Privacy and Transparency Interoperability, Standards and Vocabularies

Slides:



Advertisements
Similar presentations
COBIT® 5 for Assurance Introduction
Advertisements

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
1 Module 4: Designing Performance Indicators for Environmental Compliance and Enforcement Programs.
Roles and Responsibilities
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June © 2003 IBM Corporation Shortcomings.
The Missing Link: Technical Standards and Solutions The EU iGaming Debate: An update Why standards are important to operators.
The development of the market infrastructure for payment and securities handling Ramzi Hamadeh Group 2 Frankfurt am Main,
PMRM Revision Discussion Slides Illustrations/Figures 1-3 o Model, Methodology, “Scope” options Functions, Mechanisms and “Solutions” Accountability and.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
CIS-2005 : Xi’an - China 1 A New Conceptual Framework within Information Privacy: Meta Privacy Mr. Geoff Skinner Dr Song Han Prof. Elizabeth Chang Curtin.
& UETAESIGN COMPLIANCE. CHANGING LANDSCAPE As contract management transitions into a paperless world, documents must remain compliant with government.
Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.
Profile & Privacy Management Dashboard
Data Protection Regulation
Claims Leakage Control
Accountability & Structured Privacy Management
BLOCKCHAIN APPLICATION IN CORE BANKING
Axel Polleres, Vienna University of Economics and Business (WU Wien)
COBIT® 5 for Assurance Introduction
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Training Course on Integrated Management System for Regulatory Body
Microsoft 365 Get help with regulatory compliance
Towards connecting geospatial information and statistical standards in statistical production: two cases from Statistics Finland Workshop on Integrating.
GDPR Awareness and Training Workshop
Service Organization Control (SOC)
Nina Barakzai November 2017
Making Information Security Manageable with GRC
Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.
Data Protection Reform in Local Government
Axel Polleres Technical aspects vs. Innovation challenges of Enabling and Enhancing Privacy Axel Polleres
6 Principles of the GDPR and SQL Provision
Scalable Policy-awarE Linked Data arChitecture for prIvacy, trAnsparency and compLiance H2020-ICT Big Data PPP: privacy-preserving Big Data technologies.
Work-force planning involves two major activities
Chair of Tech Committee, BetterGrids.org
Making Information Security Actionable with GRC
Are you processing personal data lawfully?
Software for ambitious enterprises
G.D.P.R General Data Protection Regulations
16 May 2018 Briefing to the Portfolio Committee of the Department of Sport and Recreation portfolio on the review of the draft APP.
The GDPR & Schools - An Introduction -
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Privacy: Standards and Vocabularies for Transparency & Interoperability Axel Polleres Joint work with: Piero Bonatti, Bert Bos, Stefan Decker, Javier D.
General Data Protection Regulation
GDPR (General Data Protection Regulation)
INSPIRE fitness for purpose – Analysis
Workshop: Information Infrastructuring for Disaster Risk Management
COBIT® 5 for Assurance Introduction
Welcome!.
COBIT® 5 for Assurance Introduction
IS4680 Security Auditing for Compliance
The General Data Protection Regulation: Are You Ready?
Employee engagement Delivery guide
Axel Polleres EXPloring opportunities and challenges for Emerging personal DaTa Ecosystems: Empowering humans in the age of the GDPR - A Roadmap for Austria.
GDPR Dashboard General Data Protection Regulation 06/02/2018
GDPR PERSONDATAFORORDNINGEN I PRAKSIS
Bird of Feather Session
COBIT® 5 for Assurance Introduction
Beyond the e-Government
General Data Protection Regulation “11 months in”
GDPR Dashboard General Data Protection Regulation 06/02/2018
Data Privacy by Design Expanding Security for bepress Users
The future of financial infrastructure An ambitious look at how blockchain can reshape financial services An Industry Project of the Financial Services.
Stakeholder Engagement
The Platform for Privacy Preferences Project
Data Architecture project
Presentation transcript:

Privacy and Transparency Interoperability, Standards and Vocabularies Axel Polleres Ben Whittam Smith

1 year ago…

Use Cases for Transparency and Interoperability: Companies: Ensuring Regulatory Compliance for Companies Regulators: Checking and enforcing GDPR Data Subjects: Personal Data Markets: from “Data Collection” to “Data Donations” Different roles have different use cases.

Semantics/Interoperability Agreed structured vocabularies for describing and interchanging Components of Personal Data Processing Enable standardized + automated ways to implement and monitor GDPR compliance checking Room for Standardisation? Standard Vocabularies Standard Architectures+Compliance checking Algorithms Level 0 : None Level 6 : Conceptual Level 5 : Dynamic Level 4 : Pragmatic Level 3 : Semantic Level 2 : Syntactic Level 1 : Technical

Components of Personal Data Processing (not exhaustive…) Rules/Policies Consent Regulations Purpose Processing Storage Personal Data (categories, formats) $ ✆ Not exhaustive, but we have to make a start somewhere. Geo JSON

Regulatory Compliance for Big Companies GDPR Many heterogeneous systems that process personal data Potentially many different places that store and hold consent How to deal with GDPR data requests at scale? How to prove to the regulator and to the customer that personal data has been handled in compliance to consent only? Z Log X Consent P2 P1 Consent Y X Consent P4 Y P3 ? P4 ⊆ P2

