications

Towards Legal Compliance by Correlating Standards and Laws with a Semi-automated Methodology

Towards Legal Compliance by Correlating Standards and Laws with a Semi-automated Methodology

Software Testing Techniques Revisited for OWL Ontologies

GDPRtEXT - GDPR as a Linked Data Resource

Contact Info

Product

Resources

About