Using Ontologies to Model Data Protection Requirements in Workflows

  • Cesare BartoliniEmail author
  • Robert Muthuri
  • Cristiana Santos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10091)


Data protection, currently under the limelight at the European level, is undergoing a long and complex reform that is finally approaching its completion. Consequently, there is an urgent need to customize semantic standards towards the prospective legal framework. The aim of this paper is to provide a bottom-up ontology describing the constituents of data protection domain and its relationships. Our contribution envisions a methodology to highlight the (new) duties of data controllers and foster the transition of IT-based systems, services, tools and businesses to comply with the new General Data Protection Regulation. This structure may serve as the foundation for the design of data protection compliant information systems.


Legal ontology Data protection General data protection regulation Compliance Business process BPMN 


  1. 1.
    BPMN 2.0 by example. Technical report. dtc/2010-06-02, Object Management Group, June 2010Google Scholar
  2. 2.
    Business process model and notation (BPMN). Technical report. formal/2011-01-03, Object Management Group, January 2011Google Scholar
  3. 3.
    Alhir, S.S.: Guide to Applying the UML. Springer Professional Computing, New York (2002)CrossRefzbMATHGoogle Scholar
  4. 4.
    Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., Ford, M., Goland, Y., Guízar, A., Kartha, N., Liu, C.K., Khalaf, R., König, D., Marin, M., Mehta, V., Thatte, S., van der Rijn, D., Yendluri, P., Yiu, A.: Web services business process execution language version 2.0. Technical report, OASIS, April 2007.
  5. 5.
    Antoniou, G., van Harmelen, F.: Web ontology language: OWL. In: Staab, S., Studer, R. (eds.) Handbook on Ontologies. International Handbooks on Information Systems, 2nd edn., pp. 67–92. Springer, Heidelberg (2004). Chapter 4Google Scholar
  6. 6.
    Bartolini, C., Gheorghe, G., Giurgiu, A., Sabetzadeh, M., Sannier, N.: Assessing IT security standards against the upcoming GDPR for cloud systems. In: Proceedings of the Grande Region Security and Reliability Day (GRSRD 2015), pp. 40–42, March 2015Google Scholar
  7. 7.
    Bartolini, C., Muthuri, R.: Reconciling data protection rights and obligations: an ontology of the forthcoming eu regulation. In: Proceedings of the Workshop on Language and Semantic Technology for Legal Domain (LST4LD), Recent Advances in Natural Language Processing (RANLP), September 2015Google Scholar
  8. 8.
    Breuker, J., Hoekstra, R.: Epistemology and ontology in core ontologies: FOLaw and LRI-Core, two core ontologies for law. In: Proceedings of the Workshop on Core Ontologies in Ontology Engineering (EKAW), October 2004Google Scholar
  9. 9.
    Cappelli, A., Lenzi, V.B., Sprugnoli, R., Biagioli, C.: Modelization of domain concepts extracted from the Italian privacy legislation. In: Proceedings of the 7th International Workshop on Computational Semantics (IWCS-7), January 2007Google Scholar
  10. 10.
    Casellas, N.: Legal Ontology Engineering Methodologies, Modelling Trends, and the Ontology of Professional Judicial Knowledge. Law, Governance and Technology Series, vol. 3. Springer, Netherlands (2011)Google Scholar
  11. 11.
    Casellas, N., Nieto, J.E., Roig, A., Meroño, A., Torralba, S., Reyes, M., Casanovas, P.: Ontological semantics for data privacy compliance: the Neurona project. In: Proceedings of the Intelligent Privacy Management Symposium, pp. 34–38, March 2010Google Scholar
  12. 12.
    Corcho, O., Fernández-López, M., Gómez-Pérez, A., López-Cima, A.: Building legal ontologies with METHONTOLOGY and WebODE. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. Lecture Notes in Computer Science, vol. 3369, pp. 142–157. Springer, Berlin Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Davenport, T.H., Short, J.E.: The new industrial engineering: information technology and business process redesign. Sloan Manag. Rev. 31(4), 11–27 (1990). SummerGoogle Scholar
  14. 14.
    Davis, R., Shrobe, H., Szolovits, P.: What is a knowledge representation? AI Mag. 14(1), 17–33 (1993). SpringGoogle Scholar
  15. 15.
    European Commission: A digital single market strategy for Europe, May 2015. 52015DC0192&from=EN
  16. 16.
    European Union Agency for Fundamental Rights: Handbook on European data protection law, April 2014Google Scholar
  17. 17.
    Fernández, M., Gómez-Pérez, A., Juristo, N.: METHONTOLOGY: from ontological art towards ontological engineering. In: Proceedings of the Ontological Engineering AAAI-1997 Spring Symposium Series, pp. 33–40, March 1997Google Scholar
  18. 18.
    Fernández López, M., Gómez-Pérez, A., Pazos Sierra, J., Pazos Sierra, A.: Building a chemical ontology using methontology and the ontology design environment. IEEE Intell. Syst. 14(1), 37–46 (1999)CrossRefGoogle Scholar
  19. 19.
    Friedenthal, S., Moore, A., Steiner, R.: A Practical Guide to SysML: The Systems Modeling Language, 3rd edn. Morgan Kaufmann, San Francisco (2014)Google Scholar
  20. 20.
