DOI: 10.4018/IJSR.2018010101
Copyright©2018,IGIGlobal.CopyingordistributinginprintorelectronicformswithoutwrittenpermissionofIGIGlobalisprohibited.
An Exploration of Data
Interoperability for GDPR
Harshvardhan J. Pandit, ADAPT Centre, Trinity College Dublin, Dublin, Ireland Christophe Debruyne, ADAPT Centre, Trinity College Dublin, Dublin, Ireland Declan O’Sullivan, ADAPT Centre, Trinity College Dublin, Dublin, Ireland Dave Lewis, ADAPT Centre, Trinity College Dublin, Dublin, Ireland
ABSTRACT
The General Data Protection Regulation (GDPR) specifies obligations that shape the way informationiscollected,shared,provided,orcommunicated,andprovidesrightsforreceivinga copyoftheirpersonaldatainaninteroperableformat.Thesharingofinformationbetweenentities affectedbyGDPRprovidesastrongmotivationtowardstheadoptionofaninteroperablemodel fortheexchangeofinformationanddemonstrationofcompliance.Thisarticleexploressuch aninteroperabilitymodelthroughentitiesidentifiedbytheGDPRandtheirinformationflows alongwithrelevantobligations.Themodelcategorisesinformationexchangedbetweenentities andpresentsadiscussiononitsrepresentationusingexistingstandards.Aninvestigationofdata providedundertheRighttoDataPortabilityforexploringinteroperabilityinareal-worlduse-case. Thefindingsdemonstratehowtheuseofcommondataformatshamperitsusabilityduetoalack ofcontext.Thearticlediscussestheadoptionofcontextualmetadatausingasemanticmodelof interoperabilitytoremedytheseidentifiedshortcomings.
KEywoRDS
Data Format, Data Standards, GDPR, Interoperability, Semantics
INTRoDUCTIoN
focusesontheuseofconsentandpersonaldataasthebasisofoperationsandprovidesthedatasubject withseveralrights.Thesenewchangeshavespurredinnovationwithinthecommunitythattargets compliancewiththevariousobligationsoftheGDPR.
Alongwithprovidingconstraintsforhowpersonaldataisusedandsharedthroughvarious processes,theGDPRalsoprovidesstatementsaboutthewayinformationissharedorcommunicated betweenvariousentities.GDPRprovidessevenkeyprinciples(Article5)thatacttoguidethe processingofpersonaldata.Theseare-Lawfulness,fairnessandtransparency,Purposelimitation, Dataminimisation,Accuracy,Storagelimitation,andIntegrityandconfidentiality,andAccountability. WhiletheseprinciplesaresimilartothosewithintheDPD,GDPRencompassestheseprinciplesin alargerroleinitsadherencetowardscompliance.Theseprinciplessetouthoweachdatacontroller shouldprocessthepersonaldataofclientsordatasubjectsandformstheguidelinefordutiesand obligationsforcompliancebyentities.Forexample,aDataProcessorundertheGDPRisanentity thatcanonlyactonthedataundertheinstructionsitreceivesfromaDataControlleroranotherData Processor(makingitthesub-Processor).Therefore,aDataProcessorcannotdecidethepurposeof thedataitreceivesandmustadheretotheinstructionsitreceivesfromtheDataControllerorData Processorthatprovidesthedata.AssumingthisentityisaDataController,theagreementwiththe DataProcessorisexpectedtostatetheseresponsibilitiesinanexplicitmannersuchthattheData ProcessoraswellastheDataControllercanverifyoraudittheaccountabilityofthisagreementfor obligationsprovidedbytheGDPR.
TheGDPRprovidesseveralrightstothedatasubjectswhoseadherenceismandatoryfor organisations.TheRighttoInform(Article12-14)andRighttoAccess(Article12,15)provide theDataSubjecttherighttobeinformedregardinghowtheirpersonaldataisorwillbecollected, processed,stored,andusedalongwiththespecificpurposes.TheRighttoDataPortability(Article 12,A20)enablestheDataSubjecttoreceiveacopyoftheirpersonaldatawhichtheyhaveprovidedto theDataController.ItalsoallowstheDataSubjecttorequestthisdatatobedirectlymoved,copied,or transferredtoanotherDataController.Theprovidedmustbeinacommonlyused,machinereadable, andinteroperableformat.Theexercisingoftheserightsinvolvesanexplicitinteractionbetweenthe DataControllerandtheDataSubjectoranotherDataControllerwheretheinformationexchangedis thepersonaldataunderconsideration.Additionally,GDPRexplicitlymentionsinteroperabilityasone ofthemandatorypropertiesofthisdata,makingitsadoptionanecessaryparttowardsitscompliance.
Whilethereisnorequirementforlegallystructuringshareddatainaparticularway,doing sohasbenefitsforallentitiesinvolved.ForDataSubjects,thisprovidesconsistencyintermsof understandabilityandinteroperabilityoftheirpersonaldata.ForDataControllersandDataProcessors, thisenablesseamlessoperationsthroughinteroperablemechanismsthatalsoactasdemonstrable compliancetowardsrequiredobligations.ForSupervisoryAuthorities,theinteroperabilityofdata providesauniforminterfacewhenconductinginvestigations,beingparticularlyhelpfulwhentracing theflowofinformationacrossmultipleentities.
ThispaperinvestigatesinteroperabilityinthecontextoftheGDPR.Itpresentsanoverviewof theGDPRintermsofentitiesinvolvedandpresentsasystematicrepresentationoftheirinteractions. Throughthis,itpresentsananalysisoftheentitiescategorisedaccordingtotheirroleasdefined bytheGDPR,thenatureofinformationflowsbetweentheseentities,andtherequirementsfor interoperabilityintheirinteractionsthroughtheseinformationflows.Throughthisanalysis,thepaper investigatesthecreationofaninteroperabilitymodelbasedoninteractionsbetweenentitiesandshaped byrelevantobligationsenforcedbytheGDPRwhichactasrequirementsforthemodel.Thepurpose ofthismodelistohighlighthowinformationexchangedbyentitiesisaffectedbytheGDPRandto discussitsrepresentationusingvariousexistingstandardsandstandard-creatingbodies.Thepaper alsopresentsadiscussiononhowthemodelisusefulforoperationsinvolvinginformationexchange andtowardsensuringitscompliancewiththeobligationsoftheGDPR.
anddiscussestheirvariousrequirementsintermsofinteroperabilityaswellasregulatorycompliance. Throughthisdiscussion,thepaperpresentsitsargumentstowardsthestandardisationofrepresentation fortheseinformationcategories.Aninvestigationofexistingstandardsbodiesandavailablestandards forrepresentingtheidentifiedinformationcategoriesisalsopresented.Todemonstrateapplicability ofthemodelanditsidentifiedinformationflows,thepaperpresentsanapplicationofthemodel thatinvestigatesinteroperabilitywithinreal-worlduse-casesbasedondataprovidedundertheRight toDataPortability.Thefindingsofthisinvestigationrevealthatwhilethedataisinteroperable,the provideddatalackspracticalusefulnessintermsofsemantics.Thepaperprovidesadiscussionon howthiscanberesolvedusingcontextualmetadatainasemanticmodelofinteroperabilitybasedon thesemioticinformationtheory.Thisdiscussionalsoinvolvesthestandardisationofsuchmetadata betweenentitiestoensuretheirinteroperability.
