The SPECIAL-K Personal Data Processing Transparency and Compliance Platform
This addresses compliance and transparency issues for companies under GDPR, though it is incremental as it builds on existing policy and ontology work.
The paper tackles the challenge of ensuring GDPR compliance for personal data processing by introducing the SPECIAL-K platform, which uses a policy language and ontologies to automatically verify that data handling aligns with user consent, demonstrating efficiency and scalability in evaluations.
The European General Data Protection Regulation (GDPR) brings new challenges for companies who must ensure they have an appropriate legal basis for processing personal data and must provide transparency with respect to personal data processing and sharing within and between organisations. Additionally, when it comes to consent as a legal basis, companies need to ensure that they comply with usage constraints specified by data subjects. This paper presents the policy language and supporting ontologies and vocabularies, developed within the SPECIAL EU H2020 project, which can be used to represent data usage policies and data processing and sharing events. We introduce a concrete transparency and compliance architecture, referred to as SPECIAL-K, that can be used to automatically verify that data processing and sharing complies with the data subjects consent. Our evaluation, based on a new compliance benchmark, shows the efficiency and scalability of the system with increasing number of events and users.