Abstract
The General Data Protection Regulations (GDPR) imposes greater
restrictions on obtaining valid user consents involving the use of personal data.
A semantic model of consent can make the concepts of consent explicit, establish a common understanding and enable re-use of consent. Therefore, forming
a semantic model of consent will satisfy the GDPR requirements of specificity
and unambiguity and is an important step towards ensuring compliance. In this
paper, we discuss obtaining an open vocabulary of expressing consent leveraging existing semantic models of provenance, processes, permission and obligations. We also present a reference architecture for the management of data processing according to consent permission. This data management model utilizes
the open vocabulary of consent and incorporates the change of context into the
data processing activity. By identifying and incorporating changes to the relational context between data controllers and data subjects into the data processing model, it aims to improve the integration of data management across
different information systems specifically adhering to the GDPR and helping
controllers to demonstrate compliance.
restrictions on obtaining valid user consents involving the use of personal data.
A semantic model of consent can make the concepts of consent explicit, establish a common understanding and enable re-use of consent. Therefore, forming
a semantic model of consent will satisfy the GDPR requirements of specificity
and unambiguity and is an important step towards ensuring compliance. In this
paper, we discuss obtaining an open vocabulary of expressing consent leveraging existing semantic models of provenance, processes, permission and obligations. We also present a reference architecture for the management of data processing according to consent permission. This data management model utilizes
the open vocabulary of consent and incorporates the change of context into the
data processing activity. By identifying and incorporating changes to the relational context between data controllers and data subjects into the data processing model, it aims to improve the integration of data management across
different information systems specifically adhering to the GDPR and helping
controllers to demonstrate compliance.
| Original language | English |
|---|---|
| Journal | CEUR Workshop Proceedings |
| Volume | 1951 |
| Publication status | Published - 2017 |