Skip to main content

Towards Privacy Policy Conceptual Modeling

Part of the Lecture Notes in Computer Science book series (LNISA,volume 12400)

Abstract

After GDPR enforcement in May 2018, the problem of implementing privacy by design and staying compliant with regulations has been more prominent than ever for businesses of all sizes, which is evident from frequent cases against companies and significant fines paid due to non-compliance. Consequently, numerous research works have been emerging in this area. Yet, to this moment, no publicly available model can offer a comprehensive representation of privacy policies written in natural language, that is machine readable, interoperable and suitable for automatic compliance checking. Meanwhile, regarding the use of personal data, privacy policies stay one of the main means of communication between a Controller and a Data Subject. In this paper, we propose a conceptual model for fine-grained representation of privacy policies. We reuse and adapt existing Semantic Web resources in the spirit of interoperability. We represent our model as an ODRL profile and enrich it with vocabularies for describing personal data processing in great detail, making it suitable for further usage in downstream applications, to support adoption and implementation of privacy by design.

Keywords

  • Privacy
  • ODRL
  • GDPR
  • Semantic Web

Supported and funded by the Walloon region, Belgium.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-62522-1_32
  • Chapter length: 10 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-62522-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)

Notes

  1. 1.

    https://iapp.org/resources/article/iapp-ey-annual-governance-report-2019/.

  2. 2.

    PrOnto [10] has been the main candidate from the start for its reasoning capabilities, however, the ontology is not publicly available and cannot be reused.

  3. 3.

    https://ai.wu.ac.at/policies/orcp/regulatory-model.html.

  4. 4.

    https://www.w3.org/ns/dpv.

  5. 5.

    https://www.w3.org/community/dpvcg/.

  6. 6.

    https://www.w3.org/ns/dpv-gdpr.

  7. 7.

    http://rune.research.euranova.eu/.

  8. 8.

    http://rune.research.euranova.eu/save.ttl.

  9. 9.

    http://rune.research.euranova.eu/demo/Policy.html.

  10. 10.

    https://www.w3.org/TR/shacl/.

References

  1. Agarwal, S., Steyskal, S., Antunovic, F., Kirrane, S.: Legislative compliance assessment: framework, model and GDPR instantiation. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 131–149. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02547-2_8

    CrossRef  Google Scholar 

  2. Caramujo, J., da Silva, A.M.R.: Analyzing privacy policies based on a privacy-aware profile: the Facebook and LinkedIn case studies. In: 2015 IEEE 17th Conference on Business Informatics. IEEE, July 2015. https://doi.org/10.1109/cbi.2015.44

  3. Caramujo, J., Rodrigues da Silva, A., Monfared, S., Ribeiro, A., Calado, P., Breaux, T.: RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies. Requir. Eng. 24(1), 1–26 (2018). https://doi.org/10.1007/s00766-018-0305-2

    CrossRef  Google Scholar 

  4. Coen-Porisini, A., Colombo, P., Sicari, S.: Privacy aware systems. In: Software Engineering for Secure Systems, pp. 232–259. IGI Global (2011). https://doi.org/10.4018/978-1-61520-837-1.ch009

  5. De Vos, M., Kirrane, S., Padget, J., Satoh, K.: ODRL policy modelling and compliance checking. In: Fodor, P., Montali, M., Calvanese, D., Roman, D. (eds.) RuleML+RR 2019. LNCS, vol. 11784, pp. 36–51. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31095-0_3

    CrossRef  Google Scholar 

  6. Joshi, K.P., Banerjee, A.: Automating privacy compliance using policy integrated blockchain. Cryptography 3(1), 7 (2019). https://doi.org/10.3390/cryptography3010007

    CrossRef  Google Scholar 

  7. Kirrane, S., Fernández, J.D., Bonatti, P.A., Milosevic, U., Polleres, A., Wenning, R.: The SPECIAL-K personal data processing transparency and compliance platform. CoRR abs/2001.09461 (2020). https://arxiv.org/abs/2001.09461

