Towards Cataloguing Potential Derivations of Personal Data
The General Data Protection Regulation (GDPR) has established transparency and accountability in the context of personal data usage and collection. While its obligations clearly apply to data explicitly obtained from data subjects, the situation is less clear for data derived from existing personal data. In this paper, we address this issue with an approach for identifying potential data derivations using a rule-based formalisation of examples documented in the literature using Semantic Web standards. Our approach is useful for identifying risks of potential data derivations from given data and provides a starting point towards an open catalogue to document known derivations for the privacy community, but also for data controllers, in order to raise awareness in which sense their data collections could become problematic.
KeywordsPersonal data Derived data GDPR Semantic web
This work is supported by funding under EU’s Horizon 2020 research and innovation programme: grant 731601 (SPECIAL), the Austrian Research Promotion Agency’s (FFG) program “ICT of the Future”: grant 861213 (CitySPIN), and ADAPT Centre for Digital Excellence funded by SFI Research Centres Programme (Grant 13/RC/2106) and co-funded by European Regional Development Fund.
- 1.Examples of data points used in profiling. Privacy International, April 2018Google Scholar
- 3.Liu, W., Al Zamal, F., Ruths, D.: Using social media to infer gender composition of commuter populations. In: Proceedings of the When the City Meets the Citizen Workshop at ICWSM, p. 4 (2012)Google Scholar
- 4.Quercia, D., Kosinski, M., Stillwell, D., Crowcroft, J.: Our twitter profiles, our selves: predicting personality with twitter. In: Proc of PASSAT and SocialCom, pp. 180–185 (2011)Google Scholar
- 5.Regulation (EU) 2016/679 of the european parliament and of the council of 27 April 2016 (general data protection regulation). Off. J. Eur. Union L119, 1–88 (2016–05)Google Scholar