the pseudo gdpr on digital marketplaces challenge
play

The pseudo-GDPR on digital marketplaces challenge a general testbed - PowerPoint PPT Presentation

Aug 29, 2022 •285 likes •527 views

The pseudo-GDPR on digital marketplaces challenge a general testbed for normative reasoning and GDPR-related applications 11 December 2019, Madrid, GDPR@Jurix workshop Giovanni Sileno (g.sileno@uva.nl), Thomas van Binsbergen

  1. The pseudo-GDPR on digital marketplaces challenge a general testbed for normative reasoning and GDPR-related applications 11 December 2019, Madrid, GDPR@Jurix workshop Giovanni Sileno (g.sileno@uva.nl), Thomas van Binsbergen (thomas.van.binsbergen@cwi.nl), Lu-chi Liu, Milen Kebede Girma, Tom van Engers

  2. Background ● The AI & Law field shows that normative modeling and normative reasoning are far from being solved questions All legal mechanistic approaches have eventually not been sufficient. ● Some of the reasons for these failures: ○ vulnerability to knowledge modularity ○ normative reasoning in some aspects more similar to analogical reasoning than deductive reasoning . ○ ● …problems very similar to those observed in common-sense reasoning !

  3. Background In limited domains, modularity and structural similarity should not play a role, yet... ● There is no standard approach to/axiomatization of normative concepts ○ implicit or explicit deontic logic (regulative dimension) ○ Hohfeldian’s framework (regulative and potestative dimension) ○ only power structures [for the operational level] ○ ● No general insight about what is the computational system/technology which is most suitable to perform a certain normative task ○ best w.r.t. to validity , efficiency , but also programmability , explainability , etc. Setting concrete use cases is a sound strategy for the community to advance.

  4. The GDPR as a sandbox ● The GDPR offers a perfect sandbox. Because it is about data collection and processing, it has strong interactions-with/impact-on computational systems.

  5. Relevant aspects of GDPR Distributed Consent processing collection according to purpose and maintenance defined by consent Location (jurisdiction) Access to data GDPR compliance ... Traceability audits and certifications Security

  6. The GDPR as a sandbox ● The GDPR offers a perfect sandbox. Because it is about data collection and processing, it has strong interactions-with/impact-on computational systems. However, we don’t need to consider the actual GDPR to tackle down the issues said before. ● Legal interpretation discussions may distract from “computational” issues. ● We need to emphasize that there is not “one-fits-all” interpretation of the GDPR that organizations might directly reuse; they still need to take responsibility, settling upon the actual interpretation they’re going to apply. Our aim is to develop the computational infrastructure in which organizations can encode and use their normative interpretations.

  7. From GDPR to pseudo-GDPR ● The pseudo-GDPR is meant to: ● ○ provide a basic ground, linguistically simpler, to evaluate and compare different axiomatizations (e.g. by forcing modelers to face the ambiguity of the word “right”), languages and reasoners, w.r.t. granularity, clarity, efficiency, programmability, explainability, etc. ○ ○ provide a sufficient normative base to test legitimate uses and non-compliant behaviour (unlawful processing, violation of undue delay of notification or removal of data, violation of satisfying data portability requests, etc.)

  8. Target social domain: digital market-places (DMPs) In digital marketplaces, actors exchange data , algorithms and compute (computing power). ● some data is personal data : data subjects are included in the DMP as potentially sending data and data-related requests to data controllers ● data controllers are actors interacting with other actors according purpose (both publicly and privately) Some actors might be not at arm’s length. e.g. a data processor might be structurally connected to an illicit data controller exploiting data. We need also to capture preferences with DMP (e.g. certain data needs).

