Using Ontologies to Model Data Protection Requirements in Workflows
Conference paper
First Online:
- 7 Citations
- 1.2k Downloads
Abstract
Data protection, currently under the limelight at the European level, is undergoing a long and complex reform that is finally approaching its completion. Consequently, there is an urgent need to customize semantic standards towards the prospective legal framework. The aim of this paper is to provide a bottom-up ontology describing the constituents of data protection domain and its relationships. Our contribution envisions a methodology to highlight the (new) duties of data controllers and foster the transition of IT-based systems, services, tools and businesses to comply with the new General Data Protection Regulation. This structure may serve as the foundation for the design of data protection compliant information systems.
Keywords
Legal ontology Data protection General data protection regulation Compliance Business process BPMNReferences
- 1.BPMN 2.0 by example. Technical report. dtc/2010-06-02, Object Management Group, June 2010Google Scholar
- 2.Business process model and notation (BPMN). Technical report. formal/2011-01-03, Object Management Group, January 2011Google Scholar
- 3.Alhir, S.S.: Guide to Applying the UML. Springer Professional Computing, New York (2002)CrossRefzbMATHGoogle Scholar
- 4.Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., Ford, M., Goland, Y., Guízar, A., Kartha, N., Liu, C.K., Khalaf, R., König, D., Marin, M., Mehta, V., Thatte, S., van der Rijn, D., Yendluri, P., Yiu, A.: Web services business process execution language version 2.0. Technical report, OASIS, April 2007. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html
- 5.Antoniou, G., van Harmelen, F.: Web ontology language: OWL. In: Staab, S., Studer, R. (eds.) Handbook on Ontologies. International Handbooks on Information Systems, 2nd edn., pp. 67–92. Springer, Heidelberg (2004). Chapter 4Google Scholar
- 6.Bartolini, C., Gheorghe, G., Giurgiu, A., Sabetzadeh, M., Sannier, N.: Assessing IT security standards against the upcoming GDPR for cloud systems. In: Proceedings of the Grande Region Security and Reliability Day (GRSRD 2015), pp. 40–42, March 2015Google Scholar
- 7.Bartolini, C., Muthuri, R.: Reconciling data protection rights and obligations: an ontology of the forthcoming eu regulation. In: Proceedings of the Workshop on Language and Semantic Technology for Legal Domain (LST4LD), Recent Advances in Natural Language Processing (RANLP), September 2015Google Scholar
- 8.Breuker, J., Hoekstra, R.: Epistemology and ontology in core ontologies: FOLaw and LRI-Core, two core ontologies for law. In: Proceedings of the Workshop on Core Ontologies in Ontology Engineering (EKAW), October 2004Google Scholar
- 9.Cappelli, A., Lenzi, V.B., Sprugnoli, R., Biagioli, C.: Modelization of domain concepts extracted from the Italian privacy legislation. In: Proceedings of the 7th International Workshop on Computational Semantics (IWCS-7), January 2007Google Scholar
- 10.Casellas, N.: Legal Ontology Engineering Methodologies, Modelling Trends, and the Ontology of Professional Judicial Knowledge. Law, Governance and Technology Series, vol. 3. Springer, Netherlands (2011)Google Scholar
- 11.Casellas, N., Nieto, J.E., Roig, A., Meroño, A., Torralba, S., Reyes, M., Casanovas, P.: Ontological semantics for data privacy compliance: the Neurona project. In: Proceedings of the Intelligent Privacy Management Symposium, pp. 34–38, March 2010Google Scholar
- 12.Corcho, O., Fernández-López, M., Gómez-Pérez, A., López-Cima, A.: Building legal ontologies with METHONTOLOGY and WebODE. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. Lecture Notes in Computer Science, vol. 3369, pp. 142–157. Springer, Berlin Heidelberg (2005)CrossRefGoogle Scholar
- 13.Davenport, T.H., Short, J.E.: The new industrial engineering: information technology and business process redesign. Sloan Manag. Rev. 31(4), 11–27 (1990). SummerGoogle Scholar
- 14.Davis, R., Shrobe, H., Szolovits, P.: What is a knowledge representation? AI Mag. 14(1), 17–33 (1993). SpringGoogle Scholar
- 15.European Commission: A digital single market strategy for Europe, May 2015. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX: 52015DC0192&from=EN
- 16.European Union Agency for Fundamental Rights: Handbook on European data protection law, April 2014Google Scholar
- 17.Fernández, M., Gómez-Pérez, A., Juristo, N.: METHONTOLOGY: from ontological art towards ontological engineering. In: Proceedings of the Ontological Engineering AAAI-1997 Spring Symposium Series, pp. 33–40, March 1997Google Scholar
- 18.Fernández López, M., Gómez-Pérez, A., Pazos Sierra, J., Pazos Sierra, A.: Building a chemical ontology using methontology and the ontology design environment. IEEE Intell. Syst. 14(1), 37–46 (1999)CrossRefGoogle Scholar
