Skip to main content
SpringerLink
Log in

Using Ontologies to Model Data Protection Requirements in Workflows

  • Conference paper
  • First Online:
New Frontiers in Artificial Intelligence (JSAI-isAI 2015)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 10091))

Included in the following conference series:

Abstract

Data protection, currently under the limelight at the European level, is undergoing a long and complex reform that is finally approaching its completion. Consequently, there is an urgent need to customize semantic standards towards the prospective legal framework. The aim of this paper is to provide a bottom-up ontology describing the constituents of data protection domain and its relationships. Our contribution envisions a methodology to highlight the (new) duties of data controllers and foster the transition of IT-based systems, services, tools and businesses to comply with the new General Data Protection Regulation. This structure may serve as the foundation for the design of data protection compliant information systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    However, versions amended by the Parliament and the Council have either been published or leaked to the general public.

  2. 2.

    Article 30 of the draft Regulation.

  3. 3.

    Article 23 of the GDPR, addressing the design and the implementation of a system.

  4. 4.

    Subject to changes in the final text - we used the official Commission text, COM (2012) 11 final. To better sharpen the scope, the ontology does not refer to decisions of courts or DPAs. The purpose is not to define a model of the legal text, but to model the requirements that the controller must meet to be compliant with the legislation.

  5. 5.

    See footnote 12 infra.

  6. 6.

    http://www.w3.org/2009/08/skos-reference/skos.html.

  7. 7.

    http://oops.linkeddata.es/.

  8. 8.

    http://www.essepuntato.it/lode/owlapi/https://raw.githubusercontent.com/guerret/lu.uni.eclipse.bpmn2/master/resources/dataprotection.owl.

  9. 9.

    The environment is available together with the Eclipse plugin described in Subsect. 4.1. See footnote 12 infra.

  10. 10.

    https://www.eclipse.org/bpmn2-modeler/.

  11. 11.

    http://owlapi.sourceforge.net/.

  12. 12.

    The sources are available at https://github.com/guerret/lu.uni.eclipse.bpmn2. The “resources” folder contains the OWL file with the ontology, the SPARQL queries and the glossary.

References

  1. BPMN 2.0 by example. Technical report. dtc/2010-06-02, Object Management Group, June 2010

    Google Scholar 

  2. Business process model and notation (BPMN). Technical report. formal/2011-01-03, Object Management Group, January 2011

    Google Scholar 

  3. Alhir, S.S.: Guide to Applying the UML. Springer Professional Computing, New York (2002)

    Book  MATH  Google Scholar 

  4. Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., Ford, M., Goland, Y., Guízar, A., Kartha, N., Liu, C.K., Khalaf, R., König, D., Marin, M., Mehta, V., Thatte, S., van der Rijn, D., Yendluri, P., Yiu, A.: Web services business process execution language version 2.0. Technical report, OASIS, April 2007. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html

  5. Antoniou, G., van Harmelen, F.: Web ontology language: OWL. In: Staab, S., Studer, R. (eds.) Handbook on Ontologies. International Handbooks on Information Systems, 2nd edn., pp. 67–92. Springer, Heidelberg (2004). Chapter 4

    Google Scholar 

  6. Bartolini, C., Gheorghe, G., Giurgiu, A., Sabetzadeh, M., Sannier, N.: Assessing IT security standards against the upcoming GDPR for cloud systems. In: Proceedings of the Grande Region Security and Reliability Day (GRSRD 2015), pp. 40–42, March 2015

    Google Scholar 

  7. Bartolini, C., Muthuri, R.: Reconciling data protection rights and obligations: an ontology of the forthcoming eu regulation. In: Proceedings of the Workshop on Language and Semantic Technology for Legal Domain (LST4LD), Recent Advances in Natural Language Processing (RANLP), September 2015

    Google Scholar 

  8. Breuker, J., Hoekstra, R.: Epistemology and ontology in core ontologies: FOLaw and LRI-Core, two core ontologies for law. In: Proceedings of the Workshop on Core Ontologies in Ontology Engineering (EKAW), October 2004

    Google Scholar 

  9. Cappelli, A., Lenzi, V.B., Sprugnoli, R., Biagioli, C.: Modelization of domain concepts extracted from the Italian privacy legislation. In: Proceedings of the 7th International Workshop on Computational Semantics (IWCS-7), January 2007

