Towards Cataloguing Potential Derivations of Personal Data

  • Harshvardhan J. PanditEmail author
  • Javier D. Fernández
  • Christophe Debruyne
  • Axel Polleres
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11762)


The General Data Protection Regulation (GDPR) has established transparency and accountability in the context of personal data usage and collection. While its obligations clearly apply to data explicitly obtained from data subjects, the situation is less clear for data derived from existing personal data. In this paper, we address this issue with an approach for identifying potential data derivations using a rule-based formalisation of examples documented in the literature using Semantic Web standards. Our approach is useful for identifying risks of potential data derivations from given data and provides a starting point towards an open catalogue to document known derivations for the privacy community, but also for data controllers, in order to raise awareness in which sense their data collections could become problematic.


Personal data Derived data GDPR Semantic web 



This work is supported by funding under EU’s Horizon 2020 research and innovation programme: grant 731601 (SPECIAL), the Austrian Research Promotion Agency’s (FFG) program “ICT of the Future”: grant 861213 (CitySPIN), and ADAPT Centre for Digital Excellence funded by SFI Research Centres Programme (Grant 13/RC/2106) and co-funded by European Regional Development Fund.


  1. 1.
    Examples of data points used in profiling. Privacy International, April 2018Google Scholar
  2. 2.
    Hinds, J., Joinson, A.N.: What demographic attributes do our digital footprints reveal? A systematic review. PLoS One 13(11), e0207112 (2018)CrossRefGoogle Scholar
  3. 3.
    Liu, W., Al Zamal, F., Ruths, D.: Using social media to infer gender composition of commuter populations. In: Proceedings of the When the City Meets the Citizen Workshop at ICWSM, p. 4 (2012)Google Scholar
  4. 4.
    Quercia, D., Kosinski, M., Stillwell, D., Crowcroft, J.: Our twitter profiles, our selves: predicting personality with twitter. In: Proc of PASSAT and SocialCom, pp. 180–185 (2011)Google Scholar
  5. 5.
    Regulation (EU) 2016/679 of the european parliament and of the council of 27 April 2016 (general data protection regulation). Off. J. Eur. Union L119, 1–88 (2016–05)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Harshvardhan J. Pandit
    • 1
    Email author
  • Javier D. Fernández
    • 2
    • 3
  • Christophe Debruyne
    • 1
  • Axel Polleres
    • 2
    • 3
  1. 1.ADAPT CentreTrinity College DublinDublinIreland
  2. 2.Vienna University of Economics and BusinessViennaAustria
  3. 3.Complexity Science Hub ViennaViennaAustria

Personalised recommendations