Compliance Using Metadata

Rigo Wenning, Sabrina Kirrane

Publication: Chapter in book/Conference proceedingChapter in edited volume

2 Downloads (Pure)

Abstract

Everybody talks about the data economy. Data is collected stored, processed and re-used. In the EU, the GDPR creates a framework with conditions (e.g. consent) for the processing of personal data. But there are also other legal provisions containing requirements and conditions for the processing of data. Even today, most of those are hard-coded into workflows or database schemes, if at all. Data lakes are polluted with unusable data because nobody knows about usage rights or data quality. The approach presented here makes the data lake intelligent. It remembers usage limitations and promises made to the data subject or the contractual partner. Data can be used as risk can be assessed. Such a system easily reacts on new requirements. If processing is recorded back into the data lake, the recording of this information allows to prove compliance. This can be shown to authorities on demand as an audit trail. The concept is best exemplified by the SPECIAL project https://specialprivacy.eu (Scalable Policy-aware Linked Data Architecture For PrivacyPrivacy, TransparencyTransparency and ComplianceCompliance). SPECIAL has several use cases, but the basic framework is applicable beyond those cases.
Original languageEnglish
Title of host publicationSemantic Applications. Methodology, Technology, Corporate Use
EditorsT. Hoppe, B. Humm, A. Reibold
Place of PublicationBerlin, Heidelberg
PublisherSpringer
Pages31-45
ISBN (Print)978-3-662-55432-6
DOIs
Publication statusPublished - 2018

Cite this