Thispaperisanextensionofourpreviouswork(Pandit,O’Sullivan,&Lewis,2018),wherewe expandourinformationmodeltoinvolvemanagementinterfacesasentitiesalongwiththeadditional informationflowsassociatedwithitandprovideamorein-depthanalysisofexistingstandards towardstherepresentationofinformation.Wealsopresentareal-worlduse-casewhichanalyses thespecificdataformatsusedforcompliancewiththeRighttoDataPortabilityandpresentsour worktowardsevaluatingitsusefulnessinthecontextofinteroperability.Basedonthis,wepresent ourargumentstowardsadoptingamoresemantic-basedapproachtodefinecontextualmetadatafor betterinteroperability.
ENTITIES AND INFoRMATIoN
TounderstandtheentitiesandtheirrelevantobligationsundertheGDPR,weanalysedthetextofthe GDPRalongwithvariousdocumentsprovidedbysupervisoryauthoritiessuchastheDataProtection Commissioner’sOffice-Ireland(DPCIreland,2018)andInformationCommissioner’sOffice- UnitedKingdom(ICO,2018),documentsprovidedbytheArticle29WorkingPart(abbreviatedas WP29)foroutliningthenatureofobligationsundertheGDPR,andvariousinformationarticlesand documentationprovidedbycommercialorganisationsregardingcomplianceanddisseminationof informationregardingGDPR.Throughthis,wefirstidentifiedtheentitiesandtheirresponsibilities asamatterofcomplianceundertheGDPR,andtheinformationrequiredtofulfiltheirobligations towardscompliance.Basedonthis,weidentifiedtherelationshipofentitiesintermsofexchange ofinformationamongstthem.Theidentifiedinformationwasthencategorisedbasedonthenature ofinformationandrelationtocompliance.Thisprovidedawaytomodelthecommonalityand interoperabilityofdatausingthesecategories,aswellastodiscussthevariousstandardsfortheir representation.Theoutcomeofthisworkwasatheoreticalframeworkforhowtheinformationcan beexchangedinaninteroperablefashionandprovidesabackgroundforanalysisofuse-cases.
AnoverviewofthedatainteroperabilitymodelforGDPRcanbeseeninFigure1whichdepicts thedifferententitiesalongwiththepossibleinteroperabilitypointsbetweenthemalongwithexamples ofinformationandprocessesassociatedwitheachsuchpoint.Anyinteractionbetweentwoentities, evenofthesametype,canbeconsideredasaninteroperabilitypointifitinvolvescommunicationof someinformationorstructureddatabetweenthemtowardsnormaloperationalpracticesorforGDPR compliance.Understandingtherequirementsofthiscommunicationbetweentheentitiessuchaswhat istheassociatedinformation,whyitisbeingsharedorexchanged,andwhataretherequirements thatshapethisinformationprovidethebasisforexploringopportunitiestowardsstandardisationof informationpractices.InthecaseofGDPRcompliance,thelawitselfprovidesamotivationtowards adoptingstandardpracticesintermsofinteractionsbetweenentities.
Categorisation of Entities
orrecipientofasystemoraserviceandprovidetheconsentforactivities.DataController(s)or ‘Controller’(DC)isanentitythatdeterminesthepurposesandmeansoftheprocessingofpersonal data.Theycanactjointly,inwhichcasetheyarecalledJointControllers.ADataProcessor(DP)is anentitythatprocessespersonaldataonbehalfofthecontroller.Therelationshipbetweencontrollers andprocessorsismany-to-many,i.e.eithercanbeassociatedwithmultipleentitiesoftheothertype. Asub-processorisaprocessoractingunderanotherprocessor.Theyareboundbythesamerules ofagreementastheprocessortheyareunderwithitscontroller.TheSupervisoryAuthority(SA)or DataProtectionAuthority(DPA)isapublicinstitutionresponsibleformonitoringtheapplication ofdataprotectionlaws.
DataManagement(DM)isavirtualentityresponsibleforthehandlingandmanagementof informationonbehalfoftheDataController.VirtualinthiscasereferstotheDMnotbeingaseparate entityinthelegalsenseofthetermbuthavingadistinctionwiththefunctionsofitscontrollingentity (DataController)byvirtueofabstractionorautomation.AnexampleofaDataManagemententityis theuseofautomatedsoftwareforinteractionwithusersinanonlineservice,wheretheDataSubject onlyinteractswiththeDMfortheoperationoftheserviceaswellasexercisingofrights.TheDM wasaddedtotheextendedversionofourworkbasedontheuseofautomatedsystemstoprocess andprovidedatainthereal-worldbyorganisationssuchasGoogleandFacebook.Apartfromthese entities,GDPRcanalsobeinterpretedtohaveotherentitiesnotconsideredwithinthescopeofthis work.TheseareanAgentoraRepresentativeactingonbehalfofanotherentitysuchastheData SubjectorDataController,aDataProtectionOfficer,organisationsthatissuecertificationsand sealasprovidedbytheGDPR,aswellasadditionalregulatorybodiesandauthoritiesthatmightbe involvedinthecomplianceprocess.
Interoperability Between Entities
[image:4.504.96.392.90.340.2]interoperabilitybetweenthetwoentities.TakingtheentitiesunderconsiderationasDataSubject (DS),DataController(DC),DataProcessor(DP),andSupervisoryAuthority(SA),wehaveasetof 6possiblepointsforinteroperabilitywithoutconsideringthedirectionofinteraction.Additionally, controllers,processors,andsupervisoryauthoritiescaninteractwithothercontrollers,processors, andsupervisoryauthoritiesrespectively.Thisbringsthetotalcountofpossiblepointsto9.IfaData Managementinterface(DM)isusedbyDataControllerstointeractwithDataSubjects,thenthis addstwomorepointsofinteractionbringingthetotalto11points.Itistobenotedherethatthe functionalityofDMisnotspecifiedbytheGDPRintheformofsuggestionorrequirementbutisa practicalconsiderationthatcouldbeusedbyDataControllerstoautomatepartsoftheiroperations forpracticalreasons.
