Machine Understandable Policies and GDPR Compliance Checking

• URL: http://arxiv.org/abs/2001.08930v1
• Date: Fri, 24 Jan 2020 09:41:47 GMT
• Title: Machine Understandable Policies and GDPR Compliance Checking
• Authors: Piero A. Bonatti, Sabrina Kirrane, Iliana M. Petrova, Luigi Sauro
• Abstract summary: Towards SPECIAL H2020 project aims to provide a set of tools that can be used by data controllers that automatically check if personal data sharing complies with obligations set forth with obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with regulatory obligations set forth with
• Score: 9.032680855473986
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The European General Data Protection Regulation (GDPR) calls for technical and organizational measures to support its implementation. Towards this end, the SPECIAL H2020 project aims to provide a set of tools that can be used by data controllers and processors to automatically check if personal data processing and sharing complies with the obligations set forth in the GDPR. The primary contributions of the project include: (i) a policy language that can be used to express consent, business policies, and regulatory obligations; and (ii) two different approaches to automated compliance checking that can be used to demonstrate that data processing performed by data controllers / processors complies with consent provided by data subjects, and business processes comply with regulatory obligations set forth in the GDPR.

Related papers

• RegNLP in Action: Facilitating Compliance Through Automated Information Retrieval and Answer Generation [51.998738311700095]
  Regulatory documents, characterized by their length, complexity and frequent updates, are challenging to interpret. RegNLP is a multidisciplinary subfield aimed at simplifying access to and interpretation of regulatory rules and obligations. ObliQA dataset contains 27,869 questions derived from the Abu Dhabi Global Markets (ADGM) financial regulation document collection.
  arXiv  Detail & Related papers  (2024-09-09T14:44:19Z)
• Towards an Enforceable GDPR Specification [49.1574468325115]
  Privacy by Design (PbD) is prescribed by modern privacy regulations such as the EU's. One emerging technique to realize PbD is enforcement (RE) We present a set of requirements and an iterative methodology for creating formal specifications of legal provisions.
  arXiv  Detail & Related papers  (2024-02-27T09:38:51Z)
• A Multi-solution Study on GDPR AI-enabled Completeness Checking of DPAs [3.1002416427168304]
  General Data Protection Regulation (DPA) requires a data processing agreement (DPA) which regulates processing and ensures personal data remains protected. Checking completeness of DPA according to prerequisite provisions is therefore an essential to ensure that requirements are complete. We propose an automation strategy to address the completeness checking of DPAs against stipulated provisions.
  arXiv  Detail & Related papers  (2023-11-23T10:05:52Z)
• Legal Requirements Analysis [2.3349787245442966]
  We explore a variety of methods for analyzing legal requirements and exemplify them on representations. We describe possible alternatives for creating machine-analyzable representations from regulations.
  arXiv  Detail & Related papers  (2023-11-23T09:31:57Z)
• The Design and Implementation of a National AI Platform for Public Healthcare in Italy: Implications for Semantics and Interoperability [62.997667081978825]
  The Italian National Health Service is adopting Artificial Intelligence through its technical agencies. Such a vast programme requires special care in formalising the knowledge domain. Questions have been raised about the impact that AI could have on patients, practitioners, and health systems.
  arXiv  Detail & Related papers  (2023-04-24T08:00:02Z)
• NLP-based Automated Compliance Checking of Data Processing Agreements against GDPR [9.022562906627991]
  We propose an automated solution to check compliance of a given DPA against the "shall" requirements. Our approach correctly finds 618 out of 750 genuine violations while raising 76 false violations, and further correctly identifies 524 satisfied requirements.
  arXiv  Detail & Related papers  (2022-09-20T13:50:58Z)
• Relational Action Bases: Formalization, Effective Safety Verification, and Invariants (Extended Version) [67.99023219822564]
  We introduce the general framework of relational action bases (RABs) RABs generalize existing models by lifting both restrictions. We demonstrate the effectiveness of this approach on a benchmark of data-aware business processes.
  arXiv  Detail & Related papers  (2022-08-12T17:03:50Z)
• Learning to Limit Data Collection via Scaling Laws: Data Minimization Compliance in Practice [62.44110411199835]
  We build on literature in machine learning law to propose framework for limiting collection based on data interpretation that ties data to system performance. We formalize a data minimization criterion based on performance curve derivatives and provide an effective and interpretable piecewise power law technique.
  arXiv  Detail & Related papers  (2021-07-16T19:59:01Z)
• Compliance Generation for Privacy Documents under GDPR: A Roadmap for Implementing Automation and Machine Learning [2.1485350418225244]
  Privatech project focuses on corporations and law firms as agents of compliance. Data processors must implement accountability measures to assess and document compliance. We provide a roadmap for compliance assessment and generation by identifying compliance issues.
  arXiv  Detail & Related papers  (2020-12-23T14:46:51Z)
• GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
  We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
  arXiv  Detail & Related papers  (2020-05-04T22:01:46Z)
• The SPECIAL-K Personal Data Processing Transparency and Compliance Platform [0.1385411134620987]
  SPECIAL EU H 2020 project can be used to represent data policies and data and events sharing. System can verify that data processing and sharing complies with the data subjects consent.
  arXiv  Detail & Related papers  (2020-01-26T14:30:09Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.