ODRL policy modelling and compliance checking

Marina De Vos, Sabrina Kirrane, Julian Padget, Ken Satoh

Publikation: Beitrag in Buch/KonferenzbandBeitrag in Konferenzband


This paper addresses the problem of constructing a policy pipeline that enables compliance checking of business processes against regulatory obligations. Towards this end, we propose an Open Digital Rights Language (ODRL) profile that can be used to capture the semantics of both business policies in the form of sets of required permissions and regulatory requirements in the form of deontic concepts, and present their translation into Answer Set Programming (via the Institutional Action Language (InstAL)) for compliance checking purposes. The result of the compliance checking is either a positive compliance result or an explanation pertaining to the aspects of the policy that are causing the non-compliance. The pipeline is illustrated using two (key) fragments of the General Data Protect Regulation, namely Articles 6 (Lawfulness of processing) and Articles 46 (Transfers subject to appropriate safeguards) and industrially-relevant use cases that involve the specification of sets of permissions that are needed to execute business processes. The core contributions of this paper are the ODRL profile, which is capable of modelling regulatory obligations and business policies, the exercise of modelling elements of GDPR in this semantic formalism, and the operationalisation of the model to demonstrate its capability to support personal data processing compliance checking, and a basis for explaining why the request is deemed compliant or not.
Titel des SammelwerksInternational Joint Conference on Rules and Reasoning
Untertitel des SammelwerksPart of the Lecture Notes in Computer Science book series
Herausgeber*innenSpringer Nature Switzerland AG
PublikationsstatusVeröffentlicht - 2019

Österreichische Systematik der Wissenschaftszweige (ÖFOS)

  • 102
  • 102015 Informationssysteme
  • 502050 Wirtschaftsinformatik
  • 505002 Datenschutz