• No results found

An Exploration of Data Interoperability for GDPR

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "An Exploration of Data Interoperability for GDPR"

Copied!
21
0
0

Loading.... (view fulltext now)

Download now ( 21 Page )

Full text

(1)

DOI: 10.4018/IJSR.2018010101



Copyright©2018,IGIGlobal.CopyingordistributinginprintorelectronicformswithoutwrittenpermissionofIGIGlobalisprohibited.

An Exploration of Data

Interoperability for GDPR

Harshvardhan J. Pandit, ADAPT Centre, Trinity College Dublin, Dublin, Ireland Christophe Debruyne, ADAPT Centre, Trinity College Dublin, Dublin, Ireland Declan O’Sullivan, ADAPT Centre, Trinity College Dublin, Dublin, Ireland Dave Lewis, ADAPT Centre, Trinity College Dublin, Dublin, Ireland

ABSTRACT

The General Data Protection Regulation (GDPR) specifies obligations that shape the way informationiscollected,shared,provided,orcommunicated,andprovidesrightsforreceivinga copyoftheirpersonaldatainaninteroperableformat.Thesharingofinformationbetweenentities affectedbyGDPRprovidesastrongmotivationtowardstheadoptionofaninteroperablemodel fortheexchangeofinformationanddemonstrationofcompliance.Thisarticleexploressuch aninteroperabilitymodelthroughentitiesidentifiedbytheGDPRandtheirinformationflows alongwithrelevantobligations.Themodelcategorisesinformationexchangedbetweenentities andpresentsadiscussiononitsrepresentationusingexistingstandards.Aninvestigationofdata providedundertheRighttoDataPortabilityforexploringinteroperabilityinareal-worlduse-case. Thefindingsdemonstratehowtheuseofcommondataformatshamperitsusabilityduetoalack ofcontext.Thearticlediscussestheadoptionofcontextualmetadatausingasemanticmodelof interoperabilitytoremedytheseidentifiedshortcomings.

KEywoRDS

Data Format, Data Standards, GDPR, Interoperability, Semantics

INTRoDUCTIoN

(2)

focusesontheuseofconsentandpersonaldataasthebasisofoperationsandprovidesthedatasubject withseveralrights.Thesenewchangeshavespurredinnovationwithinthecommunitythattargets compliancewiththevariousobligationsoftheGDPR.

Alongwithprovidingconstraintsforhowpersonaldataisusedandsharedthroughvarious processes,theGDPRalsoprovidesstatementsaboutthewayinformationissharedorcommunicated betweenvariousentities.GDPRprovidessevenkeyprinciples(Article5)thatacttoguidethe processingofpersonaldata.Theseare-Lawfulness,fairnessandtransparency,Purposelimitation, Dataminimisation,Accuracy,Storagelimitation,andIntegrityandconfidentiality,andAccountability. WhiletheseprinciplesaresimilartothosewithintheDPD,GDPRencompassestheseprinciplesin alargerroleinitsadherencetowardscompliance.Theseprinciplessetouthoweachdatacontroller shouldprocessthepersonaldataofclientsordatasubjectsandformstheguidelinefordutiesand obligationsforcompliancebyentities.Forexample,aDataProcessorundertheGDPRisanentity thatcanonlyactonthedataundertheinstructionsitreceivesfromaDataControlleroranotherData Processor(makingitthesub-Processor).Therefore,aDataProcessorcannotdecidethepurposeof thedataitreceivesandmustadheretotheinstructionsitreceivesfromtheDataControllerorData Processorthatprovidesthedata.AssumingthisentityisaDataController,theagreementwiththe DataProcessorisexpectedtostatetheseresponsibilitiesinanexplicitmannersuchthattheData ProcessoraswellastheDataControllercanverifyoraudittheaccountabilityofthisagreementfor obligationsprovidedbytheGDPR.

TheGDPRprovidesseveralrightstothedatasubjectswhoseadherenceismandatoryfor organisations.TheRighttoInform(Article12-14)andRighttoAccess(Article12,15)provide theDataSubjecttherighttobeinformedregardinghowtheirpersonaldataisorwillbecollected, processed,stored,andusedalongwiththespecificpurposes.TheRighttoDataPortability(Article 12,A20)enablestheDataSubjecttoreceiveacopyoftheirpersonaldatawhichtheyhaveprovidedto theDataController.ItalsoallowstheDataSubjecttorequestthisdatatobedirectlymoved,copied,or transferredtoanotherDataController.Theprovidedmustbeinacommonlyused,machinereadable, andinteroperableformat.Theexercisingoftheserightsinvolvesanexplicitinteractionbetweenthe DataControllerandtheDataSubjectoranotherDataControllerwheretheinformationexchangedis thepersonaldataunderconsideration.Additionally,GDPRexplicitlymentionsinteroperabilityasone ofthemandatorypropertiesofthisdata,makingitsadoptionanecessaryparttowardsitscompliance.

Whilethereisnorequirementforlegallystructuringshareddatainaparticularway,doing sohasbenefitsforallentitiesinvolved.ForDataSubjects,thisprovidesconsistencyintermsof understandabilityandinteroperabilityoftheirpersonaldata.ForDataControllersandDataProcessors, thisenablesseamlessoperationsthroughinteroperablemechanismsthatalsoactasdemonstrable compliancetowardsrequiredobligations.ForSupervisoryAuthorities,theinteroperabilityofdata providesauniforminterfacewhenconductinginvestigations,beingparticularlyhelpfulwhentracing theflowofinformationacrossmultipleentities.

ThispaperinvestigatesinteroperabilityinthecontextoftheGDPR.Itpresentsanoverviewof theGDPRintermsofentitiesinvolvedandpresentsasystematicrepresentationoftheirinteractions. Throughthis,itpresentsananalysisoftheentitiescategorisedaccordingtotheirroleasdefined bytheGDPR,thenatureofinformationflowsbetweentheseentities,andtherequirementsfor interoperabilityintheirinteractionsthroughtheseinformationflows.Throughthisanalysis,thepaper investigatesthecreationofaninteroperabilitymodelbasedoninteractionsbetweenentitiesandshaped byrelevantobligationsenforcedbytheGDPRwhichactasrequirementsforthemodel.Thepurpose ofthismodelistohighlighthowinformationexchangedbyentitiesisaffectedbytheGDPRandto discussitsrepresentationusingvariousexistingstandardsandstandard-creatingbodies.Thepaper alsopresentsadiscussiononhowthemodelisusefulforoperationsinvolvinginformationexchange andtowardsensuringitscompliancewiththeobligationsoftheGDPR.

(3)

anddiscussestheirvariousrequirementsintermsofinteroperabilityaswellasregulatorycompliance. Throughthisdiscussion,thepaperpresentsitsargumentstowardsthestandardisationofrepresentation fortheseinformationcategories.Aninvestigationofexistingstandardsbodiesandavailablestandards forrepresentingtheidentifiedinformationcategoriesisalsopresented.Todemonstrateapplicability ofthemodelanditsidentifiedinformationflows,thepaperpresentsanapplicationofthemodel thatinvestigatesinteroperabilitywithinreal-worlduse-casesbasedondataprovidedundertheRight toDataPortability.Thefindingsofthisinvestigationrevealthatwhilethedataisinteroperable,the provideddatalackspracticalusefulnessintermsofsemantics.Thepaperprovidesadiscussionon howthiscanberesolvedusingcontextualmetadatainasemanticmodelofinteroperabilitybasedon thesemioticinformationtheory.Thisdiscussionalsoinvolvesthestandardisationofsuchmetadata betweenentitiestoensuretheirinteroperability.