TheentitiesdepictedinthemodelarebasedonananalysisofthetextoftheGDPRalongwith otherrelateddocumentspublishedbyvariousorganisationsassociatedwithdataprotectionand regulatorycompliance.Sinceonlythetypeofentityisrequiredforunderstandingandmodellingthe interaction,theirsize(large,medium,small,orindividual)ornature(commercial,governmental, ornot-for-profit)isassumedtohavenobearingontherequirementsoftheinteroperabilitypoint. Additionalinformationmayneedtobeexchangedbasedonspecificrequirementsbasedonthetype oftheentity,suchasadditionalresponsibilitiesrequiredbylargerorganisationsascomparedto individuals,thoughthisrequiresadeeperreviewofthelawandclarificationthroughlegalexperts. Wethereforedonotconsidersuchadditionalrequirementstobewithinthescopeofthispaper.For entitiessuchasgovernmentalinstitutionsandorganisationsthatareinapositionwhereinformation communicationneedstobemadeavailablefordisseminationtothepublic,weconsiderthisas motivationtoexploretherequirementsofsharingsuchdatainan‘open’and‘consistent’manner, whereopenisdefinedasbeingtransparentandinteroperabletowardsotherentities,andconsistent isdefinedasnothavingtemporalchanges.Whereentitiesarecommercialentities,interoperability ismoreconcernedwithconsistency,structure,andcorrectnessofinformationbeingexchanged.
ConsidertheinteractionsbetweenaDataSubjectandaDataController,orbetweenaData ControllerandaDataProcessor,wheretheinteroperabilitybetweenthemonlyrequiresthatthe providershouldprovidetheconsumerwiththerequiredinformationinaformatthatcanbeaccepted andoperatedon.Thisprovideddataisnotinherentlyintendedtobemadeavailabletoanyoneelse (suchasanotherentitywhichisathird-partyinthiscase),andthereforehasnoboundrequirements intermsofstandardsatthispointofinteractionaslongastheinvolvedentitiesagreeuponthe methodforsharingofdata.ContrastthiswiththecasewhereapublicbodysuchastheSupervisory Authorityisinvolved.CommunicationfromDataControllersorDataProcessorswithaSupervisory Authoritywouldhavetotakeintoconsiderationthesensitivityofprivateinformationbeingshared,and thereforewouldrequiretheuseofsecureformsofcommunicationswhichmayalsorequiresecurity inthestructuringofdataitself,suchasthroughencryptionorestablishmentofsecurechannels.Any warningorrulingbytheSupervisoryAuthoritythatcanbeconsideredpublicinformation,asinmade availabletothepublic,wouldalsoneedtobepublishedinanappropriatemannerinregardtoits sensitivity.Amodernmethodofdoingthisistopublishdetailsofuse-casesalongwiththeirrulings ordecisionsontheofficialwebsite.Suchinformationinthefuturemightbecollatedinaregistryor datasetusingappropriateformatsandstructuring.
itwouldbeprudentfortheDataControllertoobtainorconvertconsentintoaformthatmakesthis processofcomplianceeasier.Thisbringsinrequirementstowardshowthisinformationisstructured regardingitsrepresentation,storage,andqueryingandhowitcanassistinthedemonstrationofthe requiredcompliance.
TheinteractionofaDataControllertowardsDataSubjectsalsoincludestheprovisionofcertain informationasmandatedundertheGDPRsuchasthatprovidedundertheRighttoAccess.Data ControllersalsohavetoprovidethisinformationregardingexercisingofrightssuchastheRightto DataPortabilitythroughwhichaDataSubjectcanrequesttheDataControllertoprovideacopyof theirpersonaldata.GDPRalsodefinestheconditionsregardingtheprovisionofthisdatasuchasits structureorformat.Additionally,GDPRalsoprovidesDataSubjectstherighttohavetheirpersonal datatransferredfromoneDataControllertoanotheruponrequest.Theexercisingofthisrightrequires bothcontrollerstohavesomeformofinteroperabilitymechanismformutuallyunderstandingthe concerneddata.Thisextendstotheentitygeneratingitaswellasacceptingorconsumingthisdata. Suchrequirementsshapetheinformationflowandthereforetheinteroperabilityofinformationand havearoletoplayinthefunctioningoftheentityandalsotowardslegalcompliance.Forpractical reasons,itisimpossibleforallentitiestohaveaninteroperabilityagreementorarrangementwith eachother.Therefore,theprovisionofsuchinformationmustbemadethroughopenstandardsand formatsthatarealsocommonlyused.GDPRprovidesthesameargumentfordataprovidedunder theRighttoDataPortability.
ForinteractionsbetweenDataControllersandDataProcessors,orDataControllersandData Controllers,orDataProcessorsandDataProcessors,theseinteractionsalreadyhavesomeongoing andexistinginformationexchangesthatinvolveinteroperabilityaspartofanorganisation’soperational practices.Commonexamplesincludebusinessarrangementsoroutsourcingofoperationsforcost andprofitreasons.Whilesuchactivitiesareconsideredacommonindustrypractice,GDPRexplicitly mentionsthecategoriesofinformationsharedintheoperationofsuchservicesbetweentheseentities. AnexamplethisistheexplicitlistofinstructionssharedbytheDataControllertoaDataProcessor forprocessingactivitiesoverthepersonaldataitprovides.Thelegalacknowledgementofsuch informationsharingmakesitsdocumentationimportantfromthepointofcompliance.Thisprovides anopportunityforexploringwhetherastructuredandcommonformatcanprovideadvantagesto existingpracticesregardingthesharingofsuchinformation.
Anapproachsuggestinganentirelynewordifferentinteroperabilitymodelwouldbedifficult touptakeduetothediversityandvarianceofexistinginfrastructuresaswellasthecostofchanging them.Therefore,thecostofadoptingnewpracticesprovidesaninertiatowardskeepingexisting methodsofoperation.Itispossibletoconstructapracticalinteroperabilitymodelbasedonthe existingpracticeswithaviewtowardsextendingtheminanachievableandconsistentmannerfor entitiesinvolved.However,thisisdifficulttoachieveinrealityduetotheearliermentionedinertia andthecostofchange.SincelegalcomplianceisanecessityandGDPRrequiresoperationalchanges foritsobligations,thiscanbeexploitedintheadoptionoftheinteroperabilitymodel.Anapproach concerningonlythatinformationwhichisnecessaryforlegalcompliancecanbeproposedasasolution thataugmentsexistingservicesratherthanreplacesthem.Underthis,interactionsandexchanges betweenentitiesthroughnewactivitiesaswellaschangestowardsexistingonesaredefinedbythe requirementsprovidedbyGDPRcompliance.
Legally,theDataControllerisnotresponsibleforthecomplianceoftheDataProcessor.However, sinceitprovidestheexplicitlistofinstructionsforactivitiesoveritspersonaldata,thereisacertain relationshipbetweenthecomplianceofthetwoentities.Thismotivatestowardslookingatalternate approachesthatcanhelpwiththecomplianceaspectofwhereinformationandactivitiesareshared acrossdifferententities.
