User consent modeling for ensuring transparency and compliance in smart cities

  • Javier D. FernándezEmail author
  • Marta Sabou
  • Sabrina Kirrane
  • Elmar Kiesling
  • Fajar J. Ekaputra
  • Amr Azzam
  • Rigo Wenning
original Article


Smart city infrastructures such as transportation and energy networks are evolving into so-called cyber physical social systems (CPSSs), which collect and leverage citizens’ data in order to adapt services to citizens’ needs. The privacy implications of such systems are, however, significant and need to be addressed. Current systems either try to escape the privacy challenge via anonymization or use very rigid, hard-coded workflows that have been agreed with a data protection authority. In the case of the latter, there is a severe impact on data quality and richness, whereas in the former, only these hard-coded flows are permitted resulting in diminished functionality and potential. We address these limitations via user modeling in terms of investigating how to model and semantically represent user consent, preferences, and data usage policies that will guide the processing of said data in the data lake. Data protection is a horizontal field and consequently very wide. Therefore, we focus on a concrete setting where we extend the domain-agnostic SPECIAL policy language for a smart mobility use case supplied by Vienna’s largest utility provider. To that end, (1) we create an extension of SPECIAL in terms of a core CPSS vocabulary that lowers the semantic gap between the domain agnostic terms of SPECIAL and the vocabulary of the use case; (2) we propose a workflow that supports defining domain-specific vocabularies for complex CPSSs; and (3) show that these two contributions allow successfully achieving the goals of our setting.


Cyber physical (social) systems Smart mobility User consent modeling Privacy GDPR Linked data 


Funding information

This work has been supported by the European Union’s Horizon 2020 research and innovation programme under grant 731601 (SPECIAL) and by the Austrian Research Promotion Agency (FFG): grant no. 861213 (CitySPIN).