Thispaperisanextensionofourpreviouswork(Pandit,O’Sullivan,&Lewis,2018),wherewe expandourinformationmodeltoinvolvemanagementinterfacesasentitiesalongwiththeadditional informationflowsassociatedwithitandprovideamorein-depthanalysisofexistingstandards towardstherepresentationofinformation.Wealsopresentareal-worlduse-casewhichanalyses thespecificdataformatsusedforcompliancewiththeRighttoDataPortabilityandpresentsour worktowardsevaluatingitsusefulnessinthecontextofinteroperability.Basedonthis,wepresent ourargumentstowardsadoptingamoresemantic-basedapproachtodefinecontextualmetadatafor betterinteroperability.

ENTITIES AND INFoRMATIoN

TounderstandtheentitiesandtheirrelevantobligationsundertheGDPR,weanalysedthetextofthe GDPRalongwithvariousdocumentsprovidedbysupervisoryauthoritiessuchastheDataProtection Commissioner’sOffice-Ireland(DPCIreland,2018)andInformationCommissioner’sOffice- UnitedKingdom(ICO,2018),documentsprovidedbytheArticle29WorkingPart(abbreviatedas WP29)foroutliningthenatureofobligationsundertheGDPR,andvariousinformationarticlesand documentationprovidedbycommercialorganisationsregardingcomplianceanddisseminationof informationregardingGDPR.Throughthis,wefirstidentifiedtheentitiesandtheirresponsibilities asamatterofcomplianceundertheGDPR,andtheinformationrequiredtofulfiltheirobligations towardscompliance.Basedonthis,weidentifiedtherelationshipofentitiesintermsofexchange ofinformationamongstthem.Theidentifiedinformationwasthencategorisedbasedonthenature ofinformationandrelationtocompliance.Thisprovidedawaytomodelthecommonalityand interoperabilityofdatausingthesecategories,aswellastodiscussthevariousstandardsfortheir representation.Theoutcomeofthisworkwasatheoreticalframeworkforhowtheinformationcan beexchangedinaninteroperablefashionandprovidesabackgroundforanalysisofuse-cases.

AnoverviewofthedatainteroperabilitymodelforGDPRcanbeseeninFigure1whichdepicts thedifferententitiesalongwiththepossibleinteroperabilitypointsbetweenthemalongwithexamples ofinformationandprocessesassociatedwitheachsuchpoint.Anyinteractionbetweentwoentities, evenofthesametype,canbeconsideredasaninteroperabilitypointifitinvolvescommunicationof someinformationorstructureddatabetweenthemtowardsnormaloperationalpracticesorforGDPR compliance.Understandingtherequirementsofthiscommunicationbetweentheentitiessuchaswhat istheassociatedinformation,whyitisbeingsharedorexchanged,andwhataretherequirements thatshapethisinformationprovidethebasisforexploringopportunitiestowardsstandardisationof informationpractices.InthecaseofGDPRcompliance,thelawitselfprovidesamotivationtowards adoptingstandardpracticesintermsofinteractionsbetweenentities.

Categorisation of Entities

(4)

orrecipientofasystemoraserviceandprovidetheconsentforactivities.DataController(s)or ‘Controller’(DC)isanentitythatdeterminesthepurposesandmeansoftheprocessingofpersonal data.Theycanactjointly,inwhichcasetheyarecalledJointControllers.ADataProcessor(DP)is anentitythatprocessespersonaldataonbehalfofthecontroller.Therelationshipbetweencontrollers andprocessorsismany-to-many,i.e.eithercanbeassociatedwithmultipleentitiesoftheothertype. Asub-processorisaprocessoractingunderanotherprocessor.Theyareboundbythesamerules ofagreementastheprocessortheyareunderwithitscontroller.TheSupervisoryAuthority(SA)or DataProtectionAuthority(DPA)isapublicinstitutionresponsibleformonitoringtheapplication ofdataprotectionlaws.

DataManagement(DM)isavirtualentityresponsibleforthehandlingandmanagementof informationonbehalfoftheDataController.VirtualinthiscasereferstotheDMnotbeingaseparate entityinthelegalsenseofthetermbuthavingadistinctionwiththefunctionsofitscontrollingentity (DataController)byvirtueofabstractionorautomation.AnexampleofaDataManagemententityis theuseofautomatedsoftwareforinteractionwithusersinanonlineservice,wheretheDataSubject onlyinteractswiththeDMfortheoperationoftheserviceaswellasexercisingofrights.TheDM wasaddedtotheextendedversionofourworkbasedontheuseofautomatedsystemstoprocess andprovidedatainthereal-worldbyorganisationssuchasGoogleandFacebook.Apartfromthese entities,GDPRcanalsobeinterpretedtohaveotherentitiesnotconsideredwithinthescopeofthis work.TheseareanAgentoraRepresentativeactingonbehalfofanotherentitysuchastheData SubjectorDataController,aDataProtectionOfficer,organisationsthatissuecertificationsand sealasprovidedbytheGDPR,aswellasadditionalregulatorybodiesandauthoritiesthatmightbe involvedinthecomplianceprocess.

Interoperability Between Entities

[image:4.504.96.392.90.340.2]
(5)

interoperabilitybetweenthetwoentities.TakingtheentitiesunderconsiderationasDataSubject (DS),DataController(DC),DataProcessor(DP),andSupervisoryAuthority(SA),wehaveasetof 6possiblepointsforinteroperabilitywithoutconsideringthedirectionofinteraction.Additionally, controllers,processors,andsupervisoryauthoritiescaninteractwithothercontrollers,processors, andsupervisoryauthoritiesrespectively.Thisbringsthetotalcountofpossiblepointsto9.IfaData Managementinterface(DM)isusedbyDataControllerstointeractwithDataSubjects,thenthis addstwomorepointsofinteractionbringingthetotalto11points.Itistobenotedherethatthe functionalityofDMisnotspecifiedbytheGDPRintheformofsuggestionorrequirementbutisa practicalconsiderationthatcouldbeusedbyDataControllerstoautomatepartsoftheiroperations forpracticalreasons.

