Creating a Vocabulary for Data Privacy

Pandit, Harshvardhan J.; Polleres, Axel; Bos, Bert; Brennan, Rob; Bruegger, Bud P.; Ekaputra, Fajar J.; Fernández, Javier D.; Hamed, Roghaiyeh Gachpaz; Kiesling, Elmar; Lizar, Mark; Schlehahn, Eva; Steyskal, Simon; Wenning, Rigo

doi:10.1007/978-3-030-33246-4_44

Cited by 59 publications

(73 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We stated in the introduction that prior work relied on bespoke ontologies that we had developed. In this article, we have adopted the Data Privacy Vocabulary (DPV) [14], which is an initiative by the W3C Data Privacy Vocabularies and Controls Community Group to specify an ontology of terms for annotating personal data handling in the context of GDPR. As the community aims to standardize this vocabulary, we expect our proposed solution will have greater uptake by adopting and, extending this ontology as needed.…”

Section: Designmentioning

confidence: 99%

“…In November 2019, the W3C Data Privacy Vocabularies and Controls Community Group published the first version of their Data Privacy Vocabulary [14] or DPV. DPV is used to describe personal data handling.…”

Section: Representing Consent Informationmentioning

confidence: 99%

“…We retrieve consent information for a particular purpose using a SPARQL SELECT query (see Listing 9) upon the Consent Information Knowledge Base (whose information is structured according to the Consent Ontology). We ensure retrieving the most recent consent information for each user by removing those for which there is an instance of consent with a more recent date (lines [12][13][14][15][16][17]. We then filter out those consent instances which have been withdrawn and are not expired (lines [19][20][21][22][23][24].…”

Section: Using the Consent Ontologymentioning

confidence: 99%

“…• Integrate both approaches; • Introduce support for representing tabular data [11], thereby demonstrating its genericity; and • Adopt and extend the Data Privacy Vocabulary (DPV) [14] vocabulary rather than our bespoke ontologies to integrate the various data sources.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

“Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance

et al. 2020

Self Cite

View full text Add to dashboard Cite

Data processing is increasingly becoming the subject of various policies and regulations, such as the European General Data Protection Regulation (GDPR) that came into effect in May 2018. One important aspect of GDPR is informed consent, which captures one's permission for using one's personal information for specific data processing purposes. Organizations must demonstrate that they comply with these policies. The fines that come with non-compliance are of such importance that it has driven research in facilitating compliance verification. The state-of-the-art primarily focuses on, for instance, the analysis of prescriptive models and posthoc analysis on logs to check whether data processing is compliant to GDPR. We argue that GDPR compliance can be facilitated by ensuring datasets used in processing activities are compliant with consent from the very start. The problem addressed in this paper is how we can generate datasets that comply with given consent "just-in-time". We propose RDF and OWL ontologies to represent the consent that an organization has collected and its relationship with data processing purposes. We use this ontology to annotate schemas, allowing us to generate declarative mappings that transform (relational) data into RDF driven by the annotations. We furthermore demonstrate how we can create compliant datasets by altering the results of the mapping. The use of RDF and OWL allows us to implement the entire process in a declarative manner using SPARQL. We have integrated all components in a service that furthermore captures provenance information for each step, further contributing to the transparency that is needed towards facilitating compliance verification. We demonstrate the approach with a synthetic dataset simulating users (re-)giving, withdrawing, and rejecting their consent on data processing purposes of systems. In summary, it is argued that B Christophe Debruyne debruync@tcd.ie Harshvardhan J. Pandit 123 3616 C. Debruyne et al.the approach facilitates transparency and compliance verification from the start, reducing the need for posthoc compliance analysis common in the state-of-the-art.

show abstract

Section: Designmentioning

confidence: 99%

Section: Representing Consent Informationmentioning

confidence: 99%

Section: Using the Consent Ontologymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

“Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Personal data privacy interactions Agents must be designed to comply with existing regulations for data privacy (e.g., GDPR). In this regard, it is fundamental to consider semantic models representing personal data handling concepts, including consent, purpose, processing, legal basis, controllers, and recipients, among others [36]. Agents can, therefore, exchange patient trajectory data, only if consent requirements are met, and according to the legal constraints reflected with these semantic vocabularies.…”

Section: Negotiation In Trajectory Processingmentioning

confidence: 99%

Agent-based Modeling for Ontology-driven Analysis of Patient Trajectories

2020

View full text Add to dashboard Cite

Patients are often required to follow a medical treatment after discharge, e.g., for a chronic condition, rehabilitation after surgery, or for cancer survivor therapies. The need to adapt to new lifestyles, medication, and treatment routines, can produce an individual burden to the patient, who is often at home without the full support of healthcare professionals. Although technological solutions-in the form of mobile apps and wearables-have been proposed to mitigate these issues, it is essential to consider individual characteristics, preferences, and the context of a patient in order to offer personalized and effective support. The specific events and circumstances linked to an individual profile can be abstracted as a patient trajectory, which can contribute to a better understanding of the patient, her needs, and the most appropriate personalized support. Although patient trajectories have been studied for different illnesses and conditions, it remains challenging to effectively use them as the basis for data analytics methodologies in decentralized eHealth systems. In this work, we present a novel approach based on the multi-agent paradigm, considering patient trajectories as the cornerstone of a methodology for modelling eHealth support systems. In this design, semantic representations of individual treatment pathways are used in order to exchange patient-relevant information, potentially fed to AI systems for prediction and classification tasks. This paper describes the major challenges in this scope, as well as the design principles of the proposed agent-based architecture, including an example of its use through a case scenario for cancer survivors support. Keywords Patient trajectories • Semantic modeling • Agent-based modeling This article is part of the Topical Collection on Healthcare Intelligent Multi-Agent Systems (HIMAS2020)

show abstract

Personal Data Privacy Semantics in Multi-Agent Systems Interactions

Calvaresi

Schumacher

Calbimonte

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In recent years, we have witnessed the growth of applications relying on the use and processing of personal data, especially in the health and well-being domains. Users themselves produce these data (e.g., through self-reported data acquisition, or personal devices such as smartphones, smartwatches or other wearables). A key challenge in this context is to guarantee the protection of personal data privacy, respecting the rights of users for deciding about data reuse, consent to data processing and storage, anonymity conditions, or the right to withhold or delete personal data. With the enforcement of recent regulations in this domain, such as the GDPR, applications are required to guarantee compliance, challenging current practices for personal data management. In this paper, we address this problem in the context of decentralized personal data applications, which may need to interact and negotiate conditions of data processing and reuse. Following a distributed paradigm without a top-down organization, we propose an agent-based model in which personal data providers and data consumers are embedded into privacyaware agents capable of negotiating and coordinating data reuse, consent, and policies, using semantic vocabularies for privacy and provenance.

show abstract

Creating a Vocabulary for Data Privacy

Cited by 59 publications

References 4 publications

“Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance

“Just-in-time” generation of datasets by considering structured representations of given consent for GDPR compliance

Agent-based Modeling for Ontology-driven Analysis of Patient Trajectories

Personal Data Privacy Semantics in Multi-Agent Systems Interactions

Contact Info

Product

Resources

About