towards privacy policy conceptual modeling
play

Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok - PowerPoint PPT Presentation

Jan 07, 2023 •27 likes •497 views

Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit Sabri Skhiri Katsiaryna Krasnashchok, R&D Engineer @EURA NOVA 1 EURA NOVA A R&D-fueled consultancy company Customers challenges WE

  1. Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit Sabri Skhiri Katsiaryna Krasnashchok, R&D Engineer @EURA NOVA 1

  2. EURA NOVA A R&D-fueled consultancy company Customers’ challenges WE BELIEVE TECHNOLOGY IS THE ENGINE OF CHANGE . Products R&D expertise 2

  3. ASGARD The next two-year program DATA PRIVACY AUTOMATION 1 2 +700 K $1 to $5 Mi What if you could What if we can simplify and even understand what each automate a machine user agreed about learning task ? their data ? DATA PIPELINES DATA QUALITY 4 3 85% $500 K What if you can detect What if which sources impact best R&D the accuracy the configuration data expertise most? pipelines 3

  4. Rune The next two-year program DATA PRIVACY 1 $1 to $5 Mi What if we can understand what each user agreed about their data ? Creating new approaches in nlp in order to support gdpr & privacy by design 1- Towards Privacy Policy Conceptual Modeling 2-Privacy Policy Classification With XLNet R&D expertise 4

  5. Goal Automate privacy by design based on policies and DPAs Policy/DPA Data Flow RUNE Controls DPO 5 5

  6. Privacy Policy IMDB use case Information You Give Us: We receive and store any information you enter on our Web site or give us in any other way. Click here to see examples of what we collect. ...you might supply us with such information as your name, e-mail address, physical address, zip code, and phone number; your age and gender; the movies and actors you like or dislike; and your general movie preferences. You can choose not to provide certain information, but then you might not be able to take advantage of many of our features. We use the information that you provide for such purposes as responding to your requests, customizing future browsing for you, improving our site, and communicating with you. 6

  7. Privacy Policy IMDB use case Information You Give Us: We receive and store any information you enter on our Web site or give us in any other way. Click here to see examples of what we collect. ...you might supply us with such information as your name, e-mail address, physical address, zip code, and phone number; your age and gender; the movies and actors you like or dislike; and your general movie preferences. You can choose not to provide certain information, but then you might not be able to take advantage of many of our features. We use the information that you provide for such purposes as responding to your requests, customizing future browsing for you, improving our site, and communicating with you. 7

  8. End-to-end system Automate privacy by design based on policies and DPAs NLP Policy/contract Policies/ Policy parser contracts representations Instance of Uses Policy model Refine / enrich Checks Written in against terms of Compliance/ Pre-processing/ Reasoner / conflict Sent to Data Access Request for compliance resolution action Returns checker module response 8

  9. NeON Methodology Ontology Engineering Scenario 5: Reusing and Merging Ontological Resources Ontology Ontology Ontology Ontology Ontology Ontology Search Assessment Comparison Selection Merging Aligning Gómez-Pérez, Asunción, and Mari Carmen Suárez-Figueroa. "Neon methodology for building ontology networks: a scenario-based methodology." (2009). 9

  10. STATE OF THE ART Ontology Ontology Ontology Ontology Ontology Ontology Search Assessment Comparison Selection Merging Aligning 10

  11. Comparison Criteria For Model Selection Interoperability / Reusability Annotated GDPR- Data awareness Privacy Deontic Concepts Concepts Maturity Reasoning Level 11 11

  12. Model Comparison State of the Art 12 12

  13. MODEL ENGINEERING Ontology Ontology Ontology Ontology Ontology Ontology Search Assessment Comparison Selection Merging Aligning 13