TheentitiesdepictedinthemodelarebasedonananalysisofthetextoftheGDPRalongwith otherrelateddocumentspublishedbyvariousorganisationsassociatedwithdataprotectionand regulatorycompliance.Sinceonlythetypeofentityisrequiredforunderstandingandmodellingthe interaction,theirsize(large,medium,small,orindividual)ornature(commercial,governmental, ornot-for-profit)isassumedtohavenobearingontherequirementsoftheinteroperabilitypoint. Additionalinformationmayneedtobeexchangedbasedonspecificrequirementsbasedonthetype oftheentity,suchasadditionalresponsibilitiesrequiredbylargerorganisationsascomparedto individuals,thoughthisrequiresadeeperreviewofthelawandclarificationthroughlegalexperts. Wethereforedonotconsidersuchadditionalrequirementstobewithinthescopeofthispaper.For entitiessuchasgovernmentalinstitutionsandorganisationsthatareinapositionwhereinformation communicationneedstobemadeavailablefordisseminationtothepublic,weconsiderthisas motivationtoexploretherequirementsofsharingsuchdatainan‘open’and‘consistent’manner, whereopenisdefinedasbeingtransparentandinteroperabletowardsotherentities,andconsistent isdefinedasnothavingtemporalchanges.Whereentitiesarecommercialentities,interoperability ismoreconcernedwithconsistency,structure,andcorrectnessofinformationbeingexchanged.

ConsidertheinteractionsbetweenaDataSubjectandaDataController,orbetweenaData ControllerandaDataProcessor,wheretheinteroperabilitybetweenthemonlyrequiresthatthe providershouldprovidetheconsumerwiththerequiredinformationinaformatthatcanbeaccepted andoperatedon.Thisprovideddataisnotinherentlyintendedtobemadeavailabletoanyoneelse (suchasanotherentitywhichisathird-partyinthiscase),andthereforehasnoboundrequirements intermsofstandardsatthispointofinteractionaslongastheinvolvedentitiesagreeuponthe methodforsharingofdata.ContrastthiswiththecasewhereapublicbodysuchastheSupervisory Authorityisinvolved.CommunicationfromDataControllersorDataProcessorswithaSupervisory Authoritywouldhavetotakeintoconsiderationthesensitivityofprivateinformationbeingshared,and thereforewouldrequiretheuseofsecureformsofcommunicationswhichmayalsorequiresecurity inthestructuringofdataitself,suchasthroughencryptionorestablishmentofsecurechannels.Any warningorrulingbytheSupervisoryAuthoritythatcanbeconsideredpublicinformation,asinmade availabletothepublic,wouldalsoneedtobepublishedinanappropriatemannerinregardtoits sensitivity.Amodernmethodofdoingthisistopublishdetailsofuse-casesalongwiththeirrulings ordecisionsontheofficialwebsite.Suchinformationinthefuturemightbecollatedinaregistryor datasetusingappropriateformatsandstructuring.

(6)

itwouldbeprudentfortheDataControllertoobtainorconvertconsentintoaformthatmakesthis processofcomplianceeasier.Thisbringsinrequirementstowardshowthisinformationisstructured regardingitsrepresentation,storage,andqueryingandhowitcanassistinthedemonstrationofthe requiredcompliance.

TheinteractionofaDataControllertowardsDataSubjectsalsoincludestheprovisionofcertain informationasmandatedundertheGDPRsuchasthatprovidedundertheRighttoAccess.Data ControllersalsohavetoprovidethisinformationregardingexercisingofrightssuchastheRightto DataPortabilitythroughwhichaDataSubjectcanrequesttheDataControllertoprovideacopyof theirpersonaldata.GDPRalsodefinestheconditionsregardingtheprovisionofthisdatasuchasits structureorformat.Additionally,GDPRalsoprovidesDataSubjectstherighttohavetheirpersonal datatransferredfromoneDataControllertoanotheruponrequest.Theexercisingofthisrightrequires bothcontrollerstohavesomeformofinteroperabilitymechanismformutuallyunderstandingthe concerneddata.Thisextendstotheentitygeneratingitaswellasacceptingorconsumingthisdata. Suchrequirementsshapetheinformationflowandthereforetheinteroperabilityofinformationand havearoletoplayinthefunctioningoftheentityandalsotowardslegalcompliance.Forpractical reasons,itisimpossibleforallentitiestohaveaninteroperabilityagreementorarrangementwith eachother.Therefore,theprovisionofsuchinformationmustbemadethroughopenstandardsand formatsthatarealsocommonlyused.GDPRprovidesthesameargumentfordataprovidedunder theRighttoDataPortability.

ForinteractionsbetweenDataControllersandDataProcessors,orDataControllersandData Controllers,orDataProcessorsandDataProcessors,theseinteractionsalreadyhavesomeongoing andexistinginformationexchangesthatinvolveinteroperabilityaspartofanorganisation’soperational practices.Commonexamplesincludebusinessarrangementsoroutsourcingofoperationsforcost andprofitreasons.Whilesuchactivitiesareconsideredacommonindustrypractice,GDPRexplicitly mentionsthecategoriesofinformationsharedintheoperationofsuchservicesbetweentheseentities. AnexamplethisistheexplicitlistofinstructionssharedbytheDataControllertoaDataProcessor forprocessingactivitiesoverthepersonaldataitprovides.Thelegalacknowledgementofsuch informationsharingmakesitsdocumentationimportantfromthepointofcompliance.Thisprovides anopportunityforexploringwhetherastructuredandcommonformatcanprovideadvantagesto existingpracticesregardingthesharingofsuchinformation.

Anapproachsuggestinganentirelynewordifferentinteroperabilitymodelwouldbedifficult touptakeduetothediversityandvarianceofexistinginfrastructuresaswellasthecostofchanging them.Therefore,thecostofadoptingnewpracticesprovidesaninertiatowardskeepingexisting methodsofoperation.Itispossibletoconstructapracticalinteroperabilitymodelbasedonthe existingpracticeswithaviewtowardsextendingtheminanachievableandconsistentmannerfor entitiesinvolved.However,thisisdifficulttoachieveinrealityduetotheearliermentionedinertia andthecostofchange.SincelegalcomplianceisanecessityandGDPRrequiresoperationalchanges foritsobligations,thiscanbeexploitedintheadoptionoftheinteroperabilitymodel.Anapproach concerningonlythatinformationwhichisnecessaryforlegalcompliancecanbeproposedasasolution thataugmentsexistingservicesratherthanreplacesthem.Underthis,interactionsandexchanges betweenentitiesthroughnewactivitiesaswellaschangestowardsexistingonesaredefinedbythe requirementsprovidedbyGDPRcompliance.

(7)

Legally,theDataControllerisnotresponsibleforthecomplianceoftheDataProcessor.However, sinceitprovidestheexplicitlistofinstructionsforactivitiesoveritspersonaldata,thereisacertain relationshipbetweenthecomplianceofthetwoentities.Thismotivatestowardslookingatalternate approachesthatcanhelpwiththecomplianceaspectofwhereinformationandactivitiesareshared acrossdifferententities.

Onesuchexampleiswhereinformationislinkedtocertainactivitiesassociatedwiththe processingofinformationwhichisrelevantforcompliance.Astructuredapproachthatprovidesan efficientandeffectivewayforthestorage,management,andqueryingofthisinformationpresents atechnologicallystructuredwaytousethisinformationinthedemonstrationofcompliance.In addition,whentherearemultipleentitiesinvolvedinthecomplianceprocess,thesharingofstructured contextualinformationrelatedtocompliancecanassistbothentitiesinthedemonstrationoftheir respectivecompliance.Suchrequirementsalsoshapetheinformationexchangedbetweenentities andareapartoftheinteroperabilitymodel.Weexploretheexchangeofsuchinformationingreater detailthroughtheinformationflowsbetweenvariousentitiesinthefollowingsection.