  8. Korba, L., Kenny, S.: Towards meeting the privacy challenge: adapting DRM. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 118–136. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-44993-5_8

    CrossRef  Google Scholar 

  9. Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018). https://doi.org/10.3233/sw-170283

    CrossRef  Google Scholar 

  10. Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: PrOnto: privacy ontology for legal reasoning. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2018. LNCS, vol. 11032, pp. 139–152. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98349-3_11

    CrossRef  Google Scholar 

  11. Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. In: Gangemi, A., et al. (eds.) ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93417-4_31

    CrossRef  Google Scholar 

  12. Pandit, H.J., Lewis, D.: Modelling provenance for GDPR compliance using linked open data vocabularies. In: Proceedings of the 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn2017) Co-located with 16th International Semantic Web Conference, ISWC 2017, Vienna, Austria, 22 October 2017. CEUR Workshop Proceedings, vol. 1951. CEUR-WS.org (2017). http://ceur-ws.org/Vol-1951/PrivOn2017_paper_6.pdf

  13. Pandit, H.J., O’Sullivan, D., Lewis, D.: An ontology design pattern for describing personal data in privacy policies. In: Proceedings of the 9th Workshop on Ontology Design and Patterns (WOP 2018) Co-located with 17th International Semantic Web Conference, ISWC 2018, Monterey, USA, 9th October 2018. CEUR Workshop Proceedings, vol. 2195, pp. 29–39. CEUR-WS.org (2018). http://ceur-ws.org/Vol-2195/pattern_paper_3.pdf

  14. Pandit, H.J., et al.: Creating a vocabulary for data privacy. In: Panetto, H., Debruyne, C., Hepp, M., Lewis, D., Ardagna, C.A., Meersman, R. (eds.) OTM 2019. LNCS, vol. 11877, pp. 714–730. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33246-4_44

    CrossRef  Google Scholar 

  15. Sabou, M., Fernandez, M.: Ontology (network) evaluation. In: Suárez-Figueroa, M.C., Gómez-Pérez, A., Motta, E., Gangemi, A. (eds.) Ontology Engineering in a Networked World, pp. 193–212. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-24794-1_9

    CrossRef  Google Scholar 

  16. Suárez-Figueroa, M.C., Gómez-Pérez, A., Fernández-López, M.: The NeOn methodology for ontology engineering. In: Suárez-Figueroa, M.C., Gómez-Pérez, A., Motta, E., Gangemi, A. (eds.) Ontology Engineering in a Networked World, pp. 9–34. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-24794-1_2

    CrossRef  Google Scholar 

  17. Tom, J., Sing, E., Matulevičius, R.: Conceptual representation of the GDPR: model and application directions. In: Zdravkovic, J., Grabis, J., Nurcan, S., Stirna, J. (eds.) BIR 2018. LNBIP, vol. 330, pp. 18–28. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99951-7_2

    CrossRef  Google Scholar 

  18. Torre, D., Soltana, G., Sabetzadeh, M., Briand, L.C., Auffinger, Y., Goes, P.: Using models to enable compliance checking against the GDPR: an experience report. In: 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS). IEEE, September 2019. https://doi.org/10.1109/models.2019.00-20

  19. W3C ODRL Community Group: ODRL information model 2.2 (2018). https://www.w3.org/TR/ odrl-model/

  20. Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). Association for Computational Linguistics (2016). https://doi.org/10.18653/v1/p16-1126

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Katsiaryna Krasnashchok .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Krasnashchok, K., Mustapha, M., Al Bassit, A., Skhiri, S. (2020). Towards Privacy Policy Conceptual Modeling. In: Dobbie, G., Frank, U., Kappel, G., Liddle, S.W., Mayr, H.C. (eds) Conceptual Modeling. ER 2020. Lecture Notes in Computer Science(), vol 12400. Springer, Cham. https://doi.org/10.1007/978-3-030-62522-1_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62522-1_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62521-4

  • Online ISBN: 978-3-030-62522-1

  • eBook Packages: Computer ScienceComputer Science (R0)