Hybrid Refining Approach of PrOnto Ontology

This paper presents a refinement of PrOnto ontology using a validation test based on legal experts’ annotation of privacy policies combined with an Open Knowledge Extraction (OKE) algorithm. To ensure robustness of the results while preserving an interdisciplinary approach, the integration of legal and technical knowledge has been carried out as follows. The set of privacy policies was first analysed by the legal experts to discover legal concepts and map the text into PrOnto. The mapping was then provided to computer scientists to perform the OKE analysis. Results were validated by the legal experts, who provided feedbacks and refinements (i.e. new classes and modules) of the ontology according to MeLOn methodology. Three iterations were performed on a set of (development) policies, and a final test using a new set of privacy policies. The results are 75,43% of detection of concepts in the policy texts and an increase of roughly 33% in the accuracy gain on the test set, using the new refined version of PrOnto enriched with SKOS-XL lexicon terms and definitions

Privacy-aware Linked Widgets

The European General Data Protection Regulation (GDPR) brings new challenges for companies, who must demonstrate that their systems and business processes comply with usage constraints specified by data subjects. However, due to the lack of standards, tools, and best practices, many organizations struggle to adapt their infrastructure and processes to ensure and demonstrate that all data processing is in compliance with users' given consent. The SPECIAL EU H2020 project has developed vocabularies that can formally describe data subjects' given consent as well as methods that use this description to automatically determine whether processing of the data according to a given policy is compliant with the given consent. Whereas this makes it possible to determine whether processing was compliant or not, integration of the approach into existing line of business applications and ex-ante compliance checking remains an open challenge. In this short paper, we demonstrate how the SPECIAL consent and compliance framework can be integrated into Linked Widgets, a mashup platform, in order to support privacy-aware ad-hoc integration of personal data. The resulting environment makes it possible to create data integration and processing workflows out of components that inherently respect usage policies of the data that is being processed and are able to demonstrate compliance. We provide an overview of the necessary meta data and orchestration towards a privacy-aware linked data mashup platform that automatically respects subjects' given consents. The evaluation results show the potential of our approach for ex-ante usage policy compliance checking within the Linked Widgets Platforms and beyond

How to be FAIR with your data

This handbook was written and edited by a group of about 40 collaborators in a series of six book sprints that took place between 1 and 10 June 2021. It aims to support higher education institutions with the practical implementation of content relating to the FAIR principles in their curricula, while also aiding teaching by providing practical material, such as competence profiles, learning outcomes, lesson plans, and supporting information. It incorporates community feedback received during the public consultation which ran from 27 July to 12 September 2021

Building a data processing activities catalog: representing heterogeneous compliance-related information for GDPR using DCAT-AP and DPV

This paper describes a new semantic metadata-based approach to describing and integrating diverse data processing activity descriptions gathered from heterogeneous organisational sources such as departments, divisions, and external processors. This information must be collated to assess and document GDPR legal compliance, such as creating a Register of Processing Activities (ROPA). Most GDPR knowledge graph research to date has focused on developing detailed compliance graphs. However, many organisations already have diverse data collection tools for documenting data processing activities, and this heterogeneity is likely to grow in the future. We provide a new approach extending the well-known DCAT-AP standard utilising the data privacy vocabulary (DPV) to express the concepts necessary to complete a ROPA. This approach enables data catalog implementations to merge and federate the metadata for a ROPA without requiring full alignment or merging all the underlying data sources. To show our approach's feasibility, we demonstrate a deployment use case and develop a prototype system based on diverse data processing records and a standard set of SPARQL queries for a Data Protection Officer preparing a ROPA to monitor compliance. Our catalog's key benefits are that it is a lightweight, metadata-level integration point with a low cost of compliance information integration, capable of representing processing activities from heterogeneous sources

Frequent Use Cases Extraction from Legal Texts in the Data Protection Domain

Because of the recent entry into force of the General Data Protection Regulation (GDPR), a growing of documents issued by the European Union institutions and authorities often mention and discuss various use cases to be handled to comply with GDPR principles. This contribution addresses the problem of extracting recurrent use cases from legal documents belonging to the data protection domain by exploiting existing Ontology Design Patterns (ODPs). An analysis of ODPs that could be looked for inside data protection related documents is provided. Moreover, a first insight on how Natural Language Processing techniques could be exploited to identify recurrent ODPs from legal texts is presented. Thus, the proposed approach aims to identify standard use cases in the data protection field at EU level to promote the reuse of existing formalisations of knowledge

Just-in-time" generation of datasets by considering structured representations of given consent for GDPR compliance

peer reviewe

How to be FAIR with your data

This handbook was written and edited by a group of about 40 collaborators in a series of six book sprints that took place between 1 and 10 June 2021. It aims to support higher education institutions with the practical implementation of content relating to the FAIR principles in their curricula, while also aiding teaching by providing practical material, such as competence profiles, learning outcomes, lesson plans, and supporting information. It incorporates community feedback received during the public consultation which ran from 27 July to 12 September 2021