Information flows

EachinteractionpointhasrequirementsfrommultipleGDPRarticlesthataffecttheinformationand activitiesassociatedwiththatpoint.ThisispresentedinTable1withtherelevantarticlesinGDPR andtheirrelationtowardsgoverningtheinteroperabilitybetweenentities.Anextendedversionofthe tableisavailableonline(Pandit,Debruyne,O’Sullivan,&Lewis.2018)andpresentsamoregranular referencetoGDPRarticlesalongwithcommentsdescribingtherelevancetointeroperability.

Table1containsfourtypesofstatementsidentifiedinthetextoftheGDPRthatdetermineor influencetheinteroperabilityofinformationbetweenentities.Thefirsttypeofstatementreflects arequirementfortheinteroperabilityandisabbreviatedasREQ.Entitiesareexpectedtofollowor fulfilthisrequirementforcompliance.GDPRonlystatesbutdoesnotstipulatehowarequirement shouldbefulfilled.Whereanactivityoractionispresentedinthestatement,theseareidentifiedas processesrelatedtousage,sharing,publication,orexchangeofinformation,andareannotatedas PROCinthetable.Whereinformationiscategoricallymentionedorasinformationconsistingof someformorcategory,theabbreviationDATAisusedtoidentifysuchstatementsinthetable.Where additionalinformationaboutcategoryortypeofdataisspecified,thisisannotatedwithFORMAT, withthestatementeitherspecifyinganexplicitdataformatorprovidingguidelinesgoverningthe choiceofformatswhichareacceptableorneedtobeenforced.

Wheretheserequirementsmightnothaveadirectbearingontheprocessesandthedatainvolved, theyareusefultowardsthediscussioninvolvingtheabstractconceptoftheassociateddata.These formthebackgroundoftherequirementsgatheringprocessforprocesses,includingcommunication betweenentities,wherethecomplianceofarequirementortheimplementationofaprocessmight guidetheavailablestandardsforrepresentingthedatainvolved.Forexample,inArticle30-1,the statementrequirescontrollerstomaintainlogsorrecordsofprocessingactivities.Whilethisstatement referstotheabstractinformationassociatedwithprocessingactivities,itcanalsobeusedtointerpret andformulaterecordsofactivitiesintoastructuredformofinformationusefultowardsdiscussing standardisationoftheassociateddata.Inthenextsection,weidentifyandexplorethisabstractnotion ofinformationfromtheselectedarticlesoutlinedinTable1bycategorisingthembasedontheir contentandintendedusage.

Categorising Information Flows

(8)
[image:8.504.42.450.90.499.2]

Table 2. Describing the relation between information categories and entities

Category DS DC DP SA

Provenance -- Maintain Maintain Inspect

Agreements -- WithDCandDP WithDCandDP Inspect

Consent Provide Collect -- Inspect

Certification -- Audit Audit Provision

Compliance -- Maintain,Demonstrate,Audit DPCompliance

Maintain,

Demonstrate(SAand

DC) Check

Table 1. Interaction points between entities in GDPR with type of statement

Article Interaction Point Type(s)

5 DS--DC,DC--SA REQ,PROC

7 DC--SA,DS--DC PROC

12 DS--DC REQ,PROC,DATA,FORMAT

13 DS--DC DATA

14 DS--DC DATA

15 DS--DC DATA

16 DS--DC REQ,PROC

18 DS--DC REQ,PROC

19 DS--DC,DC--DC,DC--DP REQ,PROC,DATA

20 DS--DC,DC--DC REQ,PROC,DATA,FORMAT

25 DC--SA PROC

26 DC--DC REQ,PROC

27 DC--SA REQ,DATA,FORMAT

28 DC--DP,DP--DP REQ,PROC,DATA

30 DC--SA,DC--DP,DP--SA REQ,PROC,DATA,FORMAT

33 DC--SA,DC--DP REQ,PROC,DATA

34 DS--DC REQ,PROC

35 DC--SA,DS--DC REQ,DATA

36 DC--SA,DP--SA REQ,PROC,DATA

42 DC--SA,DP--SA REQ

47 DC--DP,DP--SA,DC--SA PROC

49 DS--DC,DC--SA,DP--SA REQ,PROC

57 DS--SA,SA--SA REQ,PROC,DATA

58 DC--SA,DP--SA REQ,PROC,DATA

60 SA--SA REQ,PROC

(9)

example,consentisprovidedbytheDataSubject,iscollectedbytheDataController,andisinspected bytheSupervisoryAuthority.Weusetheinformationcategoriestobroadlyshapeandclassifythe informationflowsbetweenentitiesaswellastorefertotheinformationexchangedwithinthem.The classificationprovidesawaytorefertothespecifictypeorcategoryofinformation,alongwithits context,withoutexplicitlydealingwithspecificuse-casesorexamplesofitsusage.Thisabstraction isbeneficialtowardsexploringbroadstandardstowardsitsrepresentations.

Provenance

Theprovenanceinformationcategoryreferstoinformationaboutentitiesandactivitiesinvolvedin producingsomedataorartefact,whichcanbeusedtoformassessmentsaboutitsquality,reliability ortrustworthiness.Thisinformationisrelatedtothecomplianceforactivitiesthatinvolvesomedata thatneedstobelinkedorresolvedtotheactivitiesthatcreate,use,share,orstoreit.Anexampleof thisisthatofconsentalongwiththeactivitiesassociatedwithitthatobtain,update,orinvalidate theconsent.Fordemonstratingcompliance,itisessentialtoshowthattheseactivitiesfollowthe obligationsrequiredforcompliance,whichrequiresthepresenceandmaintenanceoflogsthat recordthefunctioningoftheseactivities.Theselogscanbemodelledasaformofprovenancein whichcasetheyformthelifecycleofconsenttrackingitscreation(obtaining),usewithindifferent activities,howitisstored,andfinallyitsdeletion(invalidation).Compliancethenbecomesamatter ofintrospectingsuchprovenancelogstoseewhethertheactivitiesrecordedthecorrectandcompliant behaviour.Anotherexampleisforcheckingwhetheraconsentwasvalidlygiven,whichrequiresthat theconsentshouldbefreelygiven,beexplicittowardsspecifiedprocesses,andmustbeunambiguous. Sincedetectingtheseconditionsforvalidityofconsentisnotpossiblewithoutmanualoversight,the artefactsandprocessesinvolvedintheobtainingofprovenancecanbeusefulincapturingthestate ofthingsaspresentwhenobtainingtheconsentfromtheDataSubject.Dependingonthemannerof representingprovenance,thelifecycleofconsentcanthenbetracedwithsufficientgranularityand abstractiontolinkitwithactivitiesthatdependonit,therebymakingitpossibletoalsodetermine whethertheconsentwasusedasintendedbythetermsoftheGDPR.