  9. General transaction scheme on DMPs Orchestrator Data Data holder holder Algorithm Computational Algorithm holder Compute holder container Recipient holder

  10. Main roles in GDPR Data controller Data processor Data subject responsible for processing data responsible of using data according the GDPR and the informed consent given on behalf of the controller by the data subject Supervisory authority

  11. Main roles in GDPR Data controller Data processor Data subject responsible for processing data responsible of using data according the GDPR and the informed consent given on behalf of the controller by the data subject Various interactions possible between Supervisory GDPR roles and DMP roles! authority

  12. Challenge(s) Representation ● represent regulations as pseudo-GDPR, consents, and agreements ● represent behavioural domain (scenarios) [w.r.t. DMPs] Reasoning/Inference ● given a business process (as a ● from given facts, test DMP operational description), ○ access-control ( ex-ante enforcement) regulation or agreement, check ○ occurrence of non-compliance ( ex-post enforc.) whether it is conforming to for operational violations and breach of purpose ● provide explanations of responses pseudo-GDPR Infrastructural generation ● from use cases and failure cases, place adequate monitoring & responses

  13. Next steps ● Organize working group on the challenge(s) ● Settle down to a definitive version of the pseudo-GDPR ● Settle down an ontology for the DMP social domain ● Identify a number of scenarios of legitimate use and non-compliance ● Identify examples of business processes, consents, agreements, etc. ● Identify sets of event logs containing observations/traces ● Define best/valid responses for the inferential and infrastructural tasks conducted with these components ● Select a method for empirically validating programmability

  14. Are you interested? ● Write us an email!

  16. The policy-cad team The team is active in several application domains: ● EPI: Data-sharing in health sector ● SSPDDP: Data-sharing between commercial partners ● DL4LD: Data-sharing in logistics ● Agent-programming: Policy aware agent planning/reasoning Composition: ● 1 professor (Tom van Engers, UvA), 2 post-docs (UvA, CWI), 6+ PhD students (UvA)

  18. The pseudo-GDPR on digital marketplaces challenge a general testbed for normative reasoning and GDPR-related applications 11 December 2019, Madrid, GDPR@Jurix workshop Giovanni Sileno (g.sileno@uva.nl), Thomas van Binsbergen (thomas.van.binsbergen@cwi.nl), Lu-chi Liu, Milen Kebede Girma, Tom van Engers

  19. Pseudo-GDPR - 1 pseudo-GDPR applies if data is personal data, data subject is a EU citizen, or data controller or data processor is in EU. general definitions: ● personal data is any data that can be associated to a physical person ● data subject is any identifiable physical person ● data controller is an actor using data for certain purposes ● data processor is an actor processing data on behalf of the data controller ● personal data processing include collecting, recording, reorganising, storing, modifying, consulting, using, publishing, combining, erasing, and destroying data.

  20. Pseudo-GDPR - 2 data subject has the right: ● to give, modify, and revoke consent to use data for certain purposes to data controller ● to ask to data controller ○ confirmation of whether the controller was processing their personal data; ○ information about the purposes of the processing; ○ information about the fields of data being processed; ○ information about the types of recipients with whom the data may have been shared; ○ a copy of data (in an intelligible) format and the source of data; ○ an explanation of any automated processing that has a relevant effect on data subjects. ● to ask removal of data to data controller

  21. Pseudo-GDPR - 3 data controller has the right: ● [to ask for data subject consent] ● to store personal data from data subject if consent is given ● to use data if this use is compatible with data subject consent data controller has the duty: ● to modify, remove consent after data subject's request ● to provide to data subject upon request: ○ confirmation of whether the controller was processing their personal data; ○ information about the purposes of the processing; ○ information about the fields of data being processed; ...

  22. Pseudo-GDPR - 4 data controller has the duty: ● to lead removal of data after request ● to refer to pseudo-GDPR-compliant data processors ● to notify data subject of breaches with undue delay ● to maintain a record of data processing activities data processors has the duty ● [to maintain and remove data after data controller's request] ● to process data only according to the data subject consent ● to notify data controller if consent breach

  23. Pseudo-GDPR - 5 data processor has the duty: ● to delete or return all personal data to the controller after the end of the provision of services relating to processing ● to adequately secure data (encryption, pseudonymization, etc.) ● to notify data controller of breaches with undue delay ● to maintain a record of data processing activities data processor has the right: ● to use sub-processors after data controller's consent (with full liability)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Digital Marketplaces: The Business Model of the Internet Age Marvin Fong, CFA E-Commerce