  14. Model Selection Combine existing models to cover full requirements for our model ODRL/ORCP DPV ODRL Regulatory Compliance Profile Data Privacy Vocabularies Deontic concepts Vocabularies of privacy terms Action Processing Permission Data Personal Data Category Data Controller / Data Processor Prohibition Rule Party / Data Subject / Third Party Purpose Purpose Obligation Legal Legal Basis Basis Technical / Organisational 1. De Vos, Marina, et al. "ODRL policy modelling and compliance checking." International Joint Measure Conference on Rules and Reasoning. Springer, 2019. 2. Pandit, Harshvardhan J., et al. "Creating a Vocabulary for Data Privacy." OTM Confederated International Conferences" On the Move to Meaningful Internet Systems". Springer, 2019. 14 14

  15. Model Alignment Combine existing models to cover full requirements for our model ODRL/ORCP DPV ODRL Regulatory Compliance Profile Data Privacy Vocabularies Deontic concepts Vocabularies of privacy terms Action Processing Permission Data Personal Data Category Data Controller / Data Processor Prohibition Rule Party / Data Subject / Third Party Purpose Purpose Obligation Legal Legal Basis Basis Technical / Organisational Technical / Organisational Measure Measure 15 15

  16. Model Alignment Reuse existing models to cover full requirements for our model 16 16

  17. SAVE Semantic dAta priVacy modEl Full documentation: http://rune.research.euranova.eu/ 17 17

  18. IMDB USE CASE 18

  19. IMDB PP Permission Example Information You Give Us: We receive and store any :Permission1 rdf:type owl:NamedIndividual , information you enter on our Web site or give us in any save:Permission ; save:action :Collect , other way. Click here to see examples of what we :Store , collect. :Use ; save:controller :IMDB ; ...you might supply us with such information as your save:sender :DataSubject ; name, e-mail address, physical address, zip code, and save:data :Address , phone number; your age and gender; the movies and :Age , actors you like or dislike; and your general movie :EmailAddress , preferences. :Gender , :Dislikes , :Likes , You can choose not to provide certain information, but :Preferences , then you might not be able to take advantage of many :Name , of our features. We use the information that you :PhoneNumber , provide for such purposes as responding to your :ZipCode ; requests, customizing future browsing for you, save:purpose :CustomerCare , improving our site, and communicating with you. :ServicePersonalization . Full demo: http://rune.research.euranova.eu/demo/Policy.html 19 19

  20. IMDB PP Obligation with Technical Measure Example :Obligation1 rdf:type save:Obligation ; If you use our subscription service, we work to protect save:action :DiscloseByTransmission ; the security of your subscription information during save:controller :IMDB ; transmission by using Secure Sockets Layer (SSL) save:data :Authenticating ; dpv:hasTechnicalOrganisationalMeasure software, which encrypts information you input. :EncryptionInTransfer . Full demo: http://rune.research.euranova.eu/demo/Policy.html 20 20

  21. CONCLUSION 21

  22. Conclusion Validation ⇔ refinement SAVE – Semantic dAta priVacy modEl: ● GDPR-aware, ○ fine-grained, ○ reusable, ○ supports semantic interoperability, ○ possesses potential for automated compliance checking. ○ Based on the principles of ontology reuse and merging: ● inheriting the expressive power and functionality of each of its ○ components, can model a wide range of privacy-related agreements - privacy ● policies, data processing agreements, other contracts - anything that involves rules of personal data processing. 22 22

  23. ONGOING WORK / FUTURE PLANS 23

  24. Plan Ongoing Future Adding another level of policies Validating the model with the based on individual user’s help of legal experts. consent Representing GDPR norms Improvement, enrichment and (functional) to provide correction of the model. “level 0” of policies and compliance Usage in Downstream Applications Automatic generation of data ● Ontology Population from processing agreements in NL. contracts (NLP) ● Access Control/Compliance Checking (SHACL) 24 24

  25. Questions ? 25

  26. Contact : katherine.krasnaschok@euranova.eu Senior R&D Engineer EURA NOVA Links: SAVE spec: http://rune.research.euranova.eu/ IMDB demo: rune.research.euranova.eu/demo/Policy.html Ontology: http://rune.research.euranova.eu/save.ttl euranova.eu research.euranova.eu 26