Asprovenanceinformationpotentiallyencompassesallartefactsandprocessesrequiring compliance,itcanbearguedthathavinginteroperabilitywithrelationtosharingandevaluating provenanceinformationwouldgreatlybenefitthecomplianceoperationsforboththeorganisationas wellastheauthorities.Additionally,ascomplianceitselfinvolvesseveralactivitiesandthecreation ofartefactssuchascompliancereports,thisinformationcanalsobedefinedusingacommon provenancemodelforreuseanddissemination.Suchformsofinteroperabilitycanbeusedinany interactionswhereprovenanceinformationneedstobesharedorevaluated,suchasisalsothecase withcontrollersandprocessorswherethereisaneedtodefineactivitiesthatneedtotakeplace,or tomaintainajointorcollaborativerecordofactivitiesundertakenthatinvolvebothentities.Thisis especiallyusefulwheninformationneedstobesharedthatinvolveslifecyclesofartefactssuchas consent,andpersonaldataneedtobetrackedorchartedacrossactivities.Provenancedefinedinsuch mannerhasledtoapproachesintheexistingcorporaofworktocreateaprivacyimpactassessment template(Reubenetal.,2016)andcreatingcomponentsbasedonactivities(Mense&Blobel,2017).

Data Sharing Agreements

(10)

instructionfromadatasubjecttoupdatetheirconsentforcertainactivitieswhicharehandledbya DataProcessor,theDataControllermustupdateorenforce(dependingonthelegalterminuseto describetheuse-case)theiragreementtogettheDataProcessortoalsoreflectthischangeinconsent overthepersonaldataandactivitiesthattheyhave/hadreceivedfromtheDataController.Without someformofautomation,suchrequestswouldneedtobesentandreceivedmanuallyorrequiremanual action,greatlyincreasingtheworkandtimerequiredtohandlethem.Withautomationinvolvedin theprocess,theDataController’ssystem(suchasaDataManagementinterface)canautomatically takecareoftherequestbyupdatingtheagreementinplaceforhandlingtheparticularconsentand personaldatawiththeDataProcessorandcanalsoawaitareceiptoranacknowledgementfromthe DataProcessorforthesuccessfulcompletionoftherequest.Suchagreementsthatcanbeiterated, stored,andqueriedusingsystemsareofbenefittotheinvolvedentitiesaswellasotherentitiesthat mightwishtointrospecttheagreementssuchasCertificationBodiesandRegulatoryAuthorities.An exampleofthisisdatasharingagreementsthatcanbeexplicitlydesignedtobeinteroperablebased onrequirementsoftheGDPR(Hadziselimovic,Fatema,Pandit,&Lewis,2017).

Consent

ConsentinthecontextoftheGDPRreferstotheassentoragreementbythedatasubjectinrelation totheirpersonaldatafortheproposedprocessingactivitiesassociatedwithoneormoreentities. Givenconsentrefersspecificallytotheformofconsentgivenbythedatasubjectinrelationtotheir personaldataandtheproposedusagebyactivities(Ross,2017).Consentcanbeconsideredtobean agreementbetweentheDataSubjectandtheDataController(oranotherentity)andcantherefore benefitfromthesameapproachasdescribedforimplementingdatasharingagreements.Thiscan provideconsistencyintheapplicationoftechnologyaswellasencourageadoptionofuniform standardsandinteroperabilityindealingwithsimilaruse-cases.

GDPRspecifiescertainrequirementswhichguidetheacquisitionanddemonstrationofconsent forittobeevaluatedasvalid(Mittal2017).Theseincludethestipulationthatconsentmustbefreely given,mustbeinformed,specific,andvoluntary.Ofthese,onlythespecificityofconsentcanbe gaugedfromagivenconsentinaformsuchasanagreement.Givenconsentcontainstheterms whichhavebeenacceptedbytheuser,whichcanbeusedtogaugethespecificityoftheagreement, andthereforedecideonwhethertheconsentitselfwasspecificorbroadundertheGDPR.Forother stipulationsrelatedtovalidconsent,itisessentialtorefertotheprocessandartefactsusedtoacquire theconsenttounderstandtheconditionsunderwhichtheconsentagreementwasprovidedtothedata subjectandhowitwasacceptedorgivenoragreed.

Forexample,incaseswheretheconsentisacquiredthroughaweb-form(Fatemaetal.,2017), theentireweb-pagemayneedtobepreservedtodemonstratethattheconsentacquisitionprocess wasinaccordancewiththeconditionsundertheGDPR.Therefore,whilethegivenconsentmaybe representedinanyform,italsohastobelinkedtotheprocessesresponsibleforacquiringtheconsent. Additionally,anyrevisionofconsentdatasuchaswhenupdatingorrevokingconsentalsoneedsto bestoredinawaythatcanbelinkedtotheprocessesinvolvedinthechangeaswellaslinkedtothe originalconsent.ThisisimportantasamatterofcomplianceasGDPRenforcementmayrequire demonstrationthatachangeinconsentwascarriedoutcorrectly,whichisonlypossiblethroughan introspectionofwhattheoriginalandchangedversionsoftheconsentare.Thisalsointroducesthe dependency-likerelationbetweendataprocessesandconsentwhereconsentshouldbeinherently linkedtotheprocessesthatdependonit.Forexample,iftheprocessofusingpersonaldatatosend emailsisdependentontheconsentobtainedfromtheuseratthetimeofregistration,thenitisvital toshowthatthetwoarelinkedtogether,i.e.theemailsareonlysentbasedonthegivenconsent. Suchasystemmustalsobeabletodemonstratethatupdatedconsenthasimmediateeffectonthe processesthatdependonconsent.

(11)

methodofprovenance.Suchamethodcapturingthevariousstagesofconsentandpersonaldataas lifecyclesinvolvingprocessesandartefactswouldenabledocumentationrepresentingthemodelof thesystemasawhole.Theindividualrecordsorlogsofactivitiescanthenbeinstantiatedbasedon themodeltocaptureuseroreventspecificinformation.

Compliance

OverseeingthecomplianceisanongoingandcontinuousprocessandisspecifiedwithintheGDPR asanactivitytobeundertakenbyanorganisationatcertaintimes.ComplianceundertheGDPRis acontinuousprocessratherthanasingleoperationtobecarriedattheendofanactivity.Instead, itisessentialtomaintaincomplianceatalltimesbyensuringrelatedactivitiesarecompliantatall stagesoftheiroperation.Thiscanbeachievedbyhavingproperpracticesandprocessesregarding evaluationofcompliancefromthedesignstageattheearliest.Suchprocessesensurethatanew serviceorchangeinanexistingservicearecompliantbeforetheybegintheoperation.Several peoplemightbeinvolvedindesignandoperationofthesystem,buttheresponsibilityofensuring thecompliancefallsonthemanagementoronthe/aDataProtectionOfficer(DPO)ifappointed.In anycase,suchchecksofcomplianceareintegraltoaudits,donebytheorganisationitselforbya third-partyhiredbytheorganisation,forensuringtheactivitiesmeettherequiredcompliancetowards legalobligations.Arecordofsuchactivitiesanditsoutcomeisthereforeanessentialoutcomeof suchauditsorcomplianceprocessesandformspartofthecomplianceinformationmaintainedby theorganisation.Suchinformationwouldprovetobehelpfulforsupervisoryauthoritieswhomight wishtoinspecttheactivitiesofanorganisationanddetermineresponsibilityincaseswheremultiple entitiesareinvolved.