Onesuchexampleiswhereinformationislinkedtocertainactivitiesassociatedwiththe processingofinformationwhichisrelevantforcompliance.Astructuredapproachthatprovidesan efficientandeffectivewayforthestorage,management,andqueryingofthisinformationpresents atechnologicallystructuredwaytousethisinformationinthedemonstrationofcompliance.In addition,whentherearemultipleentitiesinvolvedinthecomplianceprocess,thesharingofstructured contextualinformationrelatedtocompliancecanassistbothentitiesinthedemonstrationoftheir respectivecompliance.Suchrequirementsalsoshapetheinformationexchangedbetweenentities andareapartoftheinteroperabilitymodel.Weexploretheexchangeofsuchinformationingreater detailthroughtheinformationflowsbetweenvariousentitiesinthefollowingsection.
Information flows
EachinteractionpointhasrequirementsfrommultipleGDPRarticlesthataffecttheinformationand activitiesassociatedwiththatpoint.ThisispresentedinTable1withtherelevantarticlesinGDPR andtheirrelationtowardsgoverningtheinteroperabilitybetweenentities.Anextendedversionofthe tableisavailableonline(Pandit,Debruyne,O’Sullivan,&Lewis.2018)andpresentsamoregranular referencetoGDPRarticlesalongwithcommentsdescribingtherelevancetointeroperability.
Table1containsfourtypesofstatementsidentifiedinthetextoftheGDPRthatdetermineor influencetheinteroperabilityofinformationbetweenentities.Thefirsttypeofstatementreflects arequirementfortheinteroperabilityandisabbreviatedasREQ.Entitiesareexpectedtofollowor fulfilthisrequirementforcompliance.GDPRonlystatesbutdoesnotstipulatehowarequirement shouldbefulfilled.Whereanactivityoractionispresentedinthestatement,theseareidentifiedas processesrelatedtousage,sharing,publication,orexchangeofinformation,andareannotatedas PROCinthetable.Whereinformationiscategoricallymentionedorasinformationconsistingof someformorcategory,theabbreviationDATAisusedtoidentifysuchstatementsinthetable.Where additionalinformationaboutcategoryortypeofdataisspecified,thisisannotatedwithFORMAT, withthestatementeitherspecifyinganexplicitdataformatorprovidingguidelinesgoverningthe choiceofformatswhichareacceptableorneedtobeenforced.
Wheretheserequirementsmightnothaveadirectbearingontheprocessesandthedatainvolved, theyareusefultowardsthediscussioninvolvingtheabstractconceptoftheassociateddata.These formthebackgroundoftherequirementsgatheringprocessforprocesses,includingcommunication betweenentities,wherethecomplianceofarequirementortheimplementationofaprocessmight guidetheavailablestandardsforrepresentingthedatainvolved.Forexample,inArticle30-1,the statementrequirescontrollerstomaintainlogsorrecordsofprocessingactivities.Whilethisstatement referstotheabstractinformationassociatedwithprocessingactivities,itcanalsobeusedtointerpret andformulaterecordsofactivitiesintoastructuredformofinformationusefultowardsdiscussing standardisationoftheassociateddata.Inthenextsection,weidentifyandexplorethisabstractnotion ofinformationfromtheselectedarticlesoutlinedinTable1bycategorisingthembasedontheir contentandintendedusage.
Categorising Information Flows
Table 2. Describing the relation between information categories and entities
Category DS DC DP SA
Provenance -- Maintain Maintain Inspect
Agreements -- WithDCandDP WithDCandDP Inspect
Consent Provide Collect -- Inspect
Certification -- Audit Audit Provision
Compliance -- Maintain,Demonstrate,Audit DPCompliance
Maintain,
Demonstrate(SAand
DC) Check
Table 1. Interaction points between entities in GDPR with type of statement
Article Interaction Point Type(s)
5 DS--DC,DC--SA REQ,PROC
7 DC--SA,DS--DC PROC
12 DS--DC REQ,PROC,DATA,FORMAT
13 DS--DC DATA
14 DS--DC DATA
15 DS--DC DATA
16 DS--DC REQ,PROC
18 DS--DC REQ,PROC
19 DS--DC,DC--DC,DC--DP REQ,PROC,DATA
20 DS--DC,DC--DC REQ,PROC,DATA,FORMAT
25 DC--SA PROC
26 DC--DC REQ,PROC
27 DC--SA REQ,DATA,FORMAT
28 DC--DP,DP--DP REQ,PROC,DATA
30 DC--SA,DC--DP,DP--SA REQ,PROC,DATA,FORMAT
33 DC--SA,DC--DP REQ,PROC,DATA
34 DS--DC REQ,PROC
35 DC--SA,DS--DC REQ,DATA
36 DC--SA,DP--SA REQ,PROC,DATA
42 DC--SA,DP--SA REQ
47 DC--DP,DP--SA,DC--SA PROC
49 DS--DC,DC--SA,DP--SA REQ,PROC
57 DS--SA,SA--SA REQ,PROC,DATA
58 DC--SA,DP--SA REQ,PROC,DATA
60 SA--SA REQ,PROC
example,consentisprovidedbytheDataSubject,iscollectedbytheDataController,andisinspected bytheSupervisoryAuthority.Weusetheinformationcategoriestobroadlyshapeandclassifythe informationflowsbetweenentitiesaswellastorefertotheinformationexchangedwithinthem.The classificationprovidesawaytorefertothespecifictypeorcategoryofinformation,alongwithits context,withoutexplicitlydealingwithspecificuse-casesorexamplesofitsusage.Thisabstraction isbeneficialtowardsexploringbroadstandardstowardsitsrepresentations.
Provenance
Theprovenanceinformationcategoryreferstoinformationaboutentitiesandactivitiesinvolvedin producingsomedataorartefact,whichcanbeusedtoformassessmentsaboutitsquality,reliability ortrustworthiness.Thisinformationisrelatedtothecomplianceforactivitiesthatinvolvesomedata thatneedstobelinkedorresolvedtotheactivitiesthatcreate,use,share,orstoreit.Anexampleof thisisthatofconsentalongwiththeactivitiesassociatedwithitthatobtain,update,orinvalidate theconsent.Fordemonstratingcompliance,itisessentialtoshowthattheseactivitiesfollowthe obligationsrequiredforcompliance,whichrequiresthepresenceandmaintenanceoflogsthat recordthefunctioningoftheseactivities.Theselogscanbemodelledasaformofprovenancein whichcasetheyformthelifecycleofconsenttrackingitscreation(obtaining),usewithindifferent activities,howitisstored,andfinallyitsdeletion(invalidation).Compliancethenbecomesamatter ofintrospectingsuchprovenancelogstoseewhethertheactivitiesrecordedthecorrectandcompliant behaviour.Anotherexampleisforcheckingwhetheraconsentwasvalidlygiven,whichrequiresthat theconsentshouldbefreelygiven,beexplicittowardsspecifiedprocesses,andmustbeunambiguous. Sincedetectingtheseconditionsforvalidityofconsentisnotpossiblewithoutmanualoversight,the artefactsandprocessesinvolvedintheobtainingofprovenancecanbeusefulincapturingthestate ofthingsaspresentwhenobtainingtheconsentfromtheDataSubject.Dependingonthemannerof representingprovenance,thelifecycleofconsentcanthenbetracedwithsufficientgranularityand abstractiontolinkitwithactivitiesthatdependonit,therebymakingitpossibletoalsodetermine whethertheconsentwasusedasintendedbythetermsoftheGDPR.
