Skip to main content
SpringerLink
Log in

Policy-Based Automated Compliance Checking

  • Conference paper
  • First Online:
Rules and Reasoning (RuleML+RR 2021)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12851))

Included in the following conference series:

Abstract

Under the GDPR requirements and privacy-by-design guidelines, access control for personal data should not be limited to a simple role-based scenario. For the processing to be compliant, additional attributes, such as the purpose of processing or legal basis, should be verified against an established data processing agreement or policy. In this paper, we propose an automated policy-based compliance checking model and implement it using SHACL. We provide the preliminary performance evaluation results and offer optimizations. We also define the procedure for handling conflicts in policies, resulting from the natural language description of the compliance rules. Our method combines a data model with compliance checking within the Semantic Web framework, generating what we call an operational model and promoting interoperability.

Supported and funded by the Walloon region, Belgium. ASGARD project, convention number 8175.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.w3.org/TR/shacl-af/.

  2. 2.

    https://www.specialprivacy.eu/publications/scientific-publications.

  3. 3.

    https://cordis.europa.eu/project/id/612052.

  4. 4.

    https://www.mirelproject.eu/.

  5. 5.

    https://www.fnr.lu/projects/data-protection-regulation-compliance/.

  6. 6.

    http://www.bpr4gdpr.eu/.

  7. 7.

    Obligations and related technical/organisational measures are also captured in SAVE, but, at this phase, not considered for compliance checking.

  8. 8.

    The full SAVE model: http://rune.research.euranova.eu#resulting-model.

  9. 9.

    http://rune.research.euranova.eu/demo/Policy.html.

  10. 10.

    Archived version of the IMDB policy can be found here.

  11. 11.

    The source code: https://github.com/euranova/shacl-compliance. A light demo: https://rune-278710.ew.r.appspot.com/save/compliance.

  12. 12.

    https://github.com/TopQuadrant/shacl; https://jena.apache.org/.

References

  1. Agarwal, S., Steyskal, S., Antunovic, F., Kirrane, S.: Legislative compliance assessment: framework, model and GDPR instantiation. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 131–149. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02547-2_8

    Chapter  Google Scholar 

  2. Athan, T., Governatori, G., Palmirani, M., Paschke, A., Wyner, A.: LegalRuleML: design principles and foundations. In: Faber, W., Paschke, A. (eds.) Reasoning Web 2015. LNCS, vol. 9203, pp. 151–188. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21768-0_6

    Chapter  Google Scholar 

  3. Bartolini, C., Calabró, A., Marchetti, E.: Enhancing business process modelling with data protection compliance: an ontology-based proposal. In: ICISSP, pp. 421–428 (2019). https://doi.org/10.5220/0007392304210428

  4. Bartolini, C., Lenzini, G., Santos, C.: An agile approach to validate a formal representation of the GDPR. In: Kojima, K., Sakamoto, M., Mineshima, K., Satoh, K. (eds.) JSAI-isAI 2018. LNCS (LNAI), vol. 11717, pp. 160–176. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31605-1_13

    Chapter  Google Scholar 

  5. Bonatti, P.A., Ioffredo, L., Petrova, I.M., Sauro, L., Siahaan, I.R.: Real-time reasoning in OWL2 for GDPR compliance. Artif. Intell. 103389 (2020). https://doi.org/10.1016/j.artint.2020.103389

  6. Bonatti, P.A., Petrova, I.M., Sauro, L.: A richer policy language for GDPR compliance. In: Simkus, M., Weddell, G.E. (eds.) Proceedings of the 32nd International Workshop on Description Logics, Oslo, Norway, 18–21 June 2019. CEUR Workshop Proceedings, vol. 2373. CEUR-WS.org (2019). http://ceur-ws.org/Vol-2373/paper-5.pdf

  7. De Vos, M., Kirrane, S., Padget, J., Satoh, K.: ODRL policy modelling and compliance checking. In: Fodor, P., Montali, M., Calvanese, D., Roman, D. (eds.) RuleML+RR 2019. LNCS, vol. 11784, pp. 36–51. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31095-0_3

    Chapter  Google Scholar 

  8. Di Ciccio, C., Ekaputra, F.J., Cecconi, A., Ekelhart, A., Kiesling, E.: Finding non-compliances with declarative process constraints through semantic technologies. In: Information Systems Engineering in Responsible Information Systems, pp. 60–74 (2019). https://doi.org/10.1007/978-3-030-21297-1_6

  9. Hamdani, R.E., Mustapha, M., Amariles, D.R., Troussel, A., Meeùs, S., Krasnashchok, K.: A combined rule-based and machine learning approach for automated GDPR compliance checking. In: Proceedings of the Eighteenth International Conference on Artificial Intelligence and Law, pp. 40–49. ICAIL 2021, Association for Computing Machinery, New York, NY, USA (2021). https://doi.org/10.1145/3462757.3466081

  10. Joslyn, C.: Poset ontologies and concept lattices as semantic hierarchies. In: Wolff, K.E., Pfeiffer, H.D., Delugach, H.S. (eds.) ICCS-ConceptStruct 2004. LNCS (LNAI), vol. 3127, pp. 287–302. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27769-9_19