Theinformationassociatedwithcompliancerelatedactivitiescanberepresentedasprovenance informationthoughtheprocessesandartefactsinvolvedinthiscasearedifferentfromthoserelated totheconsentandpersonaldatalifecycles.Toacertainextent,dependingonthestructuringof complianceactivities,itispossibletoconsiderthecompliancerelatedactivitiesaspartofacompliance lifecyclewheretheoutputsofactivitiessuchasreportscanbemappedalongatimelineusing provenancemethodssimilartothosepreviouslyoutlined.Theremightbeadditionalrequirementsof ensuringthesecurityandintegrityofsuchrecords,thoughthisprobablywouldnothaveanybearing onthedepictionoftheinformationitself.Instead,anyconcernsrelatedtothedatabeingtampered oraccessedwithoutproperauthorisationcanbemitigatedthroughproperstorageandhandlingof thisinformation.Thisalsoallowstheprovenancerepresentationrequiredforcompliancelifecycles tobeconsistentinitspurporteduse-casewiththoserelatedtoprovenanceofconsentandpersonal datalifecycles.

Certifications

GDPRhasprovisionsforsealsandcertificationswhichcanhelporganisationswithameasureof complianceaswellasgoodpractices.Thesehaveamaximumvalidityofthreeyearsandhavecertain conditionsorcriterionforthecreationandissuingofsealsandcertificationspertainingtoGDPR compliance.Thesealorcertificationdoesnotreduceorimpacttheresponsibilityofthecontrolleror processorforcompliancewiththeGDPRbutactsasamethodofdisplayingorprovidinginformation regardingcompliance.Theexactnatureofsuchsealsandcertificationsandtheirrolewithrespectof demonstrationofcompliancetotheauthoritiesisstillunderconsideration.

(12)

Thereareseveralareasofinterestwheretheinformationincludedinthereportcanbestructured forrepresentationinamannerthatmakesiteasytostore,access,query,andmostimportantlyshare withotherentities.Forexample,ifacertainprocessisresponsibleforsharingpersonaldatabetween acontrollerandaprocessor,wheretheprocessor’sprocessesforhandlingthesaiddatahavebeen auditedthroughareport,thenthisinformationmayprovetobesufficientforanagreementbetween thetwoentities.However,anysuchauditanditsaccompanyingreporthavingavalidityofamaximum threeyearsrequiresthecontrollerandprocessortoinvestigatetheirrespectiveagreementsattheend ofthisreport.Agreementsthereforeneedstoconsiderthisprocessasarequirementwhichhindersthe automaticresolutionofagreementsbetweenthetwoparties.Onewaytomitigatethisistokeepthis requirementoutoftheautomation,inwhichcasetheagreementswouldcontinuetooperateevenwhen thereportvalidityhaslapsed.Anothercaseiswhereprocesseschange,andtheprocessormustrenew itscertification.Ifitisabletodemonstratethechangesinitsprocesses,thereportscanpossiblybe linkedtotheversionoriterationofprocessitevaluated,therebyalsoprovidingawayforagreements toviewandusethisinformation.Evenwithoutuseinautomatedagreements,thestructuringofsuch informationmayprovideastrongusewithintheorganisationofcompliancerelatedinformationby cross-linkingorcross-referencingtheinformationindocumentationthatcanbecontinuouslyupdated.

Identifying opportunities for Commonality and Interoperability

ThemodelprovidesanoverviewofinformationexchangeinthecontextoftheGDPR.Itidentifies therelevantentities,theirrolesandrequirements,thecategoriesofinformationexchanged,andthe obligationsoftheGDPRapplicableoverthese.Throughthis,weidentifyinformationthatiscommon intermsofitsrequirementsforoperationandcomplianceaswellasrepresentationintermsof practicalityandadoption.Interoperabilityofinformationcanbediscussedusingtheseasattributes andusingthemodeltostructuretheinformationflows.Thecommonalityandinteroperabilityof identifiedinformationflowsandtheirassociatedinformationcategoriesareusefultowardsdiscussing howthesecanbeexploitedtowardsthestandardisationofinformationbeingexchanged.

Asseenfromthepreviousdescriptionsofvariousinformationcategories,provenanceformsan underlyingstructurewhereprocessesordataartefactscanbecapturedandrepresentedforvarious usecasesoftheotherinformationcategories.Similarly,thedependencebetweenthedifferent informationtypesalsodemonstratestheadvantagesoflinkingthemtogethertocreatemoreefficient systemscapableofautomationandbetterdocumentation.Thisprovidesanopportunitytocombinethe approachtowardsrepresentingthedifferenttypesinformationintoacohesivemodelthatoperativesat ahigherandmoreabstractleveltorepresenttheentiresystem’sinformationmodel.Italsohighlights thepointsofinteroperabilityinternallywithinanorganisation.Whileitisstillpossibletopickand choosewhichinformationorcategoryshouldberepresentedindividually,theoverallbenefitsafforded byacohesivemodelarebettersuitedforthefunctioningoftheserviceanditscompliance.

Wemainlyidentifytheuseoflifecyclesforrepresentingtheprocessesandartefacts,whether internalorexternaltotheorganisation,asformsofdocumentation.Thisprovenanceinformation formsthebasisofotherinformationcategoriesasitinvolvesdocumentingtheuseofconsentand personaldata,formationofdatasharingagreements,andrecordingcomplianceauditsandprovision ofproducedreports.Thisinformationisalsorequiredtobesharedwithotherentitiessuchaswhere processorsarerequiredtooutlinetheirprocessestothecontrollers,andauthoritiesmayrequestto reviewprocessesforcompliance.Theuseofprovenancealsoallowsrecordingtheoccurrenceofevents suchasarchivalanddeletionofconsentandpersonaldatawhichcanbevitalinthedemonstration ofcompliance.

(13)

referencesthespecificprocessesthatwillusethedatausingprovenanceinformationwhilethegiven consentitselfisalsorecordedasaneventusingthesameorsimilarprovenancemechanisms.This explicitlinkingofinherentlyrelatedinformationallowsbetterrepresentationofinformationandleads tosemanticsystemsthatarecapableofintelligentoperations.Inthiscase,atalaterdate,itispossible toidentifythegivenconsentforaspecificuserfromprovenancelogsandtoviewtheprocessitwas obtainedagainst.Thisitselfcanfurtherbeusedtodetermineifanupdatedconsentisrequiredunder thetermsoftheGDPRuponintroducingachangeintheprocesssuchasanadditionofafeature.