    Gómez-Pérez, A., Fernández-López, M., Corcho, O.: Ontological Engineering: With Examples from the Areas of Knowledge Management, e-Commerce and the Semantic Web. Advanced Information and Knowledge Processing. Springer, London (2004)Google Scholar
  21. 21.
    Grūninger, M., Fox, M.S.: The role of competency questions in enterprise engineering. In: Rolstadås, A. (ed.) Benchmarking — Theory and Practice. IFIP, pp. 22–31. Springer, Boston, MA (1995). doi: 10.1007/978-0-387-34847-6_3 CrossRefGoogle Scholar
  22. 22.
    Hesse, W.: Ontologies in the software engineering process. In: Lenz, R., Hasenkamp, U., Hasselbring, W., Reichert, M. (eds.) Proceedings of the 2nd GI-Workshop on Enterprise Application Integration (EAI), pp. 3–15, June 2005Google Scholar
  23. 23.
    Hoekstra, R., Breuker, J., Di Bello, M., Boer, A.: LKIF core: principled ontology development for the legal domain. In: Breuker, J., Casanovas, P., Klein, M.C., Francesconi, E. (eds.) Law, Ontologies and the Semantic Web: Channelling the Legal Information Flood, Frontiers in Artificial Intelligence and Applications, vol. 188, pp. 21–52. IOS Press, January 2009Google Scholar
  24. 24.
    International Organization for Standardization: ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements, 2nd edn., October 2013Google Scholar
  25. 25.
    Jacobson, I., Booch, G., Rumbaugh, J.: The Unified Software Development Process. Addison-Wesley, Reading (1999)Google Scholar
  26. 26.
    Kost, M., Freytag, J.C., Kargl, F., Kung, A.: Privacy verification using ontologies. In: Proceedings of the Sixth International Conference on Availability, Reliability and Security (ARES), pp. 627–632, August 2011Google Scholar
  27. 27.
    Massacci, F., Prest, M., Zannone, N.: Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Technical report. University of Trento, November 2003Google Scholar
  28. 28.
    Mikkonen, T.: Perceptions of controllers on EU data protection reform: a finnish perspective. Comput. Law Secur. Rev. 30(2), 190–195 (2014)CrossRefGoogle Scholar
  29. 29.
    Mitre, H.A., González-Tablas, A.I., Ramos, B., Ribagorda, A.: A legal ontology to support privacy preservation in location-based services. In: Meersman, R., Tari, Z., Herrero, P. (eds.) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. LNCS, vol. 4278, pp. 1755–1764. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    Noy, N.F., Sintek, M., Decker, S., Crubézy, M., Fergerson, R.W., Musen, M.A.: Creating semantic web contents with Protégé-2000. IEEE Intell. Syst. 16(2), 60–71 (2001)CrossRefGoogle Scholar
  31. 31.
    Paulheim, H., Probst, F.: Ontology-enhanced user interfaces: a survey. Int. J. Semant. Web Inf. Syst. 6(2), 36–59 (2010)CrossRefGoogle Scholar
  32. 32.
    Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall, Upper Saddle River (2006)zbMATHGoogle Scholar
  33. 33.
    Rahmouni, H.B., Solomonides, T., Casassa Mont, M., Shiu, S.: Privacy compliance and enforcement on European healthgrids: an approach through ontology. Phil. Trans. R. Soc. A 368(1926), 4057–4072 (2010)CrossRefGoogle Scholar
  34. 34.
    Rebstock, M., Fengel, J., Paulheim, H.: Ontologies-Based Business Integration. Business Information Systems. Springer, Heidelberg (2008)Google Scholar
  35. 35.
    Recker, J.C., Mendling, J.: On the translation between BPMN and BPEL: conceptual mismatch between process modeling languages. In: Latour, T., Petit, M. (eds.) The 18th International Conference on Advanced Information Systems Engineering. Proceedings of Workshops and Doctoral Consortium, pp. 521–532. Namur University Press, June 2006Google Scholar
  36. 36.
    Reding, V.: The upcoming data protection reform for the European Union. Int. Data Priv. Law 1(1), 3–5 (2011). CrossRefGoogle Scholar
  37. 37.
    Reijers, H.A.: Design and Control of Workflow Processes: Business Process Management for the Service Industry. Lecture Notes in Computer Science, vol. 2617. Springer, Heidelberg (2003)zbMATHGoogle Scholar
  38. 38.
    Suárez-Figueroa, M.C., Gómez-Pérez, A., Villazón-Terrazas, B.: How to write and use the ontology requirements specification document. In: Meersman, R., Dillon, T., Herrero, P. (eds.) On the Move to Meaningful Internet Systems: OTM 2009. Lecture Notes in Computer Science, vol. 5871, pp. 966–982. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  39. 39.
    Suárez-Figueroa, M.C., Gómez-Pérez, A., Motta, E., Gangemi, A. (eds.): Ontology Engineering in a Networked World. Springer, Heidelberg (2012)Google Scholar
  40. 40.
    Uschold, M., Gruninger, M.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11(2), 93–136 (1996)CrossRefGoogle Scholar
  41. 41.
    Van Alsenoy, B., Ballet, J., Kuczerawy, A., Dumortier, J.: Social networks and web 2.0: are users also bound by data protection regulations? Identity Inf. Soc. 2(1), 65–79 (2009)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Cesare Bartolini
    • 1
    Email author
  • Robert Muthuri
    • 2
  • Cristiana Santos
    • 3
  1. 1.University of LuxembourgLuxembourgLuxembourg
  2. 2.University of TurinTurinItaly
  3. 3.Institute of Law and TechnologyUniversity of Barcelona (IDT-UAB)BarcelonaSpain

Personalised recommendations