  27. Summary Presentation 27

  28. Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit Sabri Skhiri Katsiaryna Krasnashchok, R&D Engineer @EURA NOVA 28

  29. CONTEXT 29

  30. Context Goals : Support GDPR compliance & privacy by design. ➔ Represent privacy policies and data processing agreements in a machine-readable ➔ “operational” way. Contributions : A conceptual model for fine-grained representation of privacy policies; ➔ Merge of two Semantic Web models; ➔ Open, reusable, flexible; ➔ 30

  31. Problem Policies and contracts do not guarantee privacy by design! Policy/DPA Data Flow Interprets Audits Audits Interprets DPO 31 31

  32. Goal Automate privacy by design based on policies and DPAs Policy/DPA Data Flow RUNE Controls DPO 32 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Characteristics of Objects Identity The Class Diagrams Discrete and distinguishable

1 Characteristics of Objects Identity The Class Diagrams Discrete and distinguishable

Outline Conceptual modeling Conceptual Modeling The goal of conceptual modeling The OO solution The object model (conceptual) Syntax and semantics A Short Discussion Object modeling

118 views • 9 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Conceptual Modeling and Entity-Relationship Diagrams Chapter 3 & 4: Elmasri/Navathe 3753 X1

Conceptual Modeling and Entity-Relationship Diagrams Chapter 3 & 4: Elmasri/Navathe 3753 X1

Conceptual Modeling and Entity-Relationship Diagrams Chapter 3 & 4: Elmasri/Navathe 3753 X1 Outline Phases of Database Design Conceptual Modeling Abstractions in Conceptual Design Example Database Requirements

773 views • 50 slides
About (FRBR) Data Modeling: Conceptual Data Modeling In Cultural Heritage Institutions Ronald J.

About (FRBR) Data Modeling: Conceptual Data Modeling In Cultural Heritage Institutions Ronald J.

About (FRBR) Data Modeling: Conceptual Data Modeling In Cultural Heritage Institutions Ronald J. Murray Library of Congress Washington DC USA Workshop on FRBR in the European Library Lisboa, Portugal October 9, 2008 Data Modeling in General

1.21k views • 75 slides
PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses, shares, stores and manages your information. We have built our business based on (a) our integrity, (b) our sincere effort to meet your

206 views • 3 slides
Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect any information that you provide when you use this website. Talking Slides Ltd is committed to ensuring that your privacy is protected. Should we ask

164 views • 4 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
T Towards Integrated Policy d I t t d P li Managem ent for Privacy Managem ent for Privacy

T Towards Integrated Policy d I t t d P li Managem ent for Privacy Managem ent for Privacy

T Towards Integrated Policy d I t t d P li Managem ent for Privacy Managem ent for Privacy Dr Nick Papanikolaou e-Security Group International Digital Laboratory WMG, University of Warwick , y http: / / go.warwick.ac.uk/ nikos C

168 views • 15 slides
Privacy CS 4720 Mobile Application Development CS 4720 Creating a Privacy Policy A

Privacy CS 4720 Mobile Application Development CS 4720 Creating a Privacy Policy A

Privacy CS 4720 Mobile Application Development CS 4720 Creating a Privacy Policy A privacy policy is a document created to go with a product (app, website, etc.) that describes how the product and company behind it will do the

523 views • 13 slides
Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor http://lorrie.cranor.org/courses/sp04/ Current events Current events n Gmail

883 views • 31 slides
Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the data disclosure decisions and for visualization IFIP Summer School on Identity Management Karlstad, Sweden August, 6 th -10 th 2007

338 views • 15 slides
Outline 1 The topic 2 Decision support systems 3 Modeling 3.3 Advanced modeling