Digital Marketplaces: The Business Model of the Internet Age Marvin Fong, CFA E-Commerce

RESEARCH & STRATEGY Digital Marketplaces: The Business Model of the Internet Age Marvin Fong, CFA E-Commerce 212.527.3562 | mfong@btig.com PLEASE READ: IMPORTANT DISCLOSURES AND ANALYSTS CERTIFICATION APPEAR IN APPENDIX E-commerce:

421 views • 26 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
David Sumner EU GDPR P CISM General Data Protection Regulation (GDPR) Why Supports a

David Sumner EU GDPR P CISM General Data Protection Regulation (GDPR) Why Supports a

General Data Protection Regulation David Sumner EU GDPR P CISM General Data Protection Regulation (GDPR) Why Supports a single digital market place Protect privacy & security of EU citizens in the digital age When

231 views • 8 slides
THEME: Making Digital Marketplaces Fairer? 15 th March, 2018 CUTS Accra Conference Room

THEME: Making Digital Marketplaces Fairer? 15 th March, 2018 CUTS Accra Conference Room

THEME: Making Digital Marketplaces Fairer? 15 th March, 2018 CUTS Accra Conference Room Highlights Introduction Why World Consumer Rights Day? Building a trustworthy financial Services for consumers Building a digital world consumers can

247 views • 21 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
For personal use only ONLINE MARKETPLACES IN EMERGING MARKETS 1 H 2 0 1 9 H A L F Y E A R R E

For personal use only ONLINE MARKETPLACES IN EMERGING MARKETS 1 H 2 0 1 9 H A L F Y E A R R E

For personal use only ONLINE MARKETPLACES IN EMERGING MARKETS 1 H 2 0 1 9 H A L F Y E A R R E S U L T S P R E S E N T A T I O N | A U G U S T 2 0 1 9 FRONTIER DIGITAL VENTURES Con ontents For personal use only SECTION 1 Half

774 views • 32 slides
DESIGN AN APP SESSION 1 - LAUNCH Introduction to the Digital Creators Challenge In this

DESIGN AN APP SESSION 1 - LAUNCH Introduction to the Digital Creators Challenge In this

THE DIGITAL CREATORS' CHALLENGE: CONNECTING YOU WITH THE CAREERS OF TOMORROW DESIGN AN APP SESSION 1 - LAUNCH Introduction to the Digital Creators Challenge In this video (2 min, 19s) Andy Ryan, Head of Digital Operations &

358 views • 23 slides
Data protection law a new challenge for International Sports Federations GDPR and what

Data protection law a new challenge for International Sports Federations GDPR and what

Data protection law a new challenge for International Sports Federations GDPR and what International Sports Federations must know Bangkok, 20 April 2018 Franois Carrard, Dr . iur ., Attorney-at-law www.kellerhals-carrard.ch AGENDA 1.

440 views • 19 slides
The Internet of Things during Digital Transformation IoT Applications Regulatory Landscape under

The Internet of Things during Digital Transformation IoT Applications Regulatory Landscape under

The Internet of Things during Digital Transformation IoT Applications Regulatory Landscape under GDPR 12/12/2019 Epaminondas John Bikakis 2 SECTION CONTENTS : IoT Applications Regulatory Landscape under GDPR Introduction : Definition for

446 views • 22 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
GDPR and labor platforms Presentation for ETUI Online Discussion 15 Jul 2020 Based on the ETUI

GDPR and labor platforms Presentation for ETUI Online Discussion 15 Jul 2020 Based on the ETUI

GDPR and labor platforms Presentation for ETUI Online Discussion 15 Jul 2020 Based on the ETUI Working Paper Using GDPR to improve legal clarity and working conditions on digital labour platforms By Michael Six Silberman and Hannah

830 views • 13 slides
Access to International Access to International E-Marketplaces for Developing E-Marketplaces for

Access to International Access to International E-Marketplaces for Developing E-Marketplaces for