- 19.Friedenthal, S., Moore, A., Steiner, R.: A Practical Guide to SysML: The Systems Modeling Language, 3rd edn. Morgan Kaufmann, San Francisco (2014)Google Scholar
- 20.Gómez-Pérez, A., Fernández-López, M., Corcho, O.: Ontological Engineering: With Examples from the Areas of Knowledge Management, e-Commerce and the Semantic Web. Advanced Information and Knowledge Processing. Springer, London (2004)Google Scholar
- 21.Grūninger, M., Fox, M.S.: The role of competency questions in enterprise engineering. In: Rolstadås, A. (ed.) Benchmarking — Theory and Practice. IFIP, pp. 22–31. Springer, Boston, MA (1995). doi: 10.1007/978-0-387-34847-6_3 CrossRefGoogle Scholar
- 22.Hesse, W.: Ontologies in the software engineering process. In: Lenz, R., Hasenkamp, U., Hasselbring, W., Reichert, M. (eds.) Proceedings of the 2nd GI-Workshop on Enterprise Application Integration (EAI), pp. 3–15, June 2005Google Scholar
- 23.Hoekstra, R., Breuker, J., Di Bello, M., Boer, A.: LKIF core: principled ontology development for the legal domain. In: Breuker, J., Casanovas, P., Klein, M.C., Francesconi, E. (eds.) Law, Ontologies and the Semantic Web: Channelling the Legal Information Flood, Frontiers in Artificial Intelligence and Applications, vol. 188, pp. 21–52. IOS Press, January 2009Google Scholar
- 24.International Organization for Standardization: ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements, 2nd edn., October 2013Google Scholar
- 25.Jacobson, I., Booch, G., Rumbaugh, J.: The Unified Software Development Process. Addison-Wesley, Reading (1999)Google Scholar
- 26.Kost, M., Freytag, J.C., Kargl, F., Kung, A.: Privacy verification using ontologies. In: Proceedings of the Sixth International Conference on Availability, Reliability and Security (ARES), pp. 627–632, August 2011Google Scholar
- 27.Massacci, F., Prest, M., Zannone, N.: Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Technical report. University of Trento, November 2003Google Scholar
- 28.Mikkonen, T.: Perceptions of controllers on EU data protection reform: a finnish perspective. Comput. Law Secur. Rev. 30(2), 190–195 (2014)CrossRefGoogle Scholar
- 29.Mitre, H.A., González-Tablas, A.I., Ramos, B., Ribagorda, A.: A legal ontology to support privacy preservation in location-based services. In: Meersman, R., Tari, Z., Herrero, P. (eds.) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. LNCS, vol. 4278, pp. 1755–1764. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 30.Noy, N.F., Sintek, M., Decker, S., Crubézy, M., Fergerson, R.W., Musen, M.A.: Creating semantic web contents with Protégé-2000. IEEE Intell. Syst. 16(2), 60–71 (2001)CrossRefGoogle Scholar
- 31.Paulheim, H., Probst, F.: Ontology-enhanced user interfaces: a survey. Int. J. Semant. Web Inf. Syst. 6(2), 36–59 (2010)CrossRefGoogle Scholar
- 32.Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall, Upper Saddle River (2006)zbMATHGoogle Scholar
- 33.Rahmouni, H.B., Solomonides, T., Casassa Mont, M., Shiu, S.: Privacy compliance and enforcement on European healthgrids: an approach through ontology. Phil. Trans. R. Soc. A 368(1926), 4057–4072 (2010)CrossRefGoogle Scholar
- 34.Rebstock, M., Fengel, J., Paulheim, H.: Ontologies-Based Business Integration. Business Information Systems. Springer, Heidelberg (2008)Google Scholar
- 35.Recker, J.C., Mendling, J.: On the translation between BPMN and BPEL: conceptual mismatch between process modeling languages. In: Latour, T., Petit, M. (eds.) The 18th International Conference on Advanced Information Systems Engineering. Proceedings of Workshops and Doctoral Consortium, pp. 521–532. Namur University Press, June 2006Google Scholar
- 36.Reding, V.: The upcoming data protection reform for the European Union. Int. Data Priv. Law 1(1), 3–5 (2011). https://academic.oup.com/idpl/article/1/1/3/759666/The-upcoming-data-protection-reform-for-the CrossRefGoogle Scholar
- 37.Reijers, H.A.: Design and Control of Workflow Processes: Business Process Management for the Service Industry. Lecture Notes in Computer Science, vol. 2617. Springer, Heidelberg (2003)zbMATHGoogle Scholar
- 38.Suárez-Figueroa, M.C., Gómez-Pérez, A., Villazón-Terrazas, B.: How to write and use the ontology requirements specification document. In: Meersman, R., Dillon, T., Herrero, P. (eds.) On the Move to Meaningful Internet Systems: OTM 2009. Lecture Notes in Computer Science, vol. 5871, pp. 966–982. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 39.Suárez-Figueroa, M.C., Gómez-Pérez, A., Motta, E., Gangemi, A. (eds.): Ontology Engineering in a Networked World. Springer, Heidelberg (2012)Google Scholar
- 40.Uschold, M., Gruninger, M.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11(2), 93–136 (1996)CrossRefGoogle Scholar
- 41.Van Alsenoy, B., Ballet, J., Kuczerawy, A., Dumortier, J.: Social networks and web 2.0: are users also bound by data protection regulations? Identity Inf. Soc. 2(1), 65–79 (2009)CrossRefGoogle Scholar
Copyright information
© Springer International Publishing AG 2017