Regulatory Compliance for Small Companies GDPR No resources to build their own compliance infrastructure How to deal with GDPR data requests at scale? How to prove to the regulator and to the customer that personal data has been handled in compliance to consent only? Log X P2 Y P1 Consent P4 Y P3 X ? P4 ⊆ P2

Semantic Interoperability boils down to: - What is a common core to address these use cases? - How do we benefit them all at the same time? https://www.w3.org/2018/vocabws/report.html

Semantic Interoperability boils down to: - What is a common core to address these use cases? - How do we benefit them all at the same time? Rough workshop outcome / scoping: Taxonomy of regulatory privacy terms (including all GDPR terms). Taxonomy for personal data. Taxonomy of purposes. Taxonomy of disclosure/processing. Metadata (e.g. related to processing details of anonymization) Log vocabulary. Taxonomy of linkage operations. Taxonomies of human behavior.

Semantic Interoperability boils down to: - What is a common core to address these use cases? - How do we benefit them all at the same time?  Foundation of a W3C Community Group (25th May 2018)  Collect concrete Use cases  Collect Existing Vocabularies  Align Core Vocabularies Taxonomy of regulatory privacy terms (including all GDPR terms). Taxonomy for personal data. Taxonomy of purposes. Taxonomy of disclosure/processing. Metadata (e.g. related to processing details of anonymization) Log vocabulary. Taxonomy of linkage operations. Taxonomies of human behavior.

Semantic Interoperability boils down to: - What is a common core to address these use cases? - How do we benefit them all at the same time?  Foundation of a W3C Community Group (25th May 2018)  Collect concrete Use cases  Collect Existing Vocabularies  Align Core Vocabularies … We need your input!  Join DPVCG! https://www.w3.org/community/dpvcg/wiki/Use-Cases,_Requirements,_Vocabularies

Starting Point: Use Cases/Vocabularies from SPECIAL Ben Whittam Smith, Axel Polleres MyData2018, Helsinki

Three Distinct Use Cases: Know-Your-Customer services for the banking industry Recommendation engine for subscribers Service quality monitoring 13

One Compliance Solution: Processing requires PERMISSIONING Permissions must be compliant with the GDPR Permissions must be compliant with Consent i.e., COMPLIANCE is a logical operation GD PR   P C   P 14

KYC Permissions (AKA Processing Steps) 1. To take documentary evidence of identity and generate identity attributes 2. To store identity attributes 3. To screen against mandated datasets 4. To validate screening results 5. To store, share, and generate risk flags from validated results 6. To share and store risk assessment 15

Centrality of Interoperability If we can show completeness and correctness of execution then we can decentralise the holding of PI Access is controlled by Smart Contracts 16

What to Standardise: Against What Criteria: Core Logic Core Vocabulary Compliance Services Against What Criteria: Completeness and Correctness: Market adoption   17

SPECIAL‘s view on Core Interoperability Components: Rules/Policies: SPECIAL Usage Policy Language (SPL) Purposes Processing Storage Data Recipients  W3C ODRL/POE Log/Transparency SPECIAL Policy Log Vocabulary(SPLOG) Log $ ✆  W3C P3P  W3C ODRL SPECIAL namespaces: @prefix spl: <http://www.specialprivacy.eu/langs/usage-policy#>. @prefix svpu: <http://www.specialprivacy.eu/vocabs/purposes#>. @prefix svpr: <http://www.specialprivacy.eu/vocabs/processing#>. @prefix svd: <http://www.specialprivacy.eu/vocabs/data#>. @prefix svr: <http://www.specialprivacy.eu/vocabs/recipients#>. @prefix splog: <http://www.specialprivacy.eu/langs/splog#>. …  W3C P3P, (OASIS COEL?)  W3C P3P 18

Use Cases/Vocabularies from SPECIAL: Example The data controller will collect financial and judicial information from public sources and analyse it for “know your customer” purposes. This information will be stored on the controller’s servers and released to specific third parties. 19

Use Cases/Vocabularies from SPECIAL: Example (OWL) ObjectIntersectionOf( ObjectSomeValueFrom( spl:hasData ObjectUnionOf( svd:Financial svd:Judicial )) ObjectSomeValueFrom( spl:hasProcessing ObjectUnionOf( tr:Collect-public svpr:Analyze )) ObjectSomeValueFrom( spl:hasPurpose tr:KYC ) ObjectSomeValueFrom( spl:hasStorage ObjectIntersectionOf( ObjectSomeValueFrom(spl:hasLocation spl:ControllerServers) DataSomeValuesFrom( spl:durationInDays DatatypeRestriction( xsd:integer xsd:mininclusive "0"^^xsd:integer )) )) ObjectSomeValueFrom( spl:hasRecipient svr:AnyRecipient ) ) tr:KYC   svpu: finmg tr: Collect-public svpr: collect   20

Call for Action: Join DPVCG! More use cases matter! Existing efforts for interoperability/vocabularies matter! Joining is easy! The group is Open to everyone! Just create a W3C account https://www.w3.org/community/dpvcg/ Maybe discuss in more detail in one of the upcoming Open Space sessions…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.