Extending Business Process Management for Regulatory Transparency

• URL: http://arxiv.org/abs/2406.09960v1
• Date: Fri, 14 Jun 2024 12:08:34 GMT
• Title: Extending Business Process Management for Regulatory Transparency
• Authors: Jannis Kiesel, Elias Grünewald,
• Abstract summary: We bridge the gap between business processes and application systems by providing a plug-in extension to BPMN featuring regulatory transparency information. We leverage process mining techniques to discover and analyze personal data flows in business processes.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Ever-increasingly complex business processes are enabled by loosely coupled cloud-native systems. In such fast-paced development environments, data controllers face the challenge of capturing and updating all personal data processing activities due to considerable communication overhead between development teams and data protection staff. To date, established business process management methods generate valuable insights about systems, however, they do not account for all regulatory transparency obligations. For instance, data controllers need to record all information about data categories, legal purpose specifications, third-country transfers, etc. Therefore, we propose to bridge the gap between business processes and application systems by providing three contributions that assist in modeling, discovering, and checking personal data transparency through a process-oriented perspective. We enable transparency modeling for relevant business activities by providing a plug-in extension to BPMN featuring regulatory transparency information. Furthermore, we utilize event logs to record regulatory transparency information in realistic cloud-native systems. On this basis, we leverage process mining techniques to discover and analyze personal data flows in business processes, e.g., through transparency conformance checking. We design and implement prototypes for all contributions, emphasizing the appropriate integration and modeling effort required to create business-process-oriented transparency. Altogether, we connect current business process engineering techniques with regulatory needs as imposed by the GDPR and other legal frameworks.

Related papers

• Trusted Execution Environment for Decentralized Process Mining [1.6686882054452727]
  We introduce CONFINE, a novel approach that unlocks process mining on multiple actors' process event data. We show the feasibility of our solution by showcasing its application to a healthcare scenario.
  arXiv  Detail & Related papers  (2023-12-19T12:30:13Z)
• Towards Cross-Provider Analysis of Transparency Information for Data Protection [0.0]
  This paper presents a novel approach to enable large-scale transparency information analysis across service providers. We provide the general approach for advanced transparency information analysis, an open source architecture and implementation in the form of a queryable analysis platform. Future work can build upon our contributions to gain more insights into so-far hidden data-sharing practices.
  arXiv  Detail & Related papers  (2023-09-01T10:36:09Z)
• Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems [0.0]
  Transparency is one of the most important principles of modern privacy regulations. Data controllers must provide data subjects with precise information about the collection, processing, storage, and transfer of personal data.
  arXiv  Detail & Related papers  (2023-06-04T22:09:42Z)
• Enabling Versatile Privacy Interfaces Using Machine-Readable Transparency Information [0.0]
  We argue that privacy shall incorporate the context of display, personal preferences, and individual competences of data subjects. We provide a general model of how transparency information can be provided from a data controller to data subjects. We show how transparency can be enhanced using machine-readable transparency information and how data controllers can meet respective regulatory obligations.
  arXiv  Detail & Related papers  (2023-02-21T20:40:26Z)
• Relational Action Bases: Formalization, Effective Safety Verification, and Invariants (Extended Version) [67.99023219822564]
  We introduce the general framework of relational action bases (RABs) RABs generalize existing models by lifting both restrictions. We demonstrate the effectiveness of this approach on a benchmark of data-aware business processes.
  arXiv  Detail & Related papers  (2022-08-12T17:03:50Z)
• Nemo: Guiding and Contextualizing Weak Supervision for Interactive Data Programming [77.38174112525168]
  We present Nemo, an end-to-end interactive Supervision system that improves overall productivity of WS learning pipeline by an average 20% (and up to 47% in one task) compared to the prevailing WS supervision approach.
  arXiv  Detail & Related papers  (2022-03-02T19:57:32Z)
• Learning to Limit Data Collection via Scaling Laws: Data Minimization Compliance in Practice [62.44110411199835]
  We build on literature in machine learning law to propose framework for limiting collection based on data interpretation that ties data to system performance. We formalize a data minimization criterion based on performance curve derivatives and provide an effective and interpretable piecewise power law technique.
  arXiv  Detail & Related papers  (2021-07-16T19:59:01Z)
• CoCoMoT: Conformance Checking of Multi-Perspective Processes via SMT (Extended Version) [62.96267257163426]
  We introduce the CoCoMoT (Computing Conformance Modulo Theories) framework. First, we show how SAT-based encodings studied in the pure control-flow setting can be lifted to our data-aware case. Second, we introduce a novel preprocessing technique based on a notion of property-preserving clustering.
  arXiv  Detail & Related papers  (2021-03-18T20:22:50Z)
• Dimensions of Transparency in NLP Applications [64.16277166331298]
  Broader transparency in descriptions of and communication regarding AI systems is widely considered desirable. Previous work has suggested that a trade-off exists between greater system transparency and user confusion.
  arXiv  Detail & Related papers  (2021-01-02T11:46:17Z)
• TILT: A GDPR-Aligned Transparency Information Language and Toolkit for Practical Privacy Engineering [0.0]
  TILT is a transparency information language and toolkit designed to represent and process transparency information. We provide a detailed analysis of transparency obligations to identify the required for a formal transparency language. On this basis, we specify our formal language and present a respective, fully implemented toolkit.
  arXiv  Detail & Related papers  (2020-12-18T18:45:04Z)
• Petri Nets with Parameterised Data: Modelling and Verification (Extended Version) [67.99023219822564]
  We introduce and study an extension of coloured Petri nets, called catalog-nets, providing two key features to capture this type of processes. We show that fresh-value injection is a particularly complex feature to handle, and discuss strategies to tame it.
  arXiv  Detail & Related papers  (2020-06-11T17:26:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.