Outline 1 The topic 2 Decision support systems 3 Modeling 3.3 Advanced modeling

Outline 1 The topic 2 Decision support systems 3 Modeling 3.3 Advanced modeling Compositional modeling: requirements Conceptual modeling: Why? How? Qualitative modeling: Why? Limitations? Automated model composition Model-Based

564 views • 23 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Access and Privacy Update Renee Barrette, Director of Policy Lauren Silver, Policy Analyst

Access and Privacy Update Renee Barrette, Director of Policy Lauren Silver, Policy Analyst

Access and Privacy Update Renee Barrette, Director of Policy Lauren Silver, Policy Analyst Information and Privacy Commissioner of Ontario AMCTO Zone 4 Spring Meeting May 2, 2017 Our Office The Information and Privacy Commissioner (IPC)

485 views • 46 slides
Conceptual Framework for Agent- Conceptual Framework for Agent- Based Modeling and Simulation:

Conceptual Framework for Agent- Conceptual Framework for Agent- Based Modeling and Simulation:

Conceptual Framework for Agent- Conceptual Framework for Agent- Based Modeling and Simulation: Based Modeling and Simulation: The Computer Experiment The Computer Experiment Yongqin Gao Vincent Freeh Greg Madey Yongqin Gao Vincent Freeh

518 views • 28 slides
Future directions in computer science research John Hopcroft Cornell University IMPA-Rio Time

Future directions in computer science research John Hopcroft Cornell University IMPA-Rio Time

Future directions in computer science research John Hopcroft Cornell University IMPA-Rio Time of change The information age is a revolution that is changing all aspects of our lives. Those individuals, institutions, and nations who

1.23k views • 77 slides
Community Structure in Large Community Structure in Large Social and Information Networks Social

Community Structure in Large Community Structure in Large Social and Information Networks Social

Community Structure in Large Community Structure in Large Social and Information Networks Social and Information Networks Michael W. Mahoney Stanford University (For more info, see: http://cs.stanford.edu/people/mmahoney) Lots and lots of

587 views • 40 slides
Media Network models What is a network model? Informally, a network model is a process

Media Network models What is a network model? Informally, a network model is a process

Online Social Networks and Media Network models What is a network model? Informally, a network model is a process (radomized or deterministic) for generating a graph Models of static graphs input: a set of parameters , and the

1.08k views • 82 slides
Maintenance of random logical networks Romaric Duvignau DCS seminar, Chalmers October 4, 2017

Maintenance of random logical networks Romaric Duvignau DCS seminar, Chalmers October 4, 2017

Maintenance of random logical networks Romaric Duvignau DCS seminar, Chalmers October 4, 2017 Plan 1 A Quick Example of P2P Networks 2 A New Model of Evolution 3 A Concrete Example: Uniform k -out Random Graphs 4 A More General Question Romaric

976 views • 87 slides
Federal Computer Security Managers Forum Quarterly Meeting October 28, 2020 Administrative

Federal Computer Security Managers Forum Quarterly Meeting October 28, 2020 Administrative

Federal Computer Security Managers Forum Quarterly Meeting October 28, 2020 Administrative Reminders This meeting is NOT recorded. Slides will be available within 7 business days, with speaker permission. CEU Form is available:

624 views • 9 slides
Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Technology Usability Lab in Privacy and Security Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA {FIRSTNAME.LASTNAME}@ED.AC.UK End users requirement of usability is starting to be acknowledged as a serious market

490 views • 23 slides
Microscope Slide Holder (10 slides fl at) R Robert VIEW IN BROWSER updated 22. 3. 2020 |

Microscope Slide Holder (10 slides fl at) R Robert VIEW IN BROWSER updated 22. 3. 2020 |

Microscope Slide Holder (10 slides fl at) R Robert VIEW IN BROWSER updated 22. 3. 2020 | published 22. 3. 2020 Summary Inspired by the recent push by Prusa research to design and manufacture useful items in the fi ght against coronavirus, I

239 views • 3 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides

More recommend