3 research outputs found
Socially-critical software systems: Is extended regulation required?
Data has become a prevailing aspect of our daily lives, becoming ever more present since the beginning of the 21st century. It is a commodity in today’s world and the amount of data being produced has increased enormously. One of the major ways data is produced and collected is from the use of websites and web-based applications. This data is later used for many different purposes. This paper presents findings from a multivocal literature review, exploring the methods of how this data is collected, what the data is used for once it has been collected, the ethics of data and its collection, and the future of data collection. Among the possible futures, we introduce the concept of socially-critical applications, where data harvesting in web-based applications might require premarket disclosure and evaluation by notified bodies (instructed by regulation) as a means to break the existing cycle of technology companies outpacing under resourced and ill-equipped regulators. Rather than regulators continually falling short of enacting laws to satisfy the common good, a new class of socially-critical application could be created in law to permit pre-market evaluation of applications (or versions of applications) that could undermine or interrupt the common good
DPCat: Specification for an interoperable and machine-readable data processing catalogue based on GDPR
The GDPR requires Data Controllers and Data Protection Officers (DPO) to maintain a
Register of Processing Activities (ROPA) as part of overseeing the organisation’s compliance processes.
The ROPA must include information from heterogeneous sources such as (internal) departments with
varying IT systems and (external) data processors. Current practices use spreadsheets or proprietary
systems that lack machine-readability and interoperability, presenting barriers to automation. We
propose the Data Processing Catalogue (DPCat) for the representation, collection and transfer of
ROPA information, as catalogues in a machine-readable and interoperable manner. DPCat is based
on the Data Catalog Vocabulary (DCAT) and its extension DCAT Application Profile for data portals
in Europe (DCAT-AP), and the Data Privacy Vocabulary (DPV). It represents a comprehensive
semantic model developed from GDPR’s Article and an analysis of the 17 ROPA templates from
EU Data Protection Authorities (DPA). To demonstrate the practicality and feasibility of DPCat,
we present the European Data Protection Supervisor’s (EDPS) ROPA documents using DPCat,
verify them with SHACL to ensure the correctness of information based on legal and contextual
requirements, and produce reports and ROPA documents based on DPA templates using SPARQL.
DPCat supports a data governance process for data processing compliance to harmonise inputs from
heterogeneous sources to produce dynamic documentation that can accommodate differences in
regulatory approaches across DPAs and ease investigative burdens toward efficient enforcement
Semantic Systems. The Power of AI and Knowledge Graphs
This open access book constitutes the refereed proceedings of the 15th International Conference on Semantic Systems, SEMANTiCS 2019, held in Karlsruhe, Germany, in September 2019. The 20 full papers and 8 short papers presented in this volume were carefully reviewed and selected from 88 submissions. They cover topics such as: web semantics and linked (open) data; machine learning and deep learning techniques; semantic information management and knowledge integration; terminology, thesaurus and ontology management; data mining and knowledge discovery; semantics in blockchain and distributed ledger technologies