PrOnto: Privacy Ontology for Legal Reasoning

From Data Privacy Vocabularies and Controls Community Group

PrOnto: Privacy Ontology for Legal Reasoning

Provides modeling of the privacy agents, data types, types of processing operations, rights and obligations. Uses FRBR, LKIF Core, ALLOT, and PWO ontologies.

  • domain: Legal Reasoning
  • creators/authors/publishers:
    • Monica Palmirani (University of Bologna, CIRSFID, Bologna,Italy)
    • Michele Martoni (University of Bologna, CIRSFID, Bologna,Italy)
    • Arianna Rossi (University of Bologna, CIRSFID, Bologna,Italy)
    • Cesare Bartolini (SnT - Interdisciplinary Centre for Security, Reliability and Trust, Université du Luxembourg, Luxembourg City, Luxembourg)
    • Livio Robaldo (SnT - Interdisciplinary Centre for Security, Reliability and Trust, Université du Luxembourg, Luxembourg City, Luxembourg)
  • url link: not available
  • documentation if available online: not available
  • publication(s): Palmirani M., Martoni M., Rossi A., Bartolini C., Robaldo L. (2018) PrOnto: Privacy Ontology for Legal Reasoning. In: Kő A., Francesconi E. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2018. Lecture Notes in Computer Science, vol 11032. Springer, Cham https://link.springer.com/chapter/10.1007/978-3-319-98349-3_11

Relevance

  • Origin: Not specified
  • Developed since: Not specified
  • Latest version: Not specified


Covered Requirements

  • Taxonomy of regulatory privacy terms (including all GDPR terms): YES. Contains references to terms from GDPR, including rights and obligations, as was as compliance.
  • Taxonomy for personal data: YES. It contains concepts such as Sensitive data (health, ethic, genetic, ...), Anonymous Data, Judicial Data
  • Taxonomy of purposes: YES
  • Taxonomy of disclosure: NO
  • Metadata related to the details of anonymisation: YES (unclear about coverage)
  • Log vocabularies for immutably and securely recording: NO
    • disclosure of consent
    • revocation of consent
    • policy changes
    • transparency
  • Taxonomy of linkage operations: NO
  • Taxonomies of human behavior: NO

Uptake and Covered Use-cases

Evaluation of the ontology/approach was carried out inside/using Cloud4EU European project PCP3 http://www.agid.gov.it/cloudforeurope that intends to provide legal compliance checking systems for eGovernment services that are delivered across the cloud. Another example for compliance checking, as quoted from the publication: "We suppose that a software manages documentation, registry of processing, DPIA information, etc. (e.g., software provided by the French CNIL – Commission Nationale de l’Informatique et des Libertés6). If such a software is connected with PrOnto ontology, we can check for GDPR compliance throughout all the lifecycle of the personal data, using advanced legal reasoning tools or SPARQL end-points."

List and cross-reference the use cases in the Use cases section:

Terms and Concepts

The work presents a lot of relevant terms/concepts and methods which needs further introspection. In terms of an overview, PrOnto contains five modules: (i) documents and data, (ii) actors and roles, (iii) processing and workflow, (iv) legal rules and deontic formula, (v) purposes and legal bases; each of which presents a model (term/concept and relations) using OWL.