Scalable Policy-awarE Linked Data arChitecture for prIvacy, trAnsparency and compLiance H2020-ICT-2016-1 Big Data PPP: privacy-preserving Big Data technologies.

Slides:

Advertisements

Similar presentations

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Advertisements

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

Components and Architecture CS 543 – Data Warehousing.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality

Web Services (Part 1) Service-Oriented Architecture Overview ITEC 625 Web Development Fall 2006 Reference: Web Services and Service-Oriented Architectures.

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Future Learning Landscapes Yvan Peter – Université Lille 1 Serge Garlatti – Telecom Bretagne.

What’s MPEG-21 ? (a short summary of available papers by OCCAMM)

Technical Update 2008 Sandy Payette, Executive Director Eddie Shin, Senior Developer April 3, 2008 Open Repositories 2008, Fedora User Group.

Eurostat SDMX and Global Standardisation Marco Pellegrino Eurostat, Statistical Office of the European Union Bangkok,

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

Considerations on barriers to data sharing Elaine Collier, MD National Center for Research Resources National Institutes of Health.

The EU General Data Protection Regulation Frank Rankin.

Business Challenges in the evolution of HOME AUTOMATION (IoT)

1 CASE Computer Aided Software Engineering. 2 What is CASE ? A good workshop for any craftsperson has three primary characteristics 1.A collection of.

The Palantir Platform… …Changes in 2.3

GDPR 12 POINTS 679/2016 DATA LEX 2016.

Accountability & Structured Privacy Management

Axel Polleres, Vienna University of Economics and Business (WU Wien)

CIM Modeling for E&U - (Short Version)

Presentation to GTMC on GDPR

Middleware independent Information Service

Xiaogang Ma, John Erickson, Patrick West, Stephan Zednik, Peter Fox,

General Data Protection Regulations: what you really need to know

General Data Protection Regulation (GDPR

General Data Protection Regulation

Museums + Heritage webinar, 30 November 2017

GDPR Overview Gydeline – October 2017

Web Engineering.

General Finnish DMP Guidance

GDPR Overview Gydeline – October 2017

Three Reasons Why Land Solutions Should be Open and Interoperable

INTRODUCTION TO GDPR 19/09/2018.

Introducing GDPR: How the General Data Protection Regulation transforms the world Laura Mudd November 2016.

GENERAL DATA PROTECTION REGULATION (GDPR)

Axel Polleres Technical aspects vs. Innovation challenges of Enabling and Enhancing Privacy Axel Polleres

The Global Privacy Enforcement Network Why does it matter? The Global Privacy Enforcement Network was established in 2008 The Network.

Introduction to GDPR 09/11/2018.

The General Data Protection Regulation (GDPR)

Future Data Architectures Big Data Workshop – April 2018

Are you processing personal data lawfully?

Linked Data for SDG Reporting

PLUG-N-HARVEST ID: H2020-EU

Privacy: Standards and Vocabularies for Transparency & Interoperability Axel Polleres Joint work with: Piero Bonatti, Bert Bos, Stefan Decker, Javier D.

Promoting prosperity for all

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

GDPR How does it apply to me?.

Privacy and Transparency Interoperability, Standards and Vocabularies

Information technologies/NBIC and Big data

GDPR enforcement begins

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

Dashboard eHealth services: actual mockup

Importance of Law and Policies in the Environmental Management System

LOD reference architecture

Business Process Management

 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:

The General Data Protection Regulation: Are You Ready?

EPAL and Management of Privacy Obligations

On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.

Making Privacy Possible: Research on Organizational Privacy Technology

Dark Data Are we at risk?.

