Cargando…
“Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance
Data processing is increasingly becoming the subject of various policies and regulations, such as the European General Data Protection Regulation (GDPR) that came into effect in May 2018. One important aspect of GDPR is informed consent, which captures one’s permission for using one’s personal infor...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer London
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7327958/ https://www.ncbi.nlm.nih.gov/pubmed/32647404 http://dx.doi.org/10.1007/s10115-020-01468-x |
| _version_ | 1783552660067057664 |
|---|---|
| author | Debruyne, Christophe Pandit, Harshvardhan J. Lewis, Dave O’Sullivan, Declan |
| author_facet | Debruyne, Christophe Pandit, Harshvardhan J. Lewis, Dave O’Sullivan, Declan |
| author_sort | Debruyne, Christophe |
| collection | PubMed |
| description | Data processing is increasingly becoming the subject of various policies and regulations, such as the European General Data Protection Regulation (GDPR) that came into effect in May 2018. One important aspect of GDPR is informed consent, which captures one’s permission for using one’s personal information for specific data processing purposes. Organizations must demonstrate that they comply with these policies. The fines that come with non-compliance are of such importance that it has driven research in facilitating compliance verification. The state-of-the-art primarily focuses on, for instance, the analysis of prescriptive models and posthoc analysis on logs to check whether data processing is compliant to GDPR. We argue that GDPR compliance can be facilitated by ensuring datasets used in processing activities are compliant with consent from the very start. The problem addressed in this paper is how we can generate datasets that comply with given consent “just-in-time”. We propose RDF and OWL ontologies to represent the consent that an organization has collected and its relationship with data processing purposes. We use this ontology to annotate schemas, allowing us to generate declarative mappings that transform (relational) data into RDF driven by the annotations. We furthermore demonstrate how we can create compliant datasets by altering the results of the mapping. The use of RDF and OWL allows us to implement the entire process in a declarative manner using SPARQL. We have integrated all components in a service that furthermore captures provenance information for each step, further contributing to the transparency that is needed towards facilitating compliance verification. We demonstrate the approach with a synthetic dataset simulating users (re-)giving, withdrawing, and rejecting their consent on data processing purposes of systems. In summary, it is argued that the approach facilitates transparency and compliance verification from the start, reducing the need for posthoc compliance analysis common in the state-of-the-art. |
| format | Online Article Text |
| id | pubmed-7327958 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | Springer London |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-73279582020-07-07 “Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance Debruyne, Christophe Pandit, Harshvardhan J. Lewis, Dave O’Sullivan, Declan Knowl Inf Syst Regular Paper Data processing is increasingly becoming the subject of various policies and regulations, such as the European General Data Protection Regulation (GDPR) that came into effect in May 2018. One important aspect of GDPR is informed consent, which captures one’s permission for using one’s personal information for specific data processing purposes. Organizations must demonstrate that they comply with these policies. The fines that come with non-compliance are of such importance that it has driven research in facilitating compliance verification. The state-of-the-art primarily focuses on, for instance, the analysis of prescriptive models and posthoc analysis on logs to check whether data processing is compliant to GDPR. We argue that GDPR compliance can be facilitated by ensuring datasets used in processing activities are compliant with consent from the very start. The problem addressed in this paper is how we can generate datasets that comply with given consent “just-in-time”. We propose RDF and OWL ontologies to represent the consent that an organization has collected and its relationship with data processing purposes. We use this ontology to annotate schemas, allowing us to generate declarative mappings that transform (relational) data into RDF driven by the annotations. We furthermore demonstrate how we can create compliant datasets by altering the results of the mapping. The use of RDF and OWL allows us to implement the entire process in a declarative manner using SPARQL. We have integrated all components in a service that furthermore captures provenance information for each step, further contributing to the transparency that is needed towards facilitating compliance verification. We demonstrate the approach with a synthetic dataset simulating users (re-)giving, withdrawing, and rejecting their consent on data processing purposes of systems. In summary, it is argued that the approach facilitates transparency and compliance verification from the start, reducing the need for posthoc compliance analysis common in the state-of-the-art. Springer London 2020-04-15 2020 /pmc/articles/PMC7327958/ /pubmed/32647404 http://dx.doi.org/10.1007/s10115-020-01468-x Text en © The Author(s) 2020 Open AccessThis article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/. |
| spellingShingle | Regular Paper Debruyne, Christophe Pandit, Harshvardhan J. Lewis, Dave O’Sullivan, Declan “Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance |
| title | “Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance |
| title_full | “Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance |
| title_fullStr | “Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance |
| title_full_unstemmed | “Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance |
| title_short | “Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance |
| title_sort | “just-in-time” generation of datasets by considering structured representations of given consent for gdpr compliance |
| topic | Regular Paper |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7327958/ https://www.ncbi.nlm.nih.gov/pubmed/32647404 http://dx.doi.org/10.1007/s10115-020-01468-x |
| work_keys_str_mv | AT debruynechristophe justintimegenerationofdatasetsbyconsideringstructuredrepresentationsofgivenconsentforgdprcompliance AT panditharshvardhanj justintimegenerationofdatasetsbyconsideringstructuredrepresentationsofgivenconsentforgdprcompliance AT lewisdave justintimegenerationofdatasetsbyconsideringstructuredrepresentationsofgivenconsentforgdprcompliance AT osullivandeclan justintimegenerationofdatasetsbyconsideringstructuredrepresentationsofgivenconsentforgdprcompliance |