Asprovenanceinformationpotentiallyencompassesallartefactsandprocessesrequiring compliance,itcanbearguedthathavinginteroperabilitywithrelationtosharingandevaluating provenanceinformationwouldgreatlybenefitthecomplianceoperationsforboththeorganisationas wellastheauthorities.Additionally,ascomplianceitselfinvolvesseveralactivitiesandthecreation ofartefactssuchascompliancereports,thisinformationcanalsobedefinedusingacommon provenancemodelforreuseanddissemination.Suchformsofinteroperabilitycanbeusedinany interactionswhereprovenanceinformationneedstobesharedorevaluated,suchasisalsothecase withcontrollersandprocessorswherethereisaneedtodefineactivitiesthatneedtotakeplace,or tomaintainajointorcollaborativerecordofactivitiesundertakenthatinvolvebothentities.Thisis especiallyusefulwheninformationneedstobesharedthatinvolveslifecyclesofartefactssuchas consent,andpersonaldataneedtobetrackedorchartedacrossactivities.Provenancedefinedinsuch mannerhasledtoapproachesintheexistingcorporaofworktocreateaprivacyimpactassessment template(Reubenetal.,2016)andcreatingcomponentsbasedonactivities(Mense&Blobel,2017).
Data Sharing Agreements
instructionfromadatasubjecttoupdatetheirconsentforcertainactivitieswhicharehandledbya DataProcessor,theDataControllermustupdateorenforce(dependingonthelegalterminuseto describetheuse-case)theiragreementtogettheDataProcessortoalsoreflectthischangeinconsent overthepersonaldataandactivitiesthattheyhave/hadreceivedfromtheDataController.Without someformofautomation,suchrequestswouldneedtobesentandreceivedmanuallyorrequiremanual action,greatlyincreasingtheworkandtimerequiredtohandlethem.Withautomationinvolvedin theprocess,theDataController’ssystem(suchasaDataManagementinterface)canautomatically takecareoftherequestbyupdatingtheagreementinplaceforhandlingtheparticularconsentand personaldatawiththeDataProcessorandcanalsoawaitareceiptoranacknowledgementfromthe DataProcessorforthesuccessfulcompletionoftherequest.Suchagreementsthatcanbeiterated, stored,andqueriedusingsystemsareofbenefittotheinvolvedentitiesaswellasotherentitiesthat mightwishtointrospecttheagreementssuchasCertificationBodiesandRegulatoryAuthorities.An exampleofthisisdatasharingagreementsthatcanbeexplicitlydesignedtobeinteroperablebased onrequirementsoftheGDPR(Hadziselimovic,Fatema,Pandit,&Lewis,2017).
Consent
ConsentinthecontextoftheGDPRreferstotheassentoragreementbythedatasubjectinrelation totheirpersonaldatafortheproposedprocessingactivitiesassociatedwithoneormoreentities. Givenconsentrefersspecificallytotheformofconsentgivenbythedatasubjectinrelationtotheir personaldataandtheproposedusagebyactivities(Ross,2017).Consentcanbeconsideredtobean agreementbetweentheDataSubjectandtheDataController(oranotherentity)andcantherefore benefitfromthesameapproachasdescribedforimplementingdatasharingagreements.Thiscan provideconsistencyintheapplicationoftechnologyaswellasencourageadoptionofuniform standardsandinteroperabilityindealingwithsimilaruse-cases.
GDPRspecifiescertainrequirementswhichguidetheacquisitionanddemonstrationofconsent forittobeevaluatedasvalid(Mittal2017).Theseincludethestipulationthatconsentmustbefreely given,mustbeinformed,specific,andvoluntary.Ofthese,onlythespecificityofconsentcanbe gaugedfromagivenconsentinaformsuchasanagreement.Givenconsentcontainstheterms whichhavebeenacceptedbytheuser,whichcanbeusedtogaugethespecificityoftheagreement, andthereforedecideonwhethertheconsentitselfwasspecificorbroadundertheGDPR.Forother stipulationsrelatedtovalidconsent,itisessentialtorefertotheprocessandartefactsusedtoacquire theconsenttounderstandtheconditionsunderwhichtheconsentagreementwasprovidedtothedata subjectandhowitwasacceptedorgivenoragreed.
Forexample,incaseswheretheconsentisacquiredthroughaweb-form(Fatemaetal.,2017), theentireweb-pagemayneedtobepreservedtodemonstratethattheconsentacquisitionprocess wasinaccordancewiththeconditionsundertheGDPR.Therefore,whilethegivenconsentmaybe representedinanyform,italsohastobelinkedtotheprocessesresponsibleforacquiringtheconsent. Additionally,anyrevisionofconsentdatasuchaswhenupdatingorrevokingconsentalsoneedsto bestoredinawaythatcanbelinkedtotheprocessesinvolvedinthechangeaswellaslinkedtothe originalconsent.ThisisimportantasamatterofcomplianceasGDPRenforcementmayrequire demonstrationthatachangeinconsentwascarriedoutcorrectly,whichisonlypossiblethroughan introspectionofwhattheoriginalandchangedversionsoftheconsentare.Thisalsointroducesthe dependency-likerelationbetweendataprocessesandconsentwhereconsentshouldbeinherently linkedtotheprocessesthatdependonit.Forexample,iftheprocessofusingpersonaldatatosend emailsisdependentontheconsentobtainedfromtheuseratthetimeofregistration,thenitisvital toshowthatthetwoarelinkedtogether,i.e.theemailsareonlysentbasedonthegivenconsent. Suchasystemmustalsobeabletodemonstratethatupdatedconsenthasimmediateeffectonthe processesthatdependonconsent.
methodofprovenance.Suchamethodcapturingthevariousstagesofconsentandpersonaldataas lifecyclesinvolvingprocessesandartefactswouldenabledocumentationrepresentingthemodelof thesystemasawhole.Theindividualrecordsorlogsofactivitiescanthenbeinstantiatedbasedon themodeltocaptureuseroreventspecificinformation.
