How to Manage My Data? With Machine--Interpretable GDPR Rights!

• URL: http://arxiv.org/abs/2412.15451v1
• Date: Thu, 19 Dec 2024 23:09:17 GMT
• Title: How to Manage My Data? With Machine--Interpretable GDPR Rights!
• Authors: Beatriz Esteves, Harshvardhan J. Pandit, Georg P. Krog, Paul Ryan,
• Abstract summary: The EU is a landmark regulation that introduced several rights for individuals to obtain information and control how their personal data is being processed.<n>There are gaps in the effective use of rights due to each organisation developing custom methods for rights declaration and management.<n>We present a specification for exercising and managing rights in a machine-interpretable format based on semantic web standards.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The EU GDPR is a landmark regulation that introduced several rights for individuals to obtain information and control how their personal data is being processed, as well as receive a copy of it. However, there are gaps in the effective use of rights due to each organisation developing custom methods for rights declaration and management. Simultaneously, there is a technological gap as there is no single consistent standards-based mechanism that can automate the handling of rights for both organisations and individuals. In this article, we present a specification for exercising and managing rights in a machine-interpretable format based on semantic web standards. Our approach uses the comprehensive Data Privacy Vocabulary to create a streamlined workflow for individuals to understand what rights exist, how and where to exercise them, and for organisations to effectively manage them. This work pushes the state of the art in GDPR rights management and is crucial for data reuse and rights management under technologically intensive developments, such as Data Spaces.

Related papers

• Towards Post-mortem Data Management Principles for Generative AI [0.0]
  Foundation models, large language models (LLMs), and agentic AI systems rely heavily on vast corpora of user data.<n>The use of such data for training has raised persistent concerns around ownership, copyright, and potential harms.<n>We propose three post-mortem data management principles to guide the protection of deceased individuals data rights.
  arXiv  Detail & Related papers  (2025-09-09T03:50:00Z)
• Lawful and Accountable Personal Data Processing with GDPR-based Access and Usage Control in Distributed Systems [0.0]
  This paper proposes a case-generic method for automated normative reasoning that establishes legal arguments for the lawfulness of data processing activities. The arguments are established on the basis of case-specific legal qualifications made by privacy experts, bringing the human in the loop. The resulting system is designed and critically assessed in reference to requirements extracted from the GPDR.
  arXiv  Detail & Related papers  (2025-03-10T10:49:34Z)
• Developing an Ontology for AI Act Fundamental Rights Impact Assessments [0.0]
  The recently published EU Artificial Intelligence Act (AI Act) regulates the use of AI technologies. One of its novel requirements is the obligation to conduct a Fundamental Rights Impact Assessment (FRIA) We present our novel representation of the FRIA as an ontology based on semantic web standards.
  arXiv  Detail & Related papers  (2024-12-20T00:37:33Z)
• Towards an Enforceable GDPR Specification [49.1574468325115]
  Privacy by Design (PbD) is prescribed by modern privacy regulations such as the EU's. One emerging technique to realize PbD is enforcement (RE) We present a set of requirements and an iterative methodology for creating formal specifications of legal provisions.
  arXiv  Detail & Related papers  (2024-02-27T09:38:51Z)
• SoK: The Gap Between Data Rights Ideals and Reality [46.14715472341707]
  Do rights-based privacy laws effectively empower individuals over their data? This paper scrutinizes these approaches by reviewing empirical studies, news articles, and blog posts.
  arXiv  Detail & Related papers  (2023-12-03T21:52:51Z)
• A Multi-solution Study on GDPR AI-enabled Completeness Checking of DPAs [3.1002416427168304]
  General Data Protection Regulation (DPA) requires a data processing agreement (DPA) which regulates processing and ensures personal data remains protected. Checking completeness of DPA according to prerequisite provisions is therefore an essential to ensure that requirements are complete. We propose an automation strategy to address the completeness checking of DPAs against stipulated provisions.
  arXiv  Detail & Related papers  (2023-11-23T10:05:52Z)
• A new framework for global data regulation [0.0]
  We propose a regulatory framework designed to apply not to specific data or tools themselves, but to the outcomes and rights that are linked to the use of these data and tools in context. This framework is designed to recognize, address, and protect a broad range of human rights, including privacy.
  arXiv  Detail & Related papers  (2023-08-24T17:48:56Z)
• Advanced Data Protection Control (ADPC): An Interdisciplinary Overview [0.0]
  The Advanced Data Protection Control (ADPC) is a technical specification that can change the practice of Internet-based personal data protection and consenting. The ADPC supports humans in practicing their rights to privacy and agency by giving them more human-centric control over the processing of their personal data and consent.
  arXiv  Detail & Related papers  (2022-09-20T13:57:49Z)
• Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
  Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
  arXiv  Detail & Related papers  (2021-12-21T08:44:05Z)
• Dr.Aid: Supporting Data-governance Rule Compliance for Decentralized Collaboration in an Automated Way [7.744664716152106]
  Dr.Aid is a framework that helps individuals, organisations and federations comply with data rules. It encodes data-governance rules using a formal language and performs reasoning on data-flow graphs. We evaluate the model in three aspects by encoding real-life data-use policies from diverse fields.
  arXiv  Detail & Related papers  (2021-10-03T17:59:28Z)
• Learning to Limit Data Collection via Scaling Laws: Data Minimization Compliance in Practice [62.44110411199835]
  We build on literature in machine learning law to propose framework for limiting collection based on data interpretation that ties data to system performance. We formalize a data minimization criterion based on performance curve derivatives and provide an effective and interpretable piecewise power law technique.
  arXiv  Detail & Related papers  (2021-07-16T19:59:01Z)
• Second layer data governance for permissioned blockchains: the privacy management challenge [58.720142291102135]
  In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths. In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
  arXiv  Detail & Related papers  (2020-10-22T13:19:38Z)
• GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
  We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
  arXiv  Detail & Related papers  (2020-05-04T22:01:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.