Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Compliance through Informed Consent:
Semantic Based Consent Permission and Data Management Model
Kaniz Fatema, Ensar Hadzi...
www.adaptcentre.ieEU’s General Data Protection Regulation
Data Protection Directive 95/46/EC needed
reform to be fit for
...
www.adaptcentre.ieKey GDPR Provisions
International reach: data about any
EU citizen
Fines upto €20M or 4% of global
turno...
www.adaptcentre.ieData Subject RIghts
Right to:
Information “concise, transparent,
intelligible and easily accessible”
Mak...
www.adaptcentre.ie
Data Controller
GDPR Roles and Processes
Compliance
SharingProcessing
Monitor & Control
dataset
workf
l...
www.adaptcentre.ie
Data Controller
GDPR Roles and Open Data
Compliance
SharingProcessing
Monitor & Control
dataset
workf
l...
www.adaptcentre.ieRequirements for Consent
To be considered as a valid one
the consent should be:
 Freely given
 Specifi...
www.adaptcentre.ie
Phase 1
Collection
Phase 2
Storage Process
Phase 3 Phase 4
Modification
Phase 5
Revocation
Phase 6
Arch...
www.adaptcentre.ie
Annotate
Consent
Generate
Consent
Instance
Generate
XACML
Permission
Y Check
Consent
Permissi
on
Y
N
Us...
www.adaptcentre.ieConsent Ontology
https://openscience.adaptcentre.ie/projects/CDMM/
www.adaptcentre.ieAnnotation of consent with elements of ontology in RDFa
I agree that my data will be used for scientific...
www.adaptcentre.ie
RDF representation of the annotated XHTML
www.adaptcentre.ieXACML Permission Rule generated using XPARQL
www.adaptcentre.ieConclusions and Further Work
• GDPR implies a full lifecycle management of consent
that encloses the lif...
www.adaptcentre.ie
Work with the ADAPT Centre!
2 Year MSCA Postdoc Fellowships Incoming to Ireland
For info: edge@tcd.ie
Upcoming SlideShare
Loading in …5
×

Compliance through Informed Consent: Semantic Based Consent Permission and Data Management Model

20 views

Published on

Workshop Paper
Kaniz Fatema, Ensar Hadziselimovic, Harshvardhan J. Pandit, Dave Lewis
Society, Privacy and the Semantic Web - Policy and Technology (PrivOn), co-located with ISWC 2017
GDPR Consent Ontology

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Compliance through Informed Consent: Semantic Based Consent Permission and Data Management Model

  1. 1. Compliance through Informed Consent: Semantic Based Consent Permission and Data Management Model Kaniz Fatema, Ensar Hadziselimovic, Harshvardhan Pandit, Christophe Debruyne, Dave Lewis, Declan O’Sullivan ADAPT Centre, Trinity College Dublin The ADAPT Centre is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.
  2. 2. www.adaptcentre.ieEU’s General Data Protection Regulation Data Protection Directive 95/46/EC needed reform to be fit for technological developments like social networks and cloud computing globalisation. EU has replaces DPD with General Data Protection Regulation (GDPR) GDPR will have immediate effect on all 28 EU Member States on 25 May 2018. Data Protection Directive 95/46/EC
  3. 3. www.adaptcentre.ieKey GDPR Provisions International reach: data about any EU citizen Fines upto €20M or 4% of global turnover Must Demonstrate compliance Processing lawful only through Informed Consent
  4. 4. www.adaptcentre.ieData Subject RIghts Right to: Information “concise, transparent, intelligible and easily accessible” Make a subject access request Rectification Erasure Data portability Restrict access Object to processing Be inform who receives data
  5. 5. www.adaptcentre.ie Data Controller GDPR Roles and Processes Compliance SharingProcessing Monitor & Control dataset workf lowworkf lowworkf low Third Party Data Controller data rights Data Subject rights data Supervisory Authority complaints
  6. 6. www.adaptcentre.ie Data Controller GDPR Roles and Open Data Compliance SharingProcessing Monitor & Control dataset workf lowworkf lowworkf low Third Party Data Controller data rights Data Subject rights data Supervisory Authority complaints Major New Open Data Business Cases
  7. 7. www.adaptcentre.ieRequirements for Consent To be considered as a valid one the consent should be:  Freely given  Specific  Informed  Unambiguous  Parental permission  If purpose or recipients change new consent must be sought
  8. 8. www.adaptcentre.ie Phase 1 Collection Phase 2 Storage Process Phase 3 Phase 4 Modification Phase 5 Revocation Phase 6 Archive Phase 7 Destruction Consent Lifecycle Phase 1 Generation Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Archive Phase 7 Data Lifecycle Transfer Use Share Storage Destruction Data vs. Consent Lifecycle
  9. 9. www.adaptcentre.ie Annotate Consent Generate Consent Instance Generate XACML Permission Y Check Consent Permissi on Y N User Interac- tion Archive consent and processing proveance metadata Archive Share Delete Store Use Need to contact user? N Consent Manager Collect Consent Validity Consent Permission Consent/data expired Context Management Data Management Consent Obligation Need to contact user? Contact user Provenance Manager Process provider initiated change of context Environmental change of context Right enforcement initiated change of context All Subject Data Destroyed? N Y
  10. 10. www.adaptcentre.ieConsent Ontology https://openscience.adaptcentre.ie/projects/CDMM/
  11. 11. www.adaptcentre.ieAnnotation of consent with elements of ontology in RDFa I agree that my data will be used for scientific purposes
  12. 12. www.adaptcentre.ie RDF representation of the annotated XHTML
  13. 13. www.adaptcentre.ieXACML Permission Rule generated using XPARQL
  14. 14. www.adaptcentre.ieConclusions and Further Work • GDPR implies a full lifecycle management of consent that encloses the lifecycle management of personal data • Open Data Formats give us the tools to handle Consent as a first class object in Data Protection Management • Explored the generation of XACML permissions from human readable consent via RDF instance • Future Work: • Assessing generation of access control rules against consent forms and privacy policies • Integration with PROV for compliance tracking • Integration with ODRL for third party compliance agreements
  15. 15. www.adaptcentre.ie Work with the ADAPT Centre! 2 Year MSCA Postdoc Fellowships Incoming to Ireland For info: edge@tcd.ie

×