General Data Protection Regulation (GDPR)

A Research Data Catalogue supporting Blue Growth: the BlueBRIDGE case

DIME / ITDG Meeting Luxemburg, 14 Feb 2017

Towards a frictionless social security

Presentation transcript:

Scalable Policy-awarE Linked Data arChitecture for prIvacy, trAnsparency and compLiance H2020-ICT-2016-1 Big Data PPP: privacy-preserving Big Data technologies (ICT-18-2016) call

Technological problem - General Data Protection Regulation supporting consent and transparency Trilogue starts 6/24/2015 Draft of the regulation EU Council finalises the chapters Comes into force 7/22/2012 8/6/2015 5/15/2018 Revisions in the draft Discussions in the EU Council Trilogue agrees 3/12/2013 5/19/2014 12/17/2015 2013 2014 2015 2016 2017 2018 2012

Technological problem - General Data Protection Regulation supporting consent and transparency Trilogue starts 6/24/2015 Draft of the regulation EU Council finalises the chapters Comes into force 7/22/2012 8/6/2015 5/15/2018 Revisions in the draft Discussions in the EU Council Trilogue agrees 3/12/2013 5/19/2014 12/17/2015 2013 2014 2015 2016 2017 2018 Companies whose business models rely on personal data Data subjects who would like to declare, monitor and optionally revoke their (often not explicit) preferences on data sharing Regulators who can leverage technical means to check compliance with the GDPR 2012

Technological problem - General Data Protection Regulation supporting consent and transparency

Technological problem - General Data Protection Regulation supporting consent and transparency Policy management framework Gives users control of their personal data Represents access/usage policies and legislative requirements in a machine readable format Transparency and compliance framework Provides information on how data is processed and with whom it is shared Allows data subjects to take corrective action Scalable policy-aware Linked Data architecture Build on top of the Big Data Europe (BDE) platform scalability and elasticity mechanisms Extended BDE with robust policy, transparency and compliance protocols

Software components - Foundations Big Data Europe scalability and elasticity PrimeLife policy languages, access control policies, release policies and data handling policies

Software components - Foundations SPECIAL uses the Linked Data paradigm All data items are identified by globally unique identifiers (i.e. Internationalised Resource Identifiers (IRI’s)) By using HyperText Transfer Protocol (HTTP) IRI’s everything is potentially linkable

Software components - Semantification IRI’s allow SPECIAL to make semantic assertions (access/usage constraints) on the data items using Linked Data annotations Legacy systems can be integrated via transformation middleware

Software components - Policy Ingestion Record context information and access/usage constraints Handle a broad variety of sources and formats Take a privacy-by-design approach and allows for conscious decisions about data collection and data (re)use

Software components - Compression & Encryption When sharing data or query results information is securely stored and exchanged Enable efficient queryable encryption based on compressed RDF data

Software components - Sticky Policies Data sharing can be done along data value chains in a way that includes the policy information Gluing policy information to the payload data persistently, even across company borders, is called “sticky policies” Data protection constraints Other limitations and obligations

Software components - Policy-aware Querying Categorise and subdivide data through annotations into sensitivity categories/levels or based on fine-grained user-policies Policy aware aggregation and anonymisation techniques Recording of the sharing event in a manner that supports non- repudiation

Software components - User Control Interactive Dashboard Display highly relevant information to the user based on context Map what the users sees to their entire Linked Data graph Investigate how semantified data can cater for better informed consent Relieve the burden of policy management via Templates Support versioning, revocation, and forgetting functionality

Adversaries & Additional input Challenges Provide synthesised linked graph data (linked to existing open data sets) and challenge users to reconstruct those encrypted graphs Develop simulated synthesised policies and datasets and derive challenges to retrieve and re-construct unauthorised information from our system Workshops Discuss limitations and possible additional challenges Derive challenges that can not be tested automatically e.g. policies that cannot be enforced by automated means need to be protected by (legal) contracts Additional Input ICT-18-2016 and ICT-14-2016 projects Privacy & Us (Privacy & Usability) https://privacyus.eu/, Data markets Austria https://datamarket.at/, etc… W3C standardisation activities

Scalable Policy-awarE Linked Data arChitecture for prIvacy, trAnsparency and compLiance Technical/Scientific contact Sabrina Kirrane Vienna University of Economics and Business sabrina.kirrane@wu.ac.at Adminsitrative contact Philippe Rohou ERCIM W3C philippe.rohou@ercim.eu