    Google Scholar 

  10. Casellas, N.: Legal Ontology Engineering Methodologies, Modelling Trends, and the Ontology of Professional Judicial Knowledge. Law, Governance and Technology Series, vol. 3. Springer, Netherlands (2011)

    Google Scholar 

  11. Casellas, N., Nieto, J.E., Roig, A., Meroño, A., Torralba, S., Reyes, M., Casanovas, P.: Ontological semantics for data privacy compliance: the Neurona project. In: Proceedings of the Intelligent Privacy Management Symposium, pp. 34–38, March 2010

    Google Scholar 

  12. Corcho, O., Fernández-López, M., Gómez-Pérez, A., López-Cima, A.: Building legal ontologies with METHONTOLOGY and WebODE. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. Lecture Notes in Computer Science, vol. 3369, pp. 142–157. Springer, Berlin Heidelberg (2005)

    Chapter  Google Scholar 

  13. Davenport, T.H., Short, J.E.: The new industrial engineering: information technology and business process redesign. Sloan Manag. Rev. 31(4), 11–27 (1990). Summer

    Google Scholar 

  14. Davis, R., Shrobe, H., Szolovits, P.: What is a knowledge representation? AI Mag. 14(1), 17–33 (1993). Spring

    Google Scholar 

  15. European Commission: A digital single market strategy for Europe, May 2015. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX: 52015DC0192&from=EN

  16. European Union Agency for Fundamental Rights: Handbook on European data protection law, April 2014

    Google Scholar 

  17. Fernández, M., Gómez-Pérez, A., Juristo, N.: METHONTOLOGY: from ontological art towards ontological engineering. In: Proceedings of the Ontological Engineering AAAI-1997 Spring Symposium Series, pp. 33–40, March 1997

    Google Scholar 

  18. Fernández López, M., Gómez-Pérez, A., Pazos Sierra, J., Pazos Sierra, A.: Building a chemical ontology using methontology and the ontology design environment. IEEE Intell. Syst. 14(1), 37–46 (1999)

    Article  Google Scholar 

  19. Friedenthal, S., Moore, A., Steiner, R.: A Practical Guide to SysML: The Systems Modeling Language, 3rd edn. Morgan Kaufmann, San Francisco (2014)

    Google Scholar 

  20. Gómez-Pérez, A., Fernández-López, M., Corcho, O.: Ontological Engineering: With Examples from the Areas of Knowledge Management, e-Commerce and the Semantic Web. Advanced Information and Knowledge Processing. Springer, London (2004)

    Google Scholar 

  21. Grūninger, M., Fox, M.S.: The role of competency questions in enterprise engineering. In: Rolstadås, A. (ed.) Benchmarking — Theory and Practice. IFIP, pp. 22–31. Springer, Boston, MA (1995). doi:10.1007/978-0-387-34847-6_3

    Chapter  Google Scholar 

  22. Hesse, W.: Ontologies in the software engineering process. In: Lenz, R., Hasenkamp, U., Hasselbring, W., Reichert, M. (eds.) Proceedings of the 2nd GI-Workshop on Enterprise Application Integration (EAI), pp. 3–15, June 2005

    Google Scholar 

  23. Hoekstra, R., Breuker, J., Di Bello, M., Boer, A.: LKIF core: principled ontology development for the legal domain. In: Breuker, J., Casanovas, P., Klein, M.C., Francesconi, E. (eds.) Law, Ontologies and the Semantic Web: Channelling the Legal Information Flood, Frontiers in Artificial Intelligence and Applications, vol. 188, pp. 21–52. IOS Press, January 2009

    Google Scholar 

  24. International Organization for Standardization: ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements, 2nd edn., October 2013

    Google Scholar 

  25. Jacobson, I., Booch, G., Rumbaugh, J.: The Unified Software Development Process. Addison-Wesley, Reading (1999)

    Google Scholar 

  26. Kost, M., Freytag, J.C., Kargl, F., Kung, A.: Privacy verification using ontologies. In: Proceedings of the Sixth International Conference on Availability, Reliability and Security (ARES), pp. 627–632, August 2011

    Google Scholar 

  27. Massacci, F., Prest, M., Zannone, N.: Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Technical report. University of Trento, November 2003

    Google Scholar 

  28. Mikkonen, T.: Perceptions of controllers on EU data protection reform: a finnish perspective. Comput. Law Secur. Rev. 30(2), 190–195 (2014)