    Chapter  Google Scholar 

  11. Kirrane, S., et al.: A scalable consent, transparency and compliance architecture. In: Gangemi, A. (ed.) ESWC 2018. LNCS, vol. 11155, pp. 131–136. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98192-5_25

    Chapter  Google Scholar 

  12. Krasnashchok, K., Mustapha, M., Al Bassit, A., Skhiri, S.: Towards privacy policy conceptual modeling. In: Dobbie, G., Frank, U., Kappel, G., Liddle, S.W., Mayr, H.C. (eds.) ER 2020. LNCS, vol. 12400, pp. 429–438. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62522-1_32

    Chapter  Google Scholar 

  13. Lam, H.P., Hashmi, M.: Enabling reasoning with LegalRuleML. Theory Pract. Log. Program. 19(1), 1–26 (2019). https://doi.org/10.1017/S1471068418000339

    Article  MathSciNet  MATH  Google Scholar 

  14. Lehmann, J., et al.: Distributed semantic analytics using the SANSA stack. In: d’Amato, C. (ed.) ISWC 2017. LNCS, vol. 10588, pp. 147–155. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68204-4_15

    Chapter  Google Scholar 

  15. Lioudakis, G.V., et al.: Facilitating GDPR compliance: the H2020 BPR4GDPR approach. In: Pappas, I.O., Mikalef, P., Dwivedi, Y.K., Jaccheri, L., Krogstie, J., Mäntymäki, M. (eds.) I3E 2019. IAICT, vol. 573, pp. 72–78. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-39634-3_7

    Chapter  Google Scholar 

  16. Nadal, S., Rabbani, K., Romero, O., Tadesse, S.: ODIN: a dataspace management system. In: Suárez-Figueroa, M.C., Cheng, G., Gentile, A.L., Guéret, C., Keet, C.M., Bernstein, A. (eds.) Proceedings of the ISWC 2019 Satellite Tracks (Posters & Demonstrations, Industry, and Outrageous Ideas) co-located with 18th International Semantic Web Conference (ISWC 2019), Auckland, New Zealand, 26–30 October 2019. CEUR Workshop Proceedings, vol. 2456, pp. 185–188. CEUR-WS.org (2019). http://ceur-ws.org/Vol-2456/paper48.pdf

  17. Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: Pronto: Privacy ontology for legal reasoning. In: Ko, A., Francesconi, E. (eds.) Electronic Government and the Information Systems Perspective - 7th International Conference, EGOVIS 2018, Regensburg, Germany, September 3–5, 2018, Proceedings. Lecture Notes in Computer Science, vol. 11032, pp. 139–152. Springer (2018). https://doi.org/10.1007/978-3-319-98349-3_11

  18. Robaldo, L.: Towards compliance checking in reified I/O logic via SHACL. In: Proceedings of the Eighteenth International Conference on Artificial Intelligence and Law, pp. 215–219. ICAIL 2021, Association for Computing Machinery, New York, NY, USA (2021). https://doi.org/10.1145/3462757.3466065

  19. Sion, L., Dewitte, P., Van Landuyt, D., Wuyts, K., Valcke, P., Joosen, W.: DPMF: a modeling framework for data protection by design. Enterp. Modell. Inf. Syst. Archit. (EMISAJ) 15, 10–1 (2020). https://doi.org/10.18417/emisa.15.10

  20. Westphal, P., Fernández, J.D., Kirrane, S., Lehmann, J.: SPIRIT: a semantic transparency and compliance stack. In: Khalili, A., Koutraki, M. (eds.) Proceedings of the Posters and Demos Track of the 14th International Conference on Semantic Systems co-located with the 14th International Conference on Semantic Systems (SEMANTiCS 2018), Vienna, Austria, 10–13 September 2018. CEUR Workshop Proceedings, vol. 2198. CEUR-WS.org (2018). http://ceur-ws.org/Vol-2198/paper_119.pdf

Download references

Author information

Authors and Affiliations

  1. EURA NOVA, 1435, Mont-Saint-Guibert, Belgium

    Anas Al Bassit, Katsiaryna Krasnashchok, Sabri Skhiri & Majd Mustapha

Authors
  1. Anas Al Bassit
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Katsiaryna Krasnashchok
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sabri Skhiri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Majd Mustapha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Katsiaryna Krasnashchok .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, UK

    Sotiris Moschoyiannis

  2. University of Milano-Bicocca, Milano, Italy

    Rafael Peñaloza

  3. KU Leuven, Leuven, Belgium

    Jan Vanthienen

  4. OsloMet – Oslo Metropolitan University, Oslo, Norway

    Ahmet Soylu

  5. SINTEF/University of Oslo, Oslo, Norway

    Dumitru Roman

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Al Bassit, A., Krasnashchok, K., Skhiri, S., Mustapha, M. (2021). Policy-Based Automated Compliance Checking. In: Moschoyiannis, S., Peñaloza, R., Vanthienen, J., Soylu, A., Roman, D. (eds) Rules and Reasoning. RuleML+RR 2021. Lecture Notes in Computer Science(), vol 12851. Springer, Cham. https://doi.org/10.1007/978-3-030-91167-6_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-91167-6_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91166-9

  • Online ISBN: 978-3-030-91167-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation