towards privacy policy conceptual modeling
play

Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok - PowerPoint PPT Presentation

Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit Sabri Skhiri Katsiaryna Krasnashchok, R&D Engineer @EURA NOVA 1 EURA NOVA A R&D-fueled consultancy company Customers challenges WE


  1. Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit Sabri Skhiri Katsiaryna Krasnashchok, R&D Engineer @EURA NOVA 1

  2. EURA NOVA A R&D-fueled consultancy company Customers’ challenges WE BELIEVE TECHNOLOGY IS THE ENGINE OF CHANGE . Products R&D expertise 2

  3. ASGARD The next two-year program DATA PRIVACY AUTOMATION 1 2 +700 K $1 to $5 Mi What if you could What if we can simplify and even understand what each automate a machine user agreed about learning task ? their data ? DATA PIPELINES DATA QUALITY 4 3 85% $500 K What if you can detect What if which sources impact best R&D the accuracy the configuration data expertise most? pipelines 3

  4. Rune The next two-year program DATA PRIVACY 1 $1 to $5 Mi What if we can understand what each user agreed about their data ? Creating new approaches in nlp in order to support gdpr & privacy by design 1- Towards Privacy Policy Conceptual Modeling 2-Privacy Policy Classification With XLNet R&D expertise 4

  5. Goal Automate privacy by design based on policies and DPAs Policy/DPA Data Flow RUNE Controls DPO 5 5

  6. Privacy Policy IMDB use case Information You Give Us: We receive and store any information you enter on our Web site or give us in any other way. Click here to see examples of what we collect. ...you might supply us with such information as your name, e-mail address, physical address, zip code, and phone number; your age and gender; the movies and actors you like or dislike; and your general movie preferences. You can choose not to provide certain information, but then you might not be able to take advantage of many of our features. We use the information that you provide for such purposes as responding to your requests, customizing future browsing for you, improving our site, and communicating with you. 6

  7. Privacy Policy IMDB use case Information You Give Us: We receive and store any information you enter on our Web site or give us in any other way. Click here to see examples of what we collect. ...you might supply us with such information as your name, e-mail address, physical address, zip code, and phone number; your age and gender; the movies and actors you like or dislike; and your general movie preferences. You can choose not to provide certain information, but then you might not be able to take advantage of many of our features. We use the information that you provide for such purposes as responding to your requests, customizing future browsing for you, improving our site, and communicating with you. 7

  8. End-to-end system Automate privacy by design based on policies and DPAs NLP Policy/contract Policies/ Policy parser contracts representations Instance of Uses Policy model Refine / enrich Checks Written in against terms of Compliance/ Pre-processing/ Reasoner / conflict Sent to Data Access Request for compliance resolution action Returns checker module response 8

  9. NeON Methodology Ontology Engineering Scenario 5: Reusing and Merging Ontological Resources Ontology Ontology Ontology Ontology Ontology Ontology Search Assessment Comparison Selection Merging Aligning Gómez-Pérez, Asunción, and Mari Carmen Suárez-Figueroa. "Neon methodology for building ontology networks: a scenario-based methodology." (2009). 9

  10. STATE OF THE ART Ontology Ontology Ontology Ontology Ontology Ontology Search Assessment Comparison Selection Merging Aligning 10

  11. Comparison Criteria For Model Selection Interoperability / Reusability Annotated GDPR- Data awareness Privacy Deontic Concepts Concepts Maturity Reasoning Level 11 11

  12. Model Comparison State of the Art 12 12

  13. MODEL ENGINEERING Ontology Ontology Ontology Ontology Ontology Ontology Search Assessment Comparison Selection Merging Aligning 13

  14. Model Selection Combine existing models to cover full requirements for our model ODRL/ORCP DPV ODRL Regulatory Compliance Profile Data Privacy Vocabularies Deontic concepts Vocabularies of privacy terms Action Processing Permission Data Personal Data Category Data Controller / Data Processor Prohibition Rule Party / Data Subject / Third Party Purpose Purpose Obligation Legal Legal Basis Basis Technical / Organisational 1. De Vos, Marina, et al. "ODRL policy modelling and compliance checking." International Joint Measure Conference on Rules and Reasoning. Springer, 2019. 2. Pandit, Harshvardhan J., et al. "Creating a Vocabulary for Data Privacy." OTM Confederated International Conferences" On the Move to Meaningful Internet Systems". Springer, 2019. 14 14

  15. Model Alignment Combine existing models to cover full requirements for our model ODRL/ORCP DPV ODRL Regulatory Compliance Profile Data Privacy Vocabularies Deontic concepts Vocabularies of privacy terms Action Processing Permission Data Personal Data Category Data Controller / Data Processor Prohibition Rule Party / Data Subject / Third Party Purpose Purpose Obligation Legal Legal Basis Basis Technical / Organisational Technical / Organisational Measure Measure 15 15

  16. Model Alignment Reuse existing models to cover full requirements for our model 16 16

  17. SAVE Semantic dAta priVacy modEl Full documentation: http://rune.research.euranova.eu/ 17 17

  18. IMDB USE CASE 18

  19. IMDB PP Permission Example Information You Give Us: We receive and store any :Permission1 rdf:type owl:NamedIndividual , information you enter on our Web site or give us in any save:Permission ; save:action :Collect , other way. Click here to see examples of what we :Store , collect. :Use ; save:controller :IMDB ; ...you might supply us with such information as your save:sender :DataSubject ; name, e-mail address, physical address, zip code, and save:data :Address , phone number; your age and gender; the movies and :Age , actors you like or dislike; and your general movie :EmailAddress , preferences. :Gender , :Dislikes , :Likes , You can choose not to provide certain information, but :Preferences , then you might not be able to take advantage of many :Name , of our features. We use the information that you :PhoneNumber , provide for such purposes as responding to your :ZipCode ; requests, customizing future browsing for you, save:purpose :CustomerCare , improving our site, and communicating with you. :ServicePersonalization . Full demo: http://rune.research.euranova.eu/demo/Policy.html 19 19

  20. IMDB PP Obligation with Technical Measure Example :Obligation1 rdf:type save:Obligation ; If you use our subscription service, we work to protect save:action :DiscloseByTransmission ; the security of your subscription information during save:controller :IMDB ; transmission by using Secure Sockets Layer (SSL) save:data :Authenticating ; dpv:hasTechnicalOrganisationalMeasure software, which encrypts information you input. :EncryptionInTransfer . Full demo: http://rune.research.euranova.eu/demo/Policy.html 20 20

  21. CONCLUSION 21

  22. Conclusion Validation ⇔ refinement SAVE – Semantic dAta priVacy modEl: ● GDPR-aware, ○ fine-grained, ○ reusable, ○ supports semantic interoperability, ○ possesses potential for automated compliance checking. ○ Based on the principles of ontology reuse and merging: ● inheriting the expressive power and functionality of each of its ○ components, can model a wide range of privacy-related agreements - privacy ● policies, data processing agreements, other contracts - anything that involves rules of personal data processing. 22 22

  23. ONGOING WORK / FUTURE PLANS 23

  24. Plan Ongoing Future Adding another level of policies Validating the model with the based on individual user’s help of legal experts. consent Representing GDPR norms Improvement, enrichment and (functional) to provide correction of the model. “level 0” of policies and compliance Usage in Downstream Applications Automatic generation of data ● Ontology Population from processing agreements in NL. contracts (NLP) ● Access Control/Compliance Checking (SHACL) 24 24

  25. Questions ? 25

  26. Contact : katherine.krasnaschok@euranova.eu Senior R&D Engineer EURA NOVA Links: SAVE spec: http://rune.research.euranova.eu/ IMDB demo: rune.research.euranova.eu/demo/Policy.html Ontology: http://rune.research.euranova.eu/save.ttl euranova.eu research.euranova.eu 26

  27. Summary Presentation 27

  28. Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit Sabri Skhiri Katsiaryna Krasnashchok, R&D Engineer @EURA NOVA 28

  29. CONTEXT 29

  30. Context Goals : Support GDPR compliance & privacy by design. ➔ Represent privacy policies and data processing agreements in a machine-readable ➔ “operational” way. Contributions : A conceptual model for fine-grained representation of privacy policies; ➔ Merge of two Semantic Web models; ➔ Open, reusable, flexible; ➔ 30

  31. Problem Policies and contracts do not guarantee privacy by design! Policy/DPA Data Flow Interprets Audits Audits Interprets DPO 31 31

  32. Goal Automate privacy by design based on policies and DPAs Policy/DPA Data Flow RUNE Controls DPO 32 32

Recommend


More recommend