Existing Standards

Inthissection,weexploreexistingstandardsandtheirrelevancewithrespecttotherepresentation ofinformationandinteroperabilitydiscussedpreviouslyinthispaperinthecontextoftheGDPR. Ourfocusisprimarilyonstandardsforinformationbeingexchangedoverthemediumoftheinternet. Thisisduetoitsincreasingprevalenceforinformationexchangeaswellasprovisionofservices. Whereapplicationsandservicesarenotprovidedovertheinternet,theyeitherdependonitfor communication(includingmessagesandupdates)orinternallyuseitasthemediumforserviceswith otherparties(suchasanalytics).Weconsiderapproachesbothwithinindustryaswellasacademia, aswellasorganisationsandbodiesinvolvedincreatingandoverseeingstandards.Weintentionally emphasiseonstandardsthatareopenandnon-proprietaryduetotheirgreaterusabilityandfreedom ofadoptionbythecommunityatlarge.

world wide web Consortium (w3C)

TheWorldWideWebConsortium(W3C,2018),abbreviatedasW3C,isthestandardsbodyresponsible forinformationexchangeontheWeb,whichitselfisbasedonthestandardsandprotocolsofthe Internet.Duetotheever-increasingusageofthewebasamediumforprovisionofservicesand information,itisimportanttoconsiderstandardsthatcanbereadilyintegratedintomediumssuch aswebpagesandwebserviceswhichformthebackboneofinteroperabilityformanyorganisations, bothcommercialaswellaspublicinstitutions.

W3Cstandardsundergovariousstagesofdevelopmentstartingfrom“WorkingDraft(WD)”to “CandidateRecommendation(CR)”whicharethenmovedtothe“ProposedRecommendation(PR)” stagebeforebeingsetasa“W3CRecommendation(REC)”.Duetothecontinuousparticipationof thestakeholdersandthecommunityateachstageofdevelopment,thestandardsatstagesPRand RECareconsideredtohavebeensufficientlymaturedtobeadoptedintousage.Wethereforeconsider onlythosestandardswhichfallineitherstagesasbeingsuitableforrecommendationinthispaper.

Forrepresentinginformation,W3Chasseveralstandardsregardingdataformatssuchas XML,CSV,andJSON.Theseformatsprovidespecificationsfortheencodingofinformationinto interoperabledatastreams.TheResourceDescriptionFramework(RDF,2014),orRDF,isafamily ofspecificationsthatwereoriginallydefinedasametadatamodelbuthavesincebeenusedtomodel informationaswebresources.RDFsupportsseveraldataserialisationformats,includingXMLand JSON(throughJSON-LD),makingitsusageandadoptioneasierforinformationinteroperability. RDFallowsexpressionoffactsastriplesconsistingofthesubject-predicate-objectpattern.This allowstheexpressionofknowledgeasadirectedgraphusingacollectionofRDFstatements,which enablesdatamodellinginaconsistentmanner.

(14)

ofinformationdefinedusingRDFincludetheShapesConstraintLanguage(SHACL,2017) whichisaW3CRecommendation,andtheShapeExpressions(ShEx,2017)language,whichis currentlybeingdraftedbytheW3Ccommunity.

TotakeadvantageoftheinteroperabilityofferedbycommonlyusedformatssuchasCSVand JSONwiththesemanticsprovidedbyRDF,thereissignificantworkincreatingastandardcombining theseapproaches.NotableexamplesforthisincludeCSVontheWeb(CSVW,2016)whichusesCSV andJSON-LD(JSON-LD,2014)whichusesJSON.Reusing(andinthiscasecombining)standards providesinteroperabilityaswellascommonalitytowardstheunderlyingtechnologyutilisedtocreate, store,andqueryinformationrepresentedbythesestandards.Therefore,anyadditionalstandardsor formatsdevelopedforapplication-specificapproachesshouldbebasedonexistingformsofstandards inordertotakeadvantageofexistingpracticesandadoptionoftechnologies.Thislineofargumentis consistentwiththerecentuptakeofopen-datapublishingrequirementsbytheEuropeanPublications Office(Eur-LEX,2018)usingmechanismsbasedonRDFandopendataformats.Inthenextsections, wediscussW3Cstandardsandapproachesformodellingandrepresentingthevariousinformation categoriesdiscussedinthispaper.

Forrepresentingprovenance,wehavetheProvenanceDataModel(PROV-DM,2013),orPROV, whichisaW3Crecommendationsince30thApril2013andprovidesdefinitionsforinterchangeof provenanceinformation.UsingPROV,wecandefineentitiesandthevariousrelationsandoperations betweenthemsuchasgeneratedby,derivedfrom,andattributions.PROVhasbeensuccessfully utilisedinseveraldomainsandapplicationsincludingencapsulationofscientificworkflowsand provenancerepositories.PROVwasdesignedtobegenericanddomainindependentandneedsto beextendedtoaddresstherequirementstorepresentworkflowtemplatesandexecutions.Thereare existingapproachesinacademiathatutilisePROVinapproachesspecifictotherepresentationof provenanceinformationrelatedtoGDPR(Pandit&Lewis,2017).

The Open Digital Rights Language (ODRL, 2018), abbreviated as ODRL, is a W3C recommendationforpolicyexpressionlanguagethatprovidesaflexibleandinteroperableinformation model,vocabulary,andencodingmechanismsforrepresentingstatementsabouttheusageof contentandservices.TheODRLInformationModeldescribestheunderlyingconcepts,entities, andrelationshipsthatformthefoundationalbasisforthesemanticsoftheODRLpolicies.Policies areusedtorepresentpermittedandprohibitedactionsoveracertainasset,aswellastheobligations requiredtobemeetbystakeholders.Inaddition,policiesmaybelimitedbyconstraints(e.g.,temporal orspatialconstraints)andduties(e.g.payments)maybeimposedonpermissions.ODRLcanbe utilisedforrepresentingagreements,whichcanincludebothdatasharingagreementsasrequiredfor DataControllersandDataProcessors,aswellasforrepresentingconsentasanagreementbetween theDataControllerandtheDataSubject.

CEN / CENELEC / ETSI

(15)

captureofclient-relatedandvitalsignsinformation,andofdeviceoperationaldata.Followingsuch standardsallowseasieroperationsbetweenmultipleentities,aswellasforsupervisoryauthoritiesto assessitsworkings.Thisisimportantwhenconsideringthatdataobtainedviasuchdevicescanbe consideredtobesensitivepersonalinformationundertheGDPR,andthereforewillhaveadditional obligationsregardingitscollection,usage,storageandsharing.Usingstandardsfordatacollectionand communicationallowscompliancetobeassessedbasedonknownmechanismspartofimplementing thestandard.

ISA2

TheInteroperabilitysolutionsforpublicadministrations,businessesandcitizens(ISA2,2018),or ISA2,isaprogrammethatdevelopsandprovidesdigitalsolutionsthatenablepublicadministrations,

businessesandcitizensinEuropetobenefitfrominteroperablecross-borderandcross-sectorpublic services.TheprogrammewasadoptedinNovember2015bytheEuropeanParliamentandtheCouncil ofEuropeanUnion.ISA2isthefollow-upprogrammetoISAandaimstoensureinteroperability

activitiesarewellcoordinatedatEUlevelthroughastructuredplanconsistingofarevisiontothe EuropeanInteroperabilityFramework(EIF)andtheEuropeanInteroperabilityStrategy(EIS),along withdevelopmentoftheEuropeanInteroperabilityReferenceArchitecture(EIRA)andEuropean InteroperabilityCartography(EIC)solutions.

