Proposal of a legal framework through the development of new domain specific languages (DSL) in compliance with GDPR

The adaptation of company processes to the EU Regulation represents a major opportunity to review, update and improve the internal processes and management tools used. The loss of data, in most cases, causes serious damage to the image and very often the total closure of the company. The legislation therefore represents an opportunity and a stimulus to verify the management methods applied, to define an organizational model and a code of conduct (policies, processes, rules / provisions and controls) capable of improving internal processes, defining and achieving desired objectives, ensure data and systems protection with proper risk management and assessment. This paper presents the principles of the LegalRuleML applied to the legal domain like General Data Protection Regulation (GDPR) and discusses reasons that LegalRuleML is convenient for modeling norms. We need to understand why it is important to develop a specific domain language that refers to internal GDPR privacy consulting and BPM mapping. LegalRuleML allows inconsistent renditions of a legal source to coexist in the same LegalRuleML document and provides functionality to identify and select interpretations

Compliance checking in reified IO logic via SHACL

Reified Input/Output (I/O) logic[21] has been recently proposed to model real-world norms in terms of the logic in [11]. This is massively grounded on the notion of reification, and it has specifically designed to model meaning of natural language sentences, such as the ones occurring in existing legislation. This paper presents a methodology to carry out compliance checking on reified I/O logic formulae. These are translated in SHACL (Shapes Constraint Language) shapes, a recent W3C recommendation to validate and reason with RDF triplestores. Compliance checking is then enforced by validating RDF graphs describing states of affairs with respect to these SHACL shapes

On the Optimized Utilization of Smart Contracts in DLTs from the Perspective of Legal Representation and Legal Reasoning

Smart contracts are computer programs stored in blockchain which open a wide range of applications but also raise some important issues. When we convert traditional legal contracts written in natural language into smart contracts written in lines of code, problems will arise. Translation errors will exist in the process of conversion since the law in natural language is ambiguous and imprecise, full of conflicts, and the emergence of new evidence may influence the processing of reasoning. This research project has three purposes: the first aims at the resolution of these problems from logic and technical perspective to develop the accuracy and human-readability of smart contracts, by exploring a more novel and advanced logic-based language to represent legal contracts, and analyzing an extended argumentation framework with rich expressiveness; the second purpose is to investigate various existing technologies like Akoma Ntoso and Legal- RuleML, making the legal knowledge and reasoning machine-readable and be linked with the real world; third, to investigate the implementation of a mature multi-agent system incorporating the software agents with sensing, inferring, learning, decision-making and social abilities that can be fitted onto DLTs

Modelling legal knowledge for GDPR compliance checking

In the last fifteen years, Semantic Web technologies have been successfully applied to the legal domain. By composing all those techniques and theoretical methods, we propose an integrated framework for modelling legal documents and legal knowledge to support legal reasoning, in particular checking compliance. This paper presents a proof-of-concept applied to the GDPR domain, with the aim to detect infringements of privacy compulsory norms or to prevent possible violations using BPMN and Regorous engine

Legal compliance by design (LCbD) and through design (LCtD) : preliminary survey

1st Workshop on Technologies for Regulatory Compliance co-located with the 30th International Conference on Legal Knowledge and Information Systems (JURIX 2017). The purpose of this paper is twofold: (i) carrying out a preliminary survey of the literature and research projects on Compliance by Design (CbD); and (ii) clarifying the double process of (a) extending business managing techniques to other regulatory fields, and (b) converging trends in legal theory, legal technology and Artificial Intelligence. The paper highlights the connections and differences we found across different domains and proposals. We distinguish three different policydriven types of CbD: (i) business, (ii) regulatory, (iii) and legal. The recent deployment of ethical views, and the implementation of general principles of privacy and data protection lead to the conclusion that, in order to appropriately define legal compliance, Compliance through Design (CtD) should be differentiated from CbD

Spent convictions and the architecture for establishing legal semantic workflows

This research was partially funded by the Data to Decisions Cooperative Research Centre (D2D CRC, Australia), and Meta-Rule of Law (DER2016- 78108-P, Spain)Operating within the Data to Decision Cooperative Research Centre (D2D CRC), the authors are currently involved in the Integrated Law Enforcement program and the Compliance through Design project. These have the goal of developing a federated data platform for law enforcement agencies that will enable the execution of integrated analytics on data accessed from different external and internal sources, thereby providing effective support to an investigator or analyst working to evaluate evidence and manage lines of inquiries in an investigation. Technical solutions should also operate ethically, in compliance with the law and subject to good governance principles. This paper is focused on the Australian spent convictions scheme, which provide use cases to test the platform

Machine Understandable Policies and GDPR Compliance Checking

The European General Data Protection Regulation (GDPR) calls for technical and organizational measures to support its implementation. Towards this end, the SPECIAL H2020 project aims to provide a set of tools that can be used by data controllers and processors to automatically check if personal data processing and sharing complies with the obligations set forth in the GDPR. The primary contributions of the project include: (i) a policy language that can be used to express consent, business policies, and regulatory obligations; and (ii) two different approaches to automated compliance checking that can be used to demonstrate that data processing performed by data controllers / processors complies with consent provided by data subjects, and business processes comply with regulatory obligations set forth in the GDPR