28,143 research outputs found
Design Challenges for GDPR RegTech
The Accountability Principle of the GDPR requires that an organisation can
demonstrate compliance with the regulations. A survey of GDPR compliance
software solutions shows significant gaps in their ability to demonstrate
compliance. In contrast, RegTech has recently brought great success to
financial compliance, resulting in reduced risk, cost saving and enhanced
financial regulatory compliance. It is shown that many GDPR solutions lack
interoperability features such as standard APIs, meta-data or reports and they
are not supported by published methodologies or evidence to support their
validity or even utility. A proof of concept prototype was explored using a
regulator based self-assessment checklist to establish if RegTech best practice
could improve the demonstration of GDPR compliance. The application of a
RegTech approach provides opportunities for demonstrable and validated GDPR
compliance, notwithstanding the risk reductions and cost savings that RegTech
can deliver. This paper demonstrates a RegTech approach to GDPR compliance can
facilitate an organisation meeting its accountability obligations
PriCL: Creating a Precedent A Framework for Reasoning about Privacy Case Law
We introduce PriCL: the first framework for expressing and automatically
reasoning about privacy case law by means of precedent. PriCL is parametric in
an underlying logic for expressing world properties, and provides support for
court decisions, their justification, the circumstances in which the
justification applies as well as court hierarchies. Moreover, the framework
offers a tight connection between privacy case law and the notion of norms that
underlies existing rule-based privacy research. In terms of automation, we
identify the major reasoning tasks for privacy cases such as deducing legal
permissions or extracting norms. For solving these tasks, we provide generic
algorithms that have particularly efficient realizations within an expressive
underlying logic. Finally, we derive a definition of deducibility based on
legal concepts and subsequently propose an equivalent characterization in terms
of logic satisfiability.Comment: Extended versio
Privacy in an Ambient World
Privacy is a prime concern in today's information society. To protect\ud
the privacy of individuals, enterprises must follow certain privacy practices, while\ud
collecting or processing personal data. In this chapter we look at the setting where an\ud
enterprise collects private data on its website, processes it inside the enterprise and\ud
shares it with partner enterprises. In particular, we analyse three different privacy\ud
systems that can be used in the different stages of this lifecycle. One of them is the\ud
Audit Logic, recently introduced, which can be used to keep data private when it\ud
travels across enterprise boundaries. We conclude with an analysis of the features\ud
and shortcomings of these systems
Legal compliance by design (LCbD) and through design (LCtD) : preliminary survey
1st Workshop on Technologies for Regulatory Compliance co-located with the 30th International Conference on Legal Knowledge and Information Systems (JURIX 2017). The purpose of this paper is twofold: (i) carrying out a preliminary survey of the literature and research projects on Compliance by Design (CbD); and (ii) clarifying the double process of (a) extending business managing techniques to other regulatory fields, and (b) converging trends in legal theory, legal technology and Artificial Intelligence. The paper highlights the connections and differences we found across different domains and proposals. We distinguish three different policydriven types of CbD: (i) business, (ii) regulatory, (iii) and legal. The recent deployment of ethical views, and the implementation of general principles of privacy and data protection lead to the conclusion that, in order to appropriately define legal compliance, Compliance through Design (CtD) should be differentiated from CbD
Towards a Semantic-based Approach for Modeling Regulatory Documents in Building Industry
Regulations in the Building Industry are becoming increasingly complex and
involve more than one technical area. They cover products, components and
project implementation. They also play an important role to ensure the quality
of a building, and to minimize its environmental impact. In this paper, we are
particularly interested in the modeling of the regulatory constraints derived
from the Technical Guides issued by CSTB and used to validate Technical
Assessments. We first describe our approach for modeling regulatory constraints
in the SBVR language, and formalizing them in the SPARQL language. Second, we
describe how we model the processes of compliance checking described in the
CSTB Technical Guides. Third, we show how we implement these processes to
assist industrials in drafting Technical Documents in order to acquire a
Technical Assessment; a compliance report is automatically generated to explain
the compliance or noncompliance of this Technical Documents
Machine Understandable Policies and GDPR Compliance Checking
The European General Data Protection Regulation (GDPR) calls for technical
and organizational measures to support its implementation. Towards this end,
the SPECIAL H2020 project aims to provide a set of tools that can be used by
data controllers and processors to automatically check if personal data
processing and sharing complies with the obligations set forth in the GDPR. The
primary contributions of the project include: (i) a policy language that can be
used to express consent, business policies, and regulatory obligations; and
(ii) two different approaches to automated compliance checking that can be used
to demonstrate that data processing performed by data controllers / processors
complies with consent provided by data subjects, and business processes comply
with regulatory obligations set forth in the GDPR
- …