    Article  Google Scholar 

  29. Mitre, H.A., González-Tablas, A.I., Ramos, B., Ribagorda, A.: A legal ontology to support privacy preservation in location-based services. In: Meersman, R., Tari, Z., Herrero, P. (eds.) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. LNCS, vol. 4278, pp. 1755–1764. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  30. Noy, N.F., Sintek, M., Decker, S., Crubézy, M., Fergerson, R.W., Musen, M.A.: Creating semantic web contents with Protégé-2000. IEEE Intell. Syst. 16(2), 60–71 (2001)

    Article  Google Scholar 

  31. Paulheim, H., Probst, F.: Ontology-enhanced user interfaces: a survey. Int. J. Semant. Web Inf. Syst. 6(2), 36–59 (2010)

    Article  Google Scholar 

  32. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall, Upper Saddle River (2006)

    MATH  Google Scholar 

  33. Rahmouni, H.B., Solomonides, T., Casassa Mont, M., Shiu, S.: Privacy compliance and enforcement on European healthgrids: an approach through ontology. Phil. Trans. R. Soc. A 368(1926), 4057–4072 (2010)

    Article  Google Scholar 

  34. Rebstock, M., Fengel, J., Paulheim, H.: Ontologies-Based Business Integration. Business Information Systems. Springer, Heidelberg (2008)

    Google Scholar 

  35. Recker, J.C., Mendling, J.: On the translation between BPMN and BPEL: conceptual mismatch between process modeling languages. In: Latour, T., Petit, M. (eds.) The 18th International Conference on Advanced Information Systems Engineering. Proceedings of Workshops and Doctoral Consortium, pp. 521–532. Namur University Press, June 2006

    Google Scholar 

  36. Reding, V.: The upcoming data protection reform for the European Union. Int. Data Priv. Law 1(1), 3–5 (2011). https://academic.oup.com/idpl/article/1/1/3/759666/The-upcoming-data-protection-reform-for-the

    Article  Google Scholar 

  37. Reijers, H.A.: Design and Control of Workflow Processes: Business Process Management for the Service Industry. Lecture Notes in Computer Science, vol. 2617. Springer, Heidelberg (2003)

    MATH  Google Scholar 

  38. Suárez-Figueroa, M.C., Gómez-Pérez, A., Villazón-Terrazas, B.: How to write and use the ontology requirements specification document. In: Meersman, R., Dillon, T., Herrero, P. (eds.) On the Move to Meaningful Internet Systems: OTM 2009. Lecture Notes in Computer Science, vol. 5871, pp. 966–982. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  39. Suárez-Figueroa, M.C., Gómez-Pérez, A., Motta, E., Gangemi, A. (eds.): Ontology Engineering in a Networked World. Springer, Heidelberg (2012)

    Google Scholar 

  40. Uschold, M., Gruninger, M.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11(2), 93–136 (1996)

    Article  Google Scholar 

  41. Van Alsenoy, B., Ballet, J., Kuczerawy, A., Dumortier, J.: Social networks and web 2.0: are users also bound by data protection regulations? Identity Inf. Soc. 2(1), 65–79 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Luxembourg, Luxembourg, Luxembourg

    Cesare Bartolini

  2. University of Turin, Turin, Italy

    Robert Muthuri

  3. Institute of Law and Technology, University of Barcelona (IDT-UAB), Barcelona, Spain

    Cristiana Santos

Authors
  1. Cesare Bartolini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert Muthuri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cristiana Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cesare Bartolini .

Editor information

Editors and Affiliations

  1. Chiba University Graduate School of Engineering, Chiba, Japan

    Mihoko Otake

  2. University of Tsukuba, Tokyo, Japan

    Setsuya Kurahashi

  3. Fujitsu Laboratories, Kanagawa, Japan

    Yuiko Ota

  4. National Institute of Informatics, Tokyo, Japan

    Ken Satoh

  5. Ochanomizu University, Tokyo, Japan

    Daisuke Bekki

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Bartolini, C., Muthuri, R., Santos, C. (2017). Using Ontologies to Model Data Protection Requirements in Workflows. In: Otake, M., Kurahashi, S., Ota, Y., Satoh, K., Bekki, D. (eds) New Frontiers in Artificial Intelligence. JSAI-isAI 2015. Lecture Notes in Computer Science(), vol 10091. Springer, Cham. https://doi.org/10.1007/978-3-319-50953-2_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-50953-2_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-50952-5

  • Online ISBN: 978-3-319-50953-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation