Abstract
Data protection, currently under the limelight at the European level, is undergoing a long and complex reform that is finally approaching its completion. Consequently, there is an urgent need to customize semantic standards towards the prospective legal framework. The aim of this paper is to provide a bottom-up ontology describing the constituents of data protection domain and its relationships. Our contribution envisions a methodology to highlight the (new) duties of data controllers and foster the transition of IT-based systems, services, tools and businesses to comply with the new General Data Protection Regulation. This structure may serve as the foundation for the design of data protection compliant information systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
However, versions amended by the Parliament and the Council have either been published or leaked to the general public.
- 2.
Article 30 of the draft Regulation.
- 3.
Article 23 of the GDPR, addressing the design and the implementation of a system.
- 4.
Subject to changes in the final text - we used the official Commission text, COM (2012) 11 final. To better sharpen the scope, the ontology does not refer to decisions of courts or DPAs. The purpose is not to define a model of the legal text, but to model the requirements that the controller must meet to be compliant with the legislation.
- 5.
See footnote 12 infra.
- 6.
- 7.
- 8.
- 9.
The environment is available together with the Eclipse plugin described in Subsect. 4.1. See footnote 12 infra.
- 10.
- 11.
- 12.
The sources are available at https://github.com/guerret/lu.uni.eclipse.bpmn2. The “resources” folder contains the OWL file with the ontology, the SPARQL queries and the glossary.
References
BPMN 2.0 by example. Technical report. dtc/2010-06-02, Object Management Group, June 2010
Business process model and notation (BPMN). Technical report. formal/2011-01-03, Object Management Group, January 2011
Alhir, S.S.: Guide to Applying the UML. Springer Professional Computing, New York (2002)
Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., Ford, M., Goland, Y., Guízar, A., Kartha, N., Liu, C.K., Khalaf, R., König, D., Marin, M., Mehta, V., Thatte, S., van der Rijn, D., Yendluri, P., Yiu, A.: Web services business process execution language version 2.0. Technical report, OASIS, April 2007. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html
Antoniou, G., van Harmelen, F.: Web ontology language: OWL. In: Staab, S., Studer, R. (eds.) Handbook on Ontologies. International Handbooks on Information Systems, 2nd edn., pp. 67–92. Springer, Heidelberg (2004). Chapter 4
Bartolini, C., Gheorghe, G., Giurgiu, A., Sabetzadeh, M., Sannier, N.: Assessing IT security standards against the upcoming GDPR for cloud systems. In: Proceedings of the Grande Region Security and Reliability Day (GRSRD 2015), pp. 40–42, March 2015
Bartolini, C., Muthuri, R.: Reconciling data protection rights and obligations: an ontology of the forthcoming eu regulation. In: Proceedings of the Workshop on Language and Semantic Technology for Legal Domain (LST4LD), Recent Advances in Natural Language Processing (RANLP), September 2015
Breuker, J., Hoekstra, R.: Epistemology and ontology in core ontologies: FOLaw and LRI-Core, two core ontologies for law. In: Proceedings of the Workshop on Core Ontologies in Ontology Engineering (EKAW), October 2004
Cappelli, A., Lenzi, V.B., Sprugnoli, R., Biagioli, C.: Modelization of domain concepts extracted from the Italian privacy legislation. In: Proceedings of the 7th International Workshop on Computational Semantics (IWCS-7), January 2007
Casellas, N.: Legal Ontology Engineering Methodologies, Modelling Trends, and the Ontology of Professional Judicial Knowledge. Law, Governance and Technology Series, vol. 3. Springer, Netherlands (2011)
Casellas, N., Nieto, J.E., Roig, A., Meroño, A., Torralba, S., Reyes, M., Casanovas, P.: Ontological semantics for data privacy compliance: the Neurona project. In: Proceedings of the Intelligent Privacy Management Symposium, pp. 34–38, March 2010
Corcho, O., Fernández-López, M., Gómez-Pérez, A., López-Cima, A.: Building legal ontologies with METHONTOLOGY and WebODE. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. Lecture Notes in Computer Science, vol. 3369, pp. 142–157. Springer, Berlin Heidelberg (2005)
Davenport, T.H., Short, J.E.: The new industrial engineering: information technology and business process redesign. Sloan Manag. Rev. 31(4), 11–27 (1990). Summer
Davis, R., Shrobe, H., Szolovits, P.: What is a knowledge representation? AI Mag. 14(1), 17–33 (1993). Spring
European Commission: A digital single market strategy for Europe, May 2015. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX: 52015DC0192&from=EN
European Union Agency for Fundamental Rights: Handbook on European data protection law, April 2014
Fernández, M., Gómez-Pérez, A., Juristo, N.: METHONTOLOGY: from ontological art towards ontological engineering. In: Proceedings of the Ontological Engineering AAAI-1997 Spring Symposium Series, pp. 33–40, March 1997
Fernández López, M., Gómez-Pérez, A., Pazos Sierra, J., Pazos Sierra, A.: Building a chemical ontology using methontology and the ontology design environment. IEEE Intell. Syst. 14(1), 37–46 (1999)
Friedenthal, S., Moore, A., Steiner, R.: A Practical Guide to SysML: The Systems Modeling Language, 3rd edn. Morgan Kaufmann, San Francisco (2014)
Gómez-Pérez, A., Fernández-López, M., Corcho, O.: Ontological Engineering: With Examples from the Areas of Knowledge Management, e-Commerce and the Semantic Web. Advanced Information and Knowledge Processing. Springer, London (2004)
Grūninger, M., Fox, M.S.: The role of competency questions in enterprise engineering. In: Rolstadås, A. (ed.) Benchmarking — Theory and Practice. IFIP, pp. 22–31. Springer, Boston, MA (1995). doi:10.1007/978-0-387-34847-6_3
Hesse, W.: Ontologies in the software engineering process. In: Lenz, R., Hasenkamp, U., Hasselbring, W., Reichert, M. (eds.) Proceedings of the 2nd GI-Workshop on Enterprise Application Integration (EAI), pp. 3–15, June 2005
Hoekstra, R., Breuker, J., Di Bello, M., Boer, A.: LKIF core: principled ontology development for the legal domain. In: Breuker, J., Casanovas, P., Klein, M.C., Francesconi, E. (eds.) Law, Ontologies and the Semantic Web: Channelling the Legal Information Flood, Frontiers in Artificial Intelligence and Applications, vol. 188, pp. 21–52. IOS Press, January 2009
International Organization for Standardization: ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements, 2nd edn., October 2013
Jacobson, I., Booch, G., Rumbaugh, J.: The Unified Software Development Process. Addison-Wesley, Reading (1999)
Kost, M., Freytag, J.C., Kargl, F., Kung, A.: Privacy verification using ontologies. In: Proceedings of the Sixth International Conference on Availability, Reliability and Security (ARES), pp. 627–632, August 2011
Massacci, F., Prest, M., Zannone, N.: Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Technical report. University of Trento, November 2003
Mikkonen, T.: Perceptions of controllers on EU data protection reform: a finnish perspective. Comput. Law Secur. Rev. 30(2), 190–195 (2014)
Mitre, H.A., González-Tablas, A.I., Ramos, B., Ribagorda, A.: A legal ontology to support privacy preservation in location-based services. In: Meersman, R., Tari, Z., Herrero, P. (eds.) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. LNCS, vol. 4278, pp. 1755–1764. Springer, Heidelberg (2006)
Noy, N.F., Sintek, M., Decker, S., Crubézy, M., Fergerson, R.W., Musen, M.A.: Creating semantic web contents with Protégé-2000. IEEE Intell. Syst. 16(2), 60–71 (2001)
Paulheim, H., Probst, F.: Ontology-enhanced user interfaces: a survey. Int. J. Semant. Web Inf. Syst. 6(2), 36–59 (2010)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall, Upper Saddle River (2006)
Rahmouni, H.B., Solomonides, T., Casassa Mont, M., Shiu, S.: Privacy compliance and enforcement on European healthgrids: an approach through ontology. Phil. Trans. R. Soc. A 368(1926), 4057–4072 (2010)
Rebstock, M., Fengel, J., Paulheim, H.: Ontologies-Based Business Integration. Business Information Systems. Springer, Heidelberg (2008)
Recker, J.C., Mendling, J.: On the translation between BPMN and BPEL: conceptual mismatch between process modeling languages. In: Latour, T., Petit, M. (eds.) The 18th International Conference on Advanced Information Systems Engineering. Proceedings of Workshops and Doctoral Consortium, pp. 521–532. Namur University Press, June 2006
Reding, V.: The upcoming data protection reform for the European Union. Int. Data Priv. Law 1(1), 3–5 (2011). https://academic.oup.com/idpl/article/1/1/3/759666/The-upcoming-data-protection-reform-for-the
Reijers, H.A.: Design and Control of Workflow Processes: Business Process Management for the Service Industry. Lecture Notes in Computer Science, vol. 2617. Springer, Heidelberg (2003)
Suárez-Figueroa, M.C., Gómez-Pérez, A., Villazón-Terrazas, B.: How to write and use the ontology requirements specification document. In: Meersman, R., Dillon, T., Herrero, P. (eds.) On the Move to Meaningful Internet Systems: OTM 2009. Lecture Notes in Computer Science, vol. 5871, pp. 966–982. Springer, Heidelberg (2009)
Suárez-Figueroa, M.C., Gómez-Pérez, A., Motta, E., Gangemi, A. (eds.): Ontology Engineering in a Networked World. Springer, Heidelberg (2012)
Uschold, M., Gruninger, M.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11(2), 93–136 (1996)
Van Alsenoy, B., Ballet, J., Kuczerawy, A., Dumortier, J.: Social networks and web 2.0: are users also bound by data protection regulations? Identity Inf. Soc. 2(1), 65–79 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Bartolini, C., Muthuri, R., Santos, C. (2017). Using Ontologies to Model Data Protection Requirements in Workflows. In: Otake, M., Kurahashi, S., Ota, Y., Satoh, K., Bekki, D. (eds) New Frontiers in Artificial Intelligence. JSAI-isAI 2015. Lecture Notes in Computer Science(), vol 10091. Springer, Cham. https://doi.org/10.1007/978-3-319-50953-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-50953-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-50952-5
Online ISBN: 978-3-319-50953-2
eBook Packages: Computer ScienceComputer Science (R0)