Theefforthasproducedasetof‘CoreVocabularies’,maintainedbytheSemanticInteroperability Community(SEMIC,2018),orSEMIC,thatprovideasimplified,reusableandextensibledata modelforcapturingfundamentalcharacteristicsofanentityinacontext-neutralfashion.Existing corevocabulariesincludewaystodefineattributesforpeople,publicorganisations,registered organisations,locations,publicservices,thecriterionandevidencerequiredtobefulfilledbyprivate entitiestoperformpublicservices,andapubliceventvocabulary.SEMIChasalsodevelopedthe DCATApplicationProfile(DCAT-AP),basedontheDCATspecification,fordescribingpublic sectordatasetsinEuropesoastoenabletheexchangeofdescriptionsofdatasetsamongdataportals. GeoDCAT-APisanextensionofDCAT-APfordescribinggeospatialdatasets,datasetseriesand services,whileStatDCAT-APaimstodeliverspecificationsandtoolsthatenhanceinteroperability betweendescriptionsofstatisticaldatasetswithinthestatisticaldomainandbetweenstatisticaldata andopendataportals.TheAssetDescriptionMetadataSchema(ADMS)isavocabularytodescribe anddocumentreusableinteroperabilitysolutions,suchasdatamodelsandspecifications,reference datasets,andopen-sourcesoftware.TheobjectiveofADMSistofacilitatethediscoverabilityof reusableinteroperabilitysolutions,inordertoreducethedevelopmentcostsofcross-borderand/or cross-sectore-Governmentsystems.

Interoperability and Right to Data Portability

(16)

isonlypossiblewhenthereceivingDataControllerhastechnicalsystemsthatcanacceptthespecific dataformatused.WP29alsocommentsonthedataformatsusedspecifyingthatbeingstructured, commonlyused,andmachine-readablearespecificationsforthedataformatwithinteroperability beingitsdesiredoutcome.FurthercommentsbyWP29onRecital68statethattheaimofdata portabilityistoproduceinteroperablesystemsandnotcompatiblesystems.Interoperabilityinthis caseisdefinedbyISO/IEC2382-01as“Thecapabilitytocommunicate,executeprograms,ortransfer dataamongvariousfunctionalunitsinamannerthatrequirestheusertohavelittleornoknowledge oftheuniquecharacteristicsofthoseunits.”

BasedonthisunderstandingoftherequirementsforthedataprovidedundertheRighttoData Portability,weundertookashortstudyofthevariousdataformatsusedbyonlinesocialservices toprovidepersonaldata.Weselectedtheseservicesbasedontheirpopularityandusedthespecific mechanismsprovidedbytheserviceitselftoexerciseourrighttoobtainacopyofourpersonaldata. Thestudywasundertakenonlyontheservicesusedbytheprimaryauthorofthepaper.Theobtained datawasanalysedforthespecificdataformatusedandwhetheritsatisfiesthespecificationslaid outbytheGDPR.Thesedataformatswerethenanalysedtoevaluatewhethertheyarebasedon existingstandardsandsupportforinteroperabilityasdefinedbytheWP29guidelines.Thepurpose ofthestudywastounderstandtheprovisionofinformationandthespecificstandardsusedinits representation.Thestudyprovidesinformationregardinghowdataisexchangedintheindustryand allowsananalysisofthemodelintermsofexistingstandardsandrepresentations.Wepresenthere ourreportonthesefindings.

Weanalysedthepersonaldataobtainedfromfollowingorganisations:Apple,Facebook,Fitbit, Google,Instagram(ownedbyFacebook),LinkedIn,Snapchat,Twitter,andWhatsApp(ownedby Facebook).TherequestsweremadeinthefirstthreeweeksofJune.Inallcases,theservicesoffered anonlineinterfacetorequestacopyofthepersonaldata.Inmostcases,thedatawasprovidedon thesameday,withthemaximumtimetakentoprovidebeing5daysfromthedayofrequest.All organisationsprovidedthedataasanarchiveusingtheZipfileformat,exceptFitbitwhichprovideda linktoaDropboxfolderthatcouldbeaccessedwithoutaDropboxaccountandcontainedtherequested data.CSV,HTML,andJSONwerethemostcommonformatsusedtoprovide(generic)data,with otherformatssuchasVCF,vCARD,iCalendar,MBOXusedforspecificdatasuchascalendarsand emails.Table3listsmoreinformationaboutthedataformatsusedbyorganisations.

[image:16.504.45.443.496.668.2]

ToassesswhetherthesedataformatssatisfytherequirementssetforthbytheGDPRisamatter requiringlegalexpertiseandanauthoritativeinterpretationofthelaw.Here,weevaluatethem

Table 3. Data formats used for data obtained under the right to data portability

Organisation Archive Format Data Format(s) Response (in days)

Apple Zip CSV,PDF,VCF,ICS 3

Facebook Zip HTML,Images,JSON 0

Fitbit Dropboxlink XLS,TSV 5

Google Zip,Gzip HTML,iCalendar,vCard,Documentformats,JSON,

CSV,MBOX… 0

Instagram Zip JPEG,JSON 2

LinkedIn Zip CSV 0

Snapchat Zip HTML,JSON 0

Twitter Zip JavaScript 2

Figure

Figure 1. Data interoperability model for GDPR
Table 2. Describing the relation between information categories and entities
Table 3. Data formats used for data obtained under the right to data portability
Figure 2. Stamper’s (2016) semiotic ladder for design and use of information systems

References

Download now ( PDF - 21 Page - 657.27 KB )

Related documents

Molecular staging of node negative patients with colorectal cancer.

Prospective analysis of GUCY2C to detect occult metastases in regional lymph nodes [11, 13] provided an opportunity to define the contribution of occult metastatic burden to

Generate Json Message From Json Schema

Reproduced that has to generate message json schema, major changes you using the project intends to them knowing the attributes for that allows document data or not want?. Forming

MR. A. HASEEB FAKIH

MOHAMMAD ASIF 123, 3RD FLOOR, KARACHI STOCK EXCHANGE BLDG., STOCK EXCHANGE ROAD, KARACHI.. MOHAMMED IQBAL FLAT NO.31, BLOCK A/5, 3RD FLOOR, JAUHAR SQUARE,

Business Intelligence programs bring Innovation in Customer Experience

Today the AI assists human intelligence in the understanding of information and drives collective intelligence in decision making and in discovery of factors that human

Informed trading around stock split announcements: Evidence from the option market

Thus, to evaluate whether option traders expect positive abnormal returns following stock split announcements, we do not study the level of the volatility spread and skew,

Teaching philosophies in Puppet Theatre Puppeteer – actor-puppeteer - performer

effect was an extemporary signal of the theatre acting, in case of the puppet theatre (or diverse means of expression) this effect became a permanent ele- ment as the

Informal Correspondence by Greek Learners of the Italian Language: A Study Based on Learner Corpora, Native Corpora and Textbooks

More specifically, the first is a learner corpus (part of a wider learner corpus) comprised of Greek students studying Italian as a foreign language while the second is the

Blueprint for Health Improvement & Health- Enabled Prosperity

PS: Increase evidence based prevention education in school, community, and faith based settings; increase schools that administer and report data from YRBS; Monitor data on