Submitted by: Palmirani Monica (professor University of Bologna) --------------------------------- Bio Monica Palmirani is a professor in Computer Science and Law and Legal Informatics at the University of Bologna, School of Law. She works at CIRSFID, one of the leading research centers of excellence in the area of computer science and law in Italy and at the international level. In OASIS, she is a member of the Board and co-chair of the LegalDocML and the LegalRuleML technical committees. In 2015, she was recognized as an OASIS Distinguished Contributor. She has been visiting professor in NICTA (2009) and in Stanford University (2010, 2017). Her research interests include XML techniques for modelling legal documents, for what concerns the structure as well as aspects connected to the legal knowledge, including normative rules and legal ontologies, and ICT-enhanced legal drafting techniques. She is leading several research projects to improve access and quality of legal documentation, as well as open government data models for democracy and transparency. She has published more than 70 papers and she has been chair of several international conferences, editor of book series, and member of the scientific committee of the “AI and Law” Journal. --------------------------------- Your goals The GDPR introduces a common legal framework for all the EU member states with the aim of harmonizing their privacy principles and the application of these principles inside the Digital Single Market. One of the main newly introduced instruments is the self-assessment of the digital risks and the modulation of the duties on the basis of the impact assessment analysis, including specific measures to safeguard the data subject's human dignity and fundamental rights. The audit and the compliance checking are instruments to guarantee privacy-by-design during software development (ex-ante phase) and the prompt detection of violations (ex-post phase) when they occur. For this reason, semantic web and legal reasoning techniques can support the application of privacy-by-default principles in the day-by-day operative tasks of public administrations, companies and non-profit organizations. In this light, there is the urgent need to model a legal ontology of the privacy regulation, which must not be limited to the GDPR and which can be extended to other jurisdictions, in order to define the legal concepts in these legal frameworks and the relationships among them. We intend to present the first draft ontology on the GDPR, called PRONTO (Privacy Ontology), that aims to provide a legal knowledge modelling of the privacy agents, data types, processing operations, rights and obligations. The goal of this ontology is to support legal reasoning and check compliance by using defeasible logic theory (LegalRuleML standard and SPINDle engine), and to improve the information retrieval on the web (e.g., Linked Open Data). --------------------------------- Workshop Goals Several privacy ontologies exist (e.g., HL7 for eHealth, PPO for Linked Open Data, OdrL for modelling rights, etc.) in the state of the art but not integrated with deontic logic models usable for legal reasoning. We intend during the workshop to define a plan to integrate different levels of semantic representation: document and data modelling for helping the semantic web information retrieval in particular Linked Open Data (e.g., SPARQL queries); workflow and processing for helping the planning of privacy policy and in case also the BPMN modelling according with the informatics system design (e.g., privacy-by-design); rights and obligations for permitting the legal reasoning using rule languages (e.g., LegalRuleML and compliance checking); human-centric approach for favouring the visualization and the presentation in different context and to different target the privacy legal principles and concepts. This research is a long term project. We believe that such ontology have to be negotiated with a large community in order to create a consensus building and to put those results inside of a standardization body for the future goverance (e.g., OASIS, W3C). In the future it is necessary also to develop specific profiles, one for each specific national law or for thematic (e.g., Privacy in IoT, Privacy in AI, etc.). --------------------------------- Your interests Please select the rank-order (1 to 10) for the options you think are acceptable (i.e. you can live with it), where 1 is the most preferred, 2 the next best and so on... * Vocabularies to model privacy policies, regulations, and involved (business) processes: [ Ranked 1 ] * Identity management vocabularies: [ Ranked 2 ] * Modeling personal data usage, processing, sharing, and tracking: [ Ranked 1 ] * Interlinking aspects of privacy and provenance: [ Ranked 1 ] * Modeling consent and making it transportable: [ Ranked 1 ] * New ways to put the user in control benefiting from semantic interoperability of policy information: [ Ranked 4 ] * Modeling permissions, obligations, and their scope: [ Ranked 1 ] * Reasoning about formally declared privacy policies: [ Ranked 1 ] * Exploring links and synergies using Linked Data vocabularies in the context of related efforts: [ Ranked 2 ] * Visualizations of data and policy information to help data self determination: [ Ranked 1 ] --------------------------------- Other Thoughts We should create a privacy and data protection icons design requirements in order to create standard criteria for producing visual representation of legal concepts for citizens, consumers, enterprises. Also a blockchain standard for privacy purposes is very relevant goal.