Socially-critical software systems: Is extended regulation required?

Data has become a prevailing aspect of our daily lives, becoming ever more present since the beginning of the 21st century. It is a commodity in today’s world and the amount of data being produced has increased enormously. One of the major ways data is produced and collected is from the use of websites and web-based applications. This data is later used for many different purposes. This paper presents findings from a multivocal literature review, exploring the methods of how this data is collected, what the data is used for once it has been collected, the ethics of data and its collection, and the future of data collection. Among the possible futures, we introduce the concept of socially-critical applications, where data harvesting in web-based applications might require premarket disclosure and evaluation by notified bodies (instructed by regulation) as a means to break the existing cycle of technology companies outpacing under resourced and ill-equipped regulators. Rather than regulators continually falling short of enacting laws to satisfy the common good, a new class of socially-critical application could be created in law to permit pre-market evaluation of applications (or versions of applications) that could undermine or interrupt the common good

DPCat: Specification for an interoperable and machine-readable data processing catalogue based on GDPR

The GDPR requires Data Controllers and Data Protection Officers (DPO) to maintain a Register of Processing Activities (ROPA) as part of overseeing the organisation’s compliance processes. The ROPA must include information from heterogeneous sources such as (internal) departments with varying IT systems and (external) data processors. Current practices use spreadsheets or proprietary systems that lack machine-readability and interoperability, presenting barriers to automation. We propose the Data Processing Catalogue (DPCat) for the representation, collection and transfer of ROPA information, as catalogues in a machine-readable and interoperable manner. DPCat is based on the Data Catalog Vocabulary (DCAT) and its extension DCAT Application Profile for data portals in Europe (DCAT-AP), and the Data Privacy Vocabulary (DPV). It represents a comprehensive semantic model developed from GDPR’s Article and an analysis of the 17 ROPA templates from EU Data Protection Authorities (DPA). To demonstrate the practicality and feasibility of DPCat, we present the European Data Protection Supervisor’s (EDPS) ROPA documents using DPCat, verify them with SHACL to ensure the correctness of information based on legal and contextual requirements, and produce reports and ROPA documents based on DPA templates using SPARQL. DPCat supports a data governance process for data processing compliance to harmonise inputs from heterogeneous sources to produce dynamic documentation that can accommodate differences in regulatory approaches across DPAs and ease investigative burdens toward efficient enforcement

Semantic Systems. The Power of AI and Knowledge Graphs

This open access book constitutes the refereed proceedings of the 15th International Conference on Semantic Systems, SEMANTiCS 2019, held in Karlsruhe, Germany, in September 2019. The 20 full papers and 8 short papers presented in this volume were carefully reviewed and selected from 88 submissions. They cover topics such as: web semantics and linked (open) data; machine learning and deep learning techniques; semantic information management and knowledge integration; terminology, thesaurus and ontology management; data mining and knowledge discovery; semantics in blockchain and distributed ledger technologies