Compliance
OverseeingthecomplianceisanongoingandcontinuousprocessandisspecifiedwithintheGDPR asanactivitytobeundertakenbyanorganisationatcertaintimes.ComplianceundertheGDPRis acontinuousprocessratherthanasingleoperationtobecarriedattheendofanactivity.Instead, itisessentialtomaintaincomplianceatalltimesbyensuringrelatedactivitiesarecompliantatall stagesoftheiroperation.Thiscanbeachievedbyhavingproperpracticesandprocessesregarding evaluationofcompliancefromthedesignstageattheearliest.Suchprocessesensurethatanew serviceorchangeinanexistingservicearecompliantbeforetheybegintheoperation.Several peoplemightbeinvolvedindesignandoperationofthesystem,buttheresponsibilityofensuring thecompliancefallsonthemanagementoronthe/aDataProtectionOfficer(DPO)ifappointed.In anycase,suchchecksofcomplianceareintegraltoaudits,donebytheorganisationitselforbya third-partyhiredbytheorganisation,forensuringtheactivitiesmeettherequiredcompliancetowards legalobligations.Arecordofsuchactivitiesanditsoutcomeisthereforeanessentialoutcomeof suchauditsorcomplianceprocessesandformspartofthecomplianceinformationmaintainedby theorganisation.Suchinformationwouldprovetobehelpfulforsupervisoryauthoritieswhomight wishtoinspecttheactivitiesofanorganisationanddetermineresponsibilityincaseswheremultiple entitiesareinvolved.
Theinformationassociatedwithcompliancerelatedactivitiescanberepresentedasprovenance informationthoughtheprocessesandartefactsinvolvedinthiscasearedifferentfromthoserelated totheconsentandpersonaldatalifecycles.Toacertainextent,dependingonthestructuringof complianceactivities,itispossibletoconsiderthecompliancerelatedactivitiesaspartofacompliance lifecyclewheretheoutputsofactivitiessuchasreportscanbemappedalongatimelineusing provenancemethodssimilartothosepreviouslyoutlined.Theremightbeadditionalrequirementsof ensuringthesecurityandintegrityofsuchrecords,thoughthisprobablywouldnothaveanybearing onthedepictionoftheinformationitself.Instead,anyconcernsrelatedtothedatabeingtampered oraccessedwithoutproperauthorisationcanbemitigatedthroughproperstorageandhandlingof thisinformation.Thisalsoallowstheprovenancerepresentationrequiredforcompliancelifecycles tobeconsistentinitspurporteduse-casewiththoserelatedtoprovenanceofconsentandpersonal datalifecycles.
Certifications
GDPRhasprovisionsforsealsandcertificationswhichcanhelporganisationswithameasureof complianceaswellasgoodpractices.Thesehaveamaximumvalidityofthreeyearsandhavecertain conditionsorcriterionforthecreationandissuingofsealsandcertificationspertainingtoGDPR compliance.Thesealorcertificationdoesnotreduceorimpacttheresponsibilityofthecontrolleror processorforcompliancewiththeGDPRbutactsasamethodofdisplayingorprovidinginformation regardingcompliance.Theexactnatureofsuchsealsandcertificationsandtheirrolewithrespectof demonstrationofcompliancetotheauthoritiesisstillunderconsideration.
Thereareseveralareasofinterestwheretheinformationincludedinthereportcanbestructured forrepresentationinamannerthatmakesiteasytostore,access,query,andmostimportantlyshare withotherentities.Forexample,ifacertainprocessisresponsibleforsharingpersonaldatabetween acontrollerandaprocessor,wheretheprocessor’sprocessesforhandlingthesaiddatahavebeen auditedthroughareport,thenthisinformationmayprovetobesufficientforanagreementbetween thetwoentities.However,anysuchauditanditsaccompanyingreporthavingavalidityofamaximum threeyearsrequiresthecontrollerandprocessortoinvestigatetheirrespectiveagreementsattheend ofthisreport.Agreementsthereforeneedstoconsiderthisprocessasarequirementwhichhindersthe automaticresolutionofagreementsbetweenthetwoparties.Onewaytomitigatethisistokeepthis requirementoutoftheautomation,inwhichcasetheagreementswouldcontinuetooperateevenwhen thereportvalidityhaslapsed.Anothercaseiswhereprocesseschange,andtheprocessormustrenew itscertification.Ifitisabletodemonstratethechangesinitsprocesses,thereportscanpossiblybe linkedtotheversionoriterationofprocessitevaluated,therebyalsoprovidingawayforagreements toviewandusethisinformation.Evenwithoutuseinautomatedagreements,thestructuringofsuch informationmayprovideastrongusewithintheorganisationofcompliancerelatedinformationby cross-linkingorcross-referencingtheinformationindocumentationthatcanbecontinuouslyupdated.
Identifying opportunities for Commonality and Interoperability
ThemodelprovidesanoverviewofinformationexchangeinthecontextoftheGDPR.Itidentifies therelevantentities,theirrolesandrequirements,thecategoriesofinformationexchanged,andthe obligationsoftheGDPRapplicableoverthese.Throughthis,weidentifyinformationthatiscommon intermsofitsrequirementsforoperationandcomplianceaswellasrepresentationintermsof practicalityandadoption.Interoperabilityofinformationcanbediscussedusingtheseasattributes andusingthemodeltostructuretheinformationflows.Thecommonalityandinteroperabilityof identifiedinformationflowsandtheirassociatedinformationcategoriesareusefultowardsdiscussing howthesecanbeexploitedtowardsthestandardisationofinformationbeingexchanged.
Asseenfromthepreviousdescriptionsofvariousinformationcategories,provenanceformsan underlyingstructurewhereprocessesordataartefactscanbecapturedandrepresentedforvarious usecasesoftheotherinformationcategories.Similarly,thedependencebetweenthedifferent informationtypesalsodemonstratestheadvantagesoflinkingthemtogethertocreatemoreefficient systemscapableofautomationandbetterdocumentation.Thisprovidesanopportunitytocombinethe approachtowardsrepresentingthedifferenttypesinformationintoacohesivemodelthatoperativesat ahigherandmoreabstractleveltorepresenttheentiresystem’sinformationmodel.Italsohighlights thepointsofinteroperabilityinternallywithinanorganisation.Whileitisstillpossibletopickand choosewhichinformationorcategoryshouldberepresentedindividually,theoverallbenefitsafforded byacohesivemodelarebettersuitedforthefunctioningoftheserviceanditscompliance.