  1. 1.
    Aggarwal CC, Philip SY (2008) A general survey of privacy-preserving data mining models and algorithms. In: Privacy-preserving data mining. Springer, pp 11–52Google Scholar
  2. 2.
    Bellare M, Yee B (1997) Forward integrity for secure audit logs. Tech. rep., Computer Science and Engineering Department University of California at San DiegoGoogle Scholar
  3. 3.
    Bermejo A, Villadangos J, Astrain JJ, Cordoba A (2013) Ontology based road traffic management. In: Proc. of intelligent distributed computing. Springer, pp 103–108Google Scholar
  4. 4.
    Bonatti P, Kirrane S, Petrova I, Sauro L, Kerschbaum C, Pirkova E (2018) Special deliverable 2.6: formal representation of the legislation v2.
  5. 5.
    Bonatti P, Kirrane S, Petrova I, Sauro L, Schlehahn E (2017) Special deliverable 2.1: policy language v1.
  6. 6.
    Bonatti P, Kirrane S, Polleres A, Wenning R (2017) Transparent personal data processing: the road ahead. In: Proc. of TELERISE, pp 337–349Google Scholar
  7. 7.
    Bonatti PA, Coi JLD, Olmedilla D, Sauro L (2010) A rule-based trust negotiation system. IEEE Trans Knowl Data Eng 22(11):1507–1520CrossRefGoogle Scholar
  8. 8.
    Bonatti PA, Kirrane S (2019) Big data and analytics in the age of the gdprGoogle Scholar
  9. 9.
    Brickley D, Miller L (2010) Foaf vocabulary specification 0.91Google Scholar
  10. 10.
    Cavoukian A (2011) Privacy by design in law, policy and practice. A white paper for regulators decision-makers and policy-makersGoogle Scholar
  11. 11.
    Chen S, Liu T, Gao F, Ji J, Xu Z, Qian B, Wu H, Guan X (2017) Butler, not servant: a human-centric smart home energy management system. IEEE Commun Mag 55(2):27–33CrossRefGoogle Scholar
  12. 12.
    Cledou G, Estevez E, Barbosa LS (2018) A taxonomy for planning and designing smart mobility services. Gov Inf Q 35(1):61–76CrossRefGoogle Scholar
  13. 13.
    Cranor LF (2002) Web privacy with P3P - the platform for privacy preferences. O’ReillyGoogle Scholar
  14. 14.
    Dao MS, Pongpaichet S, Jalali L, Kim K, Jain R, Zettsu K (2014) A real-time complex event discovery platform for cyber-physical-social systems. Proc of ICMR, 201–208Google Scholar
  15. 15.
    Espinoza-Arias P, Poveda-Villalón M, García-Castro R, Corcho O (2019) Ontological representation of smart city data: from devices to cities. Appl Sci 9(1):32CrossRefGoogle Scholar
  16. 16.
    Falkvinge R (2017) Airport: “we’re tracking every single footstep you take and can connect it to your mail address, but your privacy is safe because we say so”.
  17. 17.
    Fatema K, Hadziselimovic E, Pandit HJ, Debruyne C, Lewis D, O’Sullivan D (2017) Compliance through informed consent: semantic based consent permission and data management model. In: Proc of PrivOnGoogle Scholar
  18. 18.
    Ghinita G, Karras P, Kalnis P, Mamoulis N (2007) Fast data anonymization with low information loss. In: Proc. of VLDB. VLDB Endowment, pp 758–769Google Scholar
  19. 19.
    Hildebrandt M (2015) Smart technologies and the end (s) of law: novel entanglements of law and technology. Edward Elgar PublishingGoogle Scholar
  20. 20.
    Hussein D, Park S, Han SN, Crespi N (2015) Dynamic social structure of things: a contextual approach in CPSS. IEEE Internet Comput 19(3):12–20CrossRefGoogle Scholar
  21. 21.
    Iannella R, Villata S (2018) Odrl information model 2.2/ W3C RecommendationGoogle Scholar
  22. 22.
  23. 23.
    Kagal L, Finin TW, Joshi A (2003) A policy language for a pervasive computing environment. In: Proc. of POLICY, pp 63–Google Scholar
  24. 24.
    Kitchenham BA, Budgen D, Pearl Brereton O (2011) Using mapping studies as the basis for further research - a participant-observer case study. Inf Softw Technol 53(6):638–651CrossRefGoogle Scholar
  25. 25.
    Kolovski V, Hendler J, Parsia B (2007) Analyzing web access control policies. In: Proc. of WWW, pp 677–686Google Scholar
  26. 26.
    Lebo T, Sahoo S, McGuinness D (2013) Prov-o: the prov ontology. W3C RecommendationGoogle Scholar
  27. 27.
    Ly LT, Maggi FM, Montali M, Rinderle-Ma S, van der Aalst WM (2015) Compliance monitoring in business processes: functionalities, application, and tool-support. Inform Syst 54:209–234CrossRefGoogle Scholar
  28. 28.
    Microsoft Trust Center (2017) Detailed GDPR assessment.
  29. 29.
    Mont MC, Pearson S, Bramhall P (2003) Towards accountable management of identity and privacy: sticky policies and enforceable tracing services. In: Database and expert systems applications. IEEE, pp 377–382Google Scholar
  30. 30.
    Motik B, Patel-Schneider PF, Parsia B (2012) OWL 2 web ontology language – structural specification and functional-style syntax, 2nd edn. W3C RecommendationGoogle Scholar
  31. 31.
    Nymity (2017) GDPR compliance toolkit.
  32. 32.
    Pandit H, Lewis D (2017) Modelling provenance for gdpr compliance using linked open data vocabularies. In: Proc of PrivOnGoogle Scholar
  33. 33.
    Peruzzini M, Pellicciari M (2017) A framework to design a human-centred adaptive manufacturing system for aging workers. Adv Eng Inform 33:330–349CrossRefGoogle Scholar
  34. 34.
    Pulls T, Peeters R, Wouters K (2013) Distributed privacy-preserving transparency logging. In: Proc. of WPESGoogle Scholar
  35. 35.
    Sabou M, Musil A (2018) Cityspin deliverable 2.1: cyber-physical social systems blueprint (v.1).
  36. 36.
    Sabou M, Musil A, Musil J, Biffl S (2018) Protocol for: a systematic mapping study of cyber-physical social systems. Tech. Rep. IFS-QSE 18-02, TU Wien, Austria.
  37. 37.
    Sackmann S, Strüker J, Accorsi R (2006) Personalization in privacy-aware highly dynamic systems. Commun ACM, 49(9)CrossRefGoogle Scholar
  38. 38.
    Scherp A, Saathoff C, Franz T, Staab S (2011) Designing core ontologies. Appl Ontol 6(3):177–221. CrossRefGoogle Scholar
  39. 39.
    Schreiber G, Raimond Y (2014) Rdf 1.1 primerGoogle Scholar
  40. 40.
    Smirnov A, Shilov N, Gusikhin O (2015) Socio-cyberphysical system for proactive driver support - approach and case study. In: Proc of ICINCO, pp 289–295Google Scholar
  41. 41.
    Sutton A, Samavi R (2017) Blockchain enabled privacy audit logs. In: Proc. of ISWC, pp 645–660Google Scholar
  42. 42.
    Uszok A, Bradshaw JM, Jeffers R, Suri N, Hayes PJ, Breedy MR, Bunch L, Johnson M, Kulkarni S, Lott J (2003) KAoS policy and domain services: towards a description-logic approach to policy representation, deconfliction, and enforcement. In: Proc. of POLICY, pp 93–96Google Scholar
  43. 43.
    Wang FY (2010) The emergence of intelligent enterprises: from CPS to CPSS. IEEE Intell Syst 25(4):85–88CrossRefGoogle Scholar
  44. 44.
    Xiao J, Joseph SL, Zhang X, Li B, Li X, Zhang J (2015) An assistive navigation framework for the visually impaired. IEEE Trans Human-Mach Syst 45(5):635–640CrossRefGoogle Scholar
  45. 45.
    Xiong G, Zhu F, Liu X, Dong X, Huang W, Chen S, Zhao K (2015) Cyber-physical-social system in intelligent transportation. IEEE/CAA J Automatica Sinica 2(3):320–333MathSciNetCrossRefGoogle Scholar
  46. 46.
    Zyskind G, Nathan O, et al. (2015) Decentralizing privacy: using blockchain to protect personal data. In: Proc. of SPW, pp 180– 184Google Scholar

Copyright information

© Springer-Verlag London Ltd., part of Springer Nature 2020

Authors and Affiliations

  1. 1.Vienna University of Economics and BusinessViennaAustria
  2. 2.Technical University of ViennaViennaAustria
  3. 3.Christian Doppler Laboratory for Security and Quality Improvement in the Production System Lifecycle (CDL-SQI)Technical University of ViennaViennaAustria
  4. 4.ERCIM/W3CSophia-AntipolisFrance

Personalised recommendations