Access to International Access to International E-Marketplaces for Developing E-Marketplaces for Developing Country MSMEs Country MSMEs Julien Grollier Julien Grollier 1 Background Background Cross-border e-retail on the rise Until

270 views • 9 slides
Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
Basic Pipelining Wrap-up Exploiting ILP (from Slide Set 20) Chapter 6 and beyond 1 2

Basic Pipelining Wrap-up Exploiting ILP (from Slide Set 20) Chapter 6 and beyond 1 2

Slide Set #21: Basic Pipelining Wrap-up Exploiting ILP (from Slide Set 20) Chapter 6 and beyond 1 2 Pipelining Big Picture Remember the single-cycle implementation Improve performance by increasing instruction throughput

392 views • 5 slides
Sequence comparison: Significance of similarity scores Genome 559: Introduction to Statistical

Sequence comparison: Significance of similarity scores Genome 559: Introduction to Statistical

Sequence comparison: Significance of similarity scores Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas Are these proteins related? SEQ 1: RVVNLVPS--FWVLDATYKNYAINYNCDVTYKLY NO (score = 9) L P W L

607 views • 24 slides
Numerical optimization minimizing a function by evaluating it at many trial points. Main

Numerical optimization minimizing a function by evaluating it at many trial points. Main

Numerical optimization minimizing a function by evaluating it at many trial points. Main points: 1. optimizers can fail to find the global optimum: (a) multiple modes are a problem. (b) result is often starting point dependent. 2. limited

342 views • 8 slides
Transfer of Samples in Policy Search via Multiple Importance Sampling Andrea Tirinzoni, Mattia

Transfer of Samples in Policy Search via Multiple Importance Sampling Andrea Tirinzoni, Mattia

Transfer of Samples in Policy Search via Multiple Importance Sampling Andrea Tirinzoni, Mattia Salvini, and Marcello Restelli 36th International Conference on Machine Learning, Long Beach, California 1 Motivation Policy Search (PS) : very

507 views • 19 slides
Power Expectation Propagation for Deep Gaussian Processes Dr. Richard E. Turner ( ret26@cam.ac.uk

Power Expectation Propagation for Deep Gaussian Processes Dr. Richard E. Turner ( ret26@cam.ac.uk

Power Expectation Propagation for Deep Gaussian Processes Dr. Richard E. Turner ( ret26@cam.ac.uk ) Computational and Biological Learning Lab, Department of Engineering, University of Cambridge with Thang Bui, Yingzhen Li, Jos e Miguel Hern

957 views • 69 slides
Pseudo-Relevance Feedback CS6200: Information Retrieval Slides by: Jesse Anderton

Pseudo-Relevance Feedback CS6200: Information Retrieval Slides by: Jesse Anderton

Pseudo-Relevance Feedback CS6200: Information Retrieval Slides by: Jesse Anderton Pseudo-Relevance Feedback If we assume the first k documents are relevant, we can update our query to find more relevant documents. Rocchios Algorithm for

80 views • 7 slides
Stackable GSS Pseudo-Mechs draft-williams-gssapi-stackable-pseudo-mechs-00

Stackable GSS Pseudo-Mechs draft-williams-gssapi-stackable-pseudo-mechs-00

Stackable GSS Pseudo-Mechs draft-williams-gssapi-stackable-pseudo-mechs-00 Nicolas.Williams@sun.com 60 th IETF KITTEN BoF History 2000: LIPKEY [RFC2847], basic-over-SPKM Early-2003: CCM-BIND (I-D), first stackable GSS-API

347 views • 21 slides
Optimal Service Placement using Pseudo Service Chaining Mechanism 2016. 11. 15. Taeheum Na

Optimal Service Placement using Pseudo Service Chaining Mechanism 2016. 11. 15. Taeheum Na

IETF 97 meeting @ Seoul Optimal Service Placement using Pseudo Service Chaining Mechanism 2016. 11. 15. Taeheum Na {taeheum@etri.re.kr} Network SW Platform Research Section ETRI Contents Background NFV Environment Related work

647 views • 17 slides

More recommend