Wemainlyidentifytheuseoflifecyclesforrepresentingtheprocessesandartefacts,whether internalorexternaltotheorganisation,asformsofdocumentation.Thisprovenanceinformation formsthebasisofotherinformationcategoriesasitinvolvesdocumentingtheuseofconsentand personaldata,formationofdatasharingagreements,andrecordingcomplianceauditsandprovision ofproducedreports.Thisinformationisalsorequiredtobesharedwithotherentitiessuchaswhere processorsarerequiredtooutlinetheirprocessestothecontrollers,andauthoritiesmayrequestto reviewprocessesforcompliance.Theuseofprovenancealsoallowsrecordingtheoccurrenceofevents suchasarchivalanddeletionofconsentandpersonaldatawhichcanbevitalinthedemonstration ofcompliance.
referencesthespecificprocessesthatwillusethedatausingprovenanceinformationwhilethegiven consentitselfisalsorecordedasaneventusingthesameorsimilarprovenancemechanisms.This explicitlinkingofinherentlyrelatedinformationallowsbetterrepresentationofinformationandleads tosemanticsystemsthatarecapableofintelligentoperations.Inthiscase,atalaterdate,itispossible toidentifythegivenconsentforaspecificuserfromprovenancelogsandtoviewtheprocessitwas obtainedagainst.Thisitselfcanfurtherbeusedtodetermineifanupdatedconsentisrequiredunder thetermsoftheGDPRuponintroducingachangeintheprocesssuchasanadditionofafeature.
Existing Standards
Inthissection,weexploreexistingstandardsandtheirrelevancewithrespecttotherepresentation ofinformationandinteroperabilitydiscussedpreviouslyinthispaperinthecontextoftheGDPR. Ourfocusisprimarilyonstandardsforinformationbeingexchangedoverthemediumoftheinternet. Thisisduetoitsincreasingprevalenceforinformationexchangeaswellasprovisionofservices. Whereapplicationsandservicesarenotprovidedovertheinternet,theyeitherdependonitfor communication(includingmessagesandupdates)orinternallyuseitasthemediumforserviceswith otherparties(suchasanalytics).Weconsiderapproachesbothwithinindustryaswellasacademia, aswellasorganisationsandbodiesinvolvedincreatingandoverseeingstandards.Weintentionally emphasiseonstandardsthatareopenandnon-proprietaryduetotheirgreaterusabilityandfreedom ofadoptionbythecommunityatlarge.
world wide web Consortium (w3C)
TheWorldWideWebConsortium(W3C,2018),abbreviatedasW3C,isthestandardsbodyresponsible forinformationexchangeontheWeb,whichitselfisbasedonthestandardsandprotocolsofthe Internet.Duetotheever-increasingusageofthewebasamediumforprovisionofservicesand information,itisimportanttoconsiderstandardsthatcanbereadilyintegratedintomediumssuch aswebpagesandwebserviceswhichformthebackboneofinteroperabilityformanyorganisations, bothcommercialaswellaspublicinstitutions.
W3Cstandardsundergovariousstagesofdevelopmentstartingfrom“WorkingDraft(WD)”to “CandidateRecommendation(CR)”whicharethenmovedtothe“ProposedRecommendation(PR)” stagebeforebeingsetasa“W3CRecommendation(REC)”.Duetothecontinuousparticipationof thestakeholdersandthecommunityateachstageofdevelopment,thestandardsatstagesPRand RECareconsideredtohavebeensufficientlymaturedtobeadoptedintousage.Wethereforeconsider onlythosestandardswhichfallineitherstagesasbeingsuitableforrecommendationinthispaper.
Forrepresentinginformation,W3Chasseveralstandardsregardingdataformatssuchas XML,CSV,andJSON.Theseformatsprovidespecificationsfortheencodingofinformationinto interoperabledatastreams.TheResourceDescriptionFramework(RDF,2014),orRDF,isafamily ofspecificationsthatwereoriginallydefinedasametadatamodelbuthavesincebeenusedtomodel informationaswebresources.RDFsupportsseveraldataserialisationformats,includingXMLand JSON(throughJSON-LD),makingitsusageandadoptioneasierforinformationinteroperability. RDFallowsexpressionoffactsastriplesconsistingofthesubject-predicate-objectpattern.This allowstheexpressionofknowledgeasadirectedgraphusingacollectionofRDFstatements,which enablesdatamodellinginaconsistentmanner.
ofinformationdefinedusingRDFincludetheShapesConstraintLanguage(SHACL,2017) whichisaW3CRecommendation,andtheShapeExpressions(ShEx,2017)language,whichis currentlybeingdraftedbytheW3Ccommunity.
TotakeadvantageoftheinteroperabilityofferedbycommonlyusedformatssuchasCSVand JSONwiththesemanticsprovidedbyRDF,thereissignificantworkincreatingastandardcombining theseapproaches.NotableexamplesforthisincludeCSVontheWeb(CSVW,2016)whichusesCSV andJSON-LD(JSON-LD,2014)whichusesJSON.Reusing(andinthiscasecombining)standards providesinteroperabilityaswellascommonalitytowardstheunderlyingtechnologyutilisedtocreate, store,andqueryinformationrepresentedbythesestandards.Therefore,anyadditionalstandardsor formatsdevelopedforapplication-specificapproachesshouldbebasedonexistingformsofstandards inordertotakeadvantageofexistingpracticesandadoptionoftechnologies.Thislineofargumentis consistentwiththerecentuptakeofopen-datapublishingrequirementsbytheEuropeanPublications Office(Eur-LEX,2018)usingmechanismsbasedonRDFandopendataformats.Inthenextsections, wediscussW3Cstandardsandapproachesformodellingandrepresentingthevariousinformation categoriesdiscussedinthispaper.
Forrepresentingprovenance,wehavetheProvenanceDataModel(PROV-DM,2013),orPROV, whichisaW3Crecommendationsince30thApril2013andprovidesdefinitionsforinterchangeof provenanceinformation.UsingPROV,wecandefineentitiesandthevariousrelationsandoperations betweenthemsuchasgeneratedby,derivedfrom,andattributions.PROVhasbeensuccessfully utilisedinseveraldomainsandapplicationsincludingencapsulationofscientificworkflowsand provenancerepositories.PROVwasdesignedtobegenericanddomainindependentandneedsto beextendedtoaddresstherequirementstorepresentworkflowtemplatesandexecutions.Thereare existingapproachesinacademiathatutilisePROVinapproachesspecifictotherepresentationof provenanceinformationrelatedtoGDPR(Pandit&Lewis,2017).
The Open Digital Rights Language (ODRL, 2018), abbreviated as ODRL, is a W3C recommendationforpolicyexpressionlanguagethatprovidesaflexibleandinteroperableinformation model,vocabulary,andencodingmechanismsforrepresentingstatementsabouttheusageof contentandservices.TheODRLInformationModeldescribestheunderlyingconcepts,entities, andrelationshipsthatformthefoundationalbasisforthesemanticsoftheODRLpolicies.Policies areusedtorepresentpermittedandprohibitedactionsoveracertainasset,aswellastheobligations requiredtobemeetbystakeholders.Inaddition,policiesmaybelimitedbyconstraints(e.g.,temporal orspatialconstraints)andduties(e.g.payments)maybeimposedonpermissions.ODRLcanbe utilisedforrepresentingagreements,whichcanincludebothdatasharingagreementsasrequiredfor DataControllersandDataProcessors,aswellasforrepresentingconsentasanagreementbetween theDataControllerandtheDataSubject.