An ontology for the south african protection of personal information act

The protection and management of data, and especially personal information, is becoming an issue of critical importance in both the business environment and in general society. Various institutions have justifiable reasons to gather the personal information of individuals but they are required to comply with any legislation involving the processing of such data. Organisations thus face legal and other repercussions should personal information be breached or treated negligently. Most countries have adopted privacy and data protection laws or are in the process of enacting such laws. In South Africa, the Protection of Privacy Information Act (POPIA) was formally adopted in 2013 but it is yet to be implemented. When the implementation of the Act is announced, role players (responsible parties and data subjects) affected by POPIA will have a grace period of a year to become compliant and/or understand how the Act will affect them. One example of a mandate that follows from POPIA is data breach notification. This paper presents the development of a prototype ontology on POPIA to promote transparency and education of affected data subjects and organisations including government departments. The ontology provides a semantic representation of a knowledge base for the regulations in the POPIA and how it affects these role players

European (energy) data exchange reference architecture 3.0

This is the third version of Data Exchange Reference Architecture – DERA 3.0. BRIDGE report on energy data exchange reference architecture aims at contributing to the discussion and practical steps towards truly interoperable and business process agnostic data exchange arrangements on European scale both inside energy domain and across different domains.DERA 3.0Recommendations related to the implementation of DERA:A. Leverage Smart Grid Architecture Model (SGAM) usage by completing it with data governance requirements, specifically from end-customer perspective, and map it to the reference architectures of other sectors (similar to the RAMI4.0 for industry – Reference Architecture Model Industrie 4.0; and CREATE-IoT 3D RAM for health – Reference Architecture Model of CREATE-IoT project), incl. for basic interoperability vocabulary with non-energy sectors.B. Facilitate European strategy, regulation (harmonisation of national regulations) and practical tools for cross-sector exchange of any type of both private data and public data, e.g. through reference models for data space, common data governance and data interoperability implementing acts.C. Ensure cooperation between appropriate associations, countries and sector representatives to work on cross-sector and cross-border data management by establishing European data cooperation agency. This involves ongoing empowering/restructuring of the Data Management WG of the BRIDGE Initiative to engage other sectors and extend cooperation with projects that are not EU-funded and with European Standardisation Organisations (CEN-CENELEC-ETSI).D. Harmonise the development, content and accessibility of data exchange business use cases for cross-sector domain through BRIDGE use case repository. Track tools that identify common features on use cases, e.g. interfaces between sectors, and enable the alignment with any potential peer repositories for other domains. Also, the use case repository must rely on the HEMRM with additional roles created by some projects or roles coming from other associations (related to another sector than the electricity/energy sector).E. Use BRIDGE use case repository for aligning the role selection. Harmonise data roles across electricity and other energy domains by developing HERM – Harmonised Energy Role Model and ensure access to model files. Look for consistency with other domains outside energy based on this HERM – cross-sectoral roles. Harmonised EnergyData EndpointsData SpaceConnectorData ProcessingStandard CommunicationProtocols& FormatsData HarmonizationData PersistanceVocabularyProviderCredentialManagerIdentityManagerMonitoring& OrchestrationData DiscoveryData IndexerLocal AI/ML ServicesDigital TwinsMarketplace BackendStandard CommunicationProtocols& FormatsMarketplace FrontendFederatedUse Cases and Business needsLocal Use Cases and Business needsEnergy RegulationEU Re-gulationActorsBusinessFunctionInformationComp.CommsNon-personal dataSecurity/ResilienceUserAcceptanceSovereigntyOpen SourceInteroperabilityLocalFederatedInteroperabilityTrustData valueGovernance9DATA MANAGEMENT WORKING GROUPEuropean (energy) data exchange reference architecture 3.0Role Model shall have clear implications and connections with data (space) roles such as data provider/consumer, service provider etc.F. Define and harmonise functional data processes for cross-sector domain, using common vocabulary, template and repository for respective use cases’ descriptions. Harmonisation of functional data processes for cross-sector data ecosystems including Vocabulary provider, Federated catalogue, Data quality, Data accounting processes, Clearing process (audit, logging, etc.) and Data tracking and provenance.G. Define and maintain a common reference semantic data model, and ensure access to its model files facilitating cross-sector data exchange, by leveraging existing data models like Common Information Model (CIM) of International Electrotechnical Commission (IEC) and ontologies like Smart Appliances Reference Ontology (SAREF).H. Develop cross-sector data models and profiles, with specific focus on private data exchange. Enable open access to model files whenever possible.I. Ensure protocol agnostic approach to cross-sector data exchange by selecting standardised and open ones.J. Ensure data format agnostic approach to cross-sector data exchange. The work done by projects like TDX-ASSIST and EU-SysFlex (using IEC CIM), and PLATOON (using SAREF) must be shared and made known to consolidate the approach in order to reach semantic interoperability. Metadata must also be taken into account.K. Promote business process agnostic DEPs (Data Exchange Platforms) and make these interoperable by developing APIs (Application Programming Interfaces) which enable for data providers and data users easy connection to any European DEP but also create the possibility whereby connecting to one DEP ensures data exchange with any other stakeholder in Europe. DEPs shall explore the integration of data space connectors towards their connectivity with other DEPs including cross-sector ones.L. Develop universal data applications which can serve any domain. Develop open data driven services that promote also cross-sector integration collectively available in application repositories.Possible next steps (“sub-actions”) for 2023/2024:➢ Release BRIDGE Federated Service Catalogue tool and associated process.➢ Release DERA interactive visualisation tool.➢ Follow up the implementation of DERA 3.0 in BRIDGE projects (mapping to DERA)➢ Update recommendations to comply with DERA 3.0.➢ Develop / enhance the “data role model”