CEN / CENELEC / ETSI
captureofclient-relatedandvitalsignsinformation,andofdeviceoperationaldata.Followingsuch standardsallowseasieroperationsbetweenmultipleentities,aswellasforsupervisoryauthoritiesto assessitsworkings.Thisisimportantwhenconsideringthatdataobtainedviasuchdevicescanbe consideredtobesensitivepersonalinformationundertheGDPR,andthereforewillhaveadditional obligationsregardingitscollection,usage,storageandsharing.Usingstandardsfordatacollectionand communicationallowscompliancetobeassessedbasedonknownmechanismspartofimplementing thestandard.
ISA2
TheInteroperabilitysolutionsforpublicadministrations,businessesandcitizens(ISA2,2018),or ISA2,isaprogrammethatdevelopsandprovidesdigitalsolutionsthatenablepublicadministrations,
businessesandcitizensinEuropetobenefitfrominteroperablecross-borderandcross-sectorpublic services.TheprogrammewasadoptedinNovember2015bytheEuropeanParliamentandtheCouncil ofEuropeanUnion.ISA2isthefollow-upprogrammetoISAandaimstoensureinteroperability
activitiesarewellcoordinatedatEUlevelthroughastructuredplanconsistingofarevisiontothe EuropeanInteroperabilityFramework(EIF)andtheEuropeanInteroperabilityStrategy(EIS),along withdevelopmentoftheEuropeanInteroperabilityReferenceArchitecture(EIRA)andEuropean InteroperabilityCartography(EIC)solutions.
Theefforthasproducedasetof‘CoreVocabularies’,maintainedbytheSemanticInteroperability Community(SEMIC,2018),orSEMIC,thatprovideasimplified,reusableandextensibledata modelforcapturingfundamentalcharacteristicsofanentityinacontext-neutralfashion.Existing corevocabulariesincludewaystodefineattributesforpeople,publicorganisations,registered organisations,locations,publicservices,thecriterionandevidencerequiredtobefulfilledbyprivate entitiestoperformpublicservices,andapubliceventvocabulary.SEMIChasalsodevelopedthe DCATApplicationProfile(DCAT-AP),basedontheDCATspecification,fordescribingpublic sectordatasetsinEuropesoastoenabletheexchangeofdescriptionsofdatasetsamongdataportals. GeoDCAT-APisanextensionofDCAT-APfordescribinggeospatialdatasets,datasetseriesand services,whileStatDCAT-APaimstodeliverspecificationsandtoolsthatenhanceinteroperability betweendescriptionsofstatisticaldatasetswithinthestatisticaldomainandbetweenstatisticaldata andopendataportals.TheAssetDescriptionMetadataSchema(ADMS)isavocabularytodescribe anddocumentreusableinteroperabilitysolutions,suchasdatamodelsandspecifications,reference datasets,andopen-sourcesoftware.TheobjectiveofADMSistofacilitatethediscoverabilityof reusableinteroperabilitysolutions,inordertoreducethedevelopmentcostsofcross-borderand/or cross-sectore-Governmentsystems.
Interoperability and Right to Data Portability
isonlypossiblewhenthereceivingDataControllerhastechnicalsystemsthatcanacceptthespecific dataformatused.WP29alsocommentsonthedataformatsusedspecifyingthatbeingstructured, commonlyused,andmachine-readablearespecificationsforthedataformatwithinteroperability beingitsdesiredoutcome.FurthercommentsbyWP29onRecital68statethattheaimofdata portabilityistoproduceinteroperablesystemsandnotcompatiblesystems.Interoperabilityinthis caseisdefinedbyISO/IEC2382-01as“Thecapabilitytocommunicate,executeprograms,ortransfer dataamongvariousfunctionalunitsinamannerthatrequirestheusertohavelittleornoknowledge oftheuniquecharacteristicsofthoseunits.”
BasedonthisunderstandingoftherequirementsforthedataprovidedundertheRighttoData Portability,weundertookashortstudyofthevariousdataformatsusedbyonlinesocialservices toprovidepersonaldata.Weselectedtheseservicesbasedontheirpopularityandusedthespecific mechanismsprovidedbytheserviceitselftoexerciseourrighttoobtainacopyofourpersonaldata. Thestudywasundertakenonlyontheservicesusedbytheprimaryauthorofthepaper.Theobtained datawasanalysedforthespecificdataformatusedandwhetheritsatisfiesthespecificationslaid outbytheGDPR.Thesedataformatswerethenanalysedtoevaluatewhethertheyarebasedon existingstandardsandsupportforinteroperabilityasdefinedbytheWP29guidelines.Thepurpose ofthestudywastounderstandtheprovisionofinformationandthespecificstandardsusedinits representation.Thestudyprovidesinformationregardinghowdataisexchangedintheindustryand allowsananalysisofthemodelintermsofexistingstandardsandrepresentations.Wepresenthere ourreportonthesefindings.
Weanalysedthepersonaldataobtainedfromfollowingorganisations:Apple,Facebook,Fitbit, Google,Instagram(ownedbyFacebook),LinkedIn,Snapchat,Twitter,andWhatsApp(ownedby Facebook).TherequestsweremadeinthefirstthreeweeksofJune.Inallcases,theservicesoffered anonlineinterfacetorequestacopyofthepersonaldata.Inmostcases,thedatawasprovidedon thesameday,withthemaximumtimetakentoprovidebeing5daysfromthedayofrequest.All organisationsprovidedthedataasanarchiveusingtheZipfileformat,exceptFitbitwhichprovideda linktoaDropboxfolderthatcouldbeaccessedwithoutaDropboxaccountandcontainedtherequested data.CSV,HTML,andJSONwerethemostcommonformatsusedtoprovide(generic)data,with otherformatssuchasVCF,vCARD,iCalendar,MBOXusedforspecificdatasuchascalendarsand emails.Table3listsmoreinformationaboutthedataformatsusedbyorganisations.
[image:16.504.45.443.496.668.2]ToassesswhetherthesedataformatssatisfytherequirementssetforthbytheGDPRisamatter requiringlegalexpertiseandanauthoritativeinterpretationofthelaw.Here,weevaluatethem
Table 3. Data formats used for data obtained under the right to data portability
Organisation Archive Format Data Format(s) Response (in days)
Apple Zip CSV,PDF,VCF,ICS 3
Facebook Zip HTML,Images,JSON 0
Fitbit Dropboxlink XLS,TSV 5
Google Zip,Gzip HTML,iCalendar,vCard,Documentformats,JSON,
CSV,MBOX… 0
Instagram Zip JPEG,JSON 2
LinkedIn Zip CSV 0
Snapchat Zip HTML,JSON 0
Twitter Zip JavaScript 2