A provenance model for the european union general data protection regulation

Benjamin E. Ujcich, Adam Bates, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The European Union (EU) General Data Protection Regulation (GDPR) has expanded data privacy regulations regarding personal data for over half a billion EU citizens. Given the regulation’s effectively global scope and its significant penalties for non-compliance, systems that store or process personal data in increasingly complex workflows will need to demonstrate how data were generated and used. In this paper, we analyze the GDPR text to explicitly identify a set of central challenges for GDPR compliance for which data provenance is applicable; we introduce a data provenance model for representing GDPR workflows; and we present design patterns that demonstrate how data provenance can be used realistically to help in verifying GDPR compliance. We also discuss open questions about what will be practically necessary for a provenance-driven system to be suitable under the GDPR.

Original languageEnglish (US)
Title of host publicationProvenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings
EditorsKhalid Belhajjame, Ashish Gehani, Pinar Alper
PublisherSpringer-Verlag
Pages45-57
Number of pages13
ISBN (Print)9783319983783
DOIs
StatePublished - Jan 1 2018
Event7th International Provenance and Annotation Workshop, IPAW 2018 - London, United Kingdom
Duration: Jul 9 2018Jul 10 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11017 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other7th International Provenance and Annotation Workshop, IPAW 2018
CountryUnited Kingdom
CityLondon
Period7/9/187/10/18

Fingerprint

Data privacy
Provenance
Union
Model
Compliance
European Union
Work Flow
Noncompliance
Design Patterns
Demonstrate
Privacy
Penalty

Keywords

  • Compliance
  • Data processing
  • Data provenance
  • Data usage
  • GDPR
  • General Data Protection Regulation
  • Modeling
  • W3C PROV-DM

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Ujcich, B. E., Bates, A., & Sanders, W. H. (2018). A provenance model for the european union general data protection regulation. In K. Belhajjame, A. Gehani, & P. Alper (Eds.), Provenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings (pp. 45-57). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11017 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-98379-0_4

A provenance model for the european union general data protection regulation. / Ujcich, Benjamin E.; Bates, Adam; Sanders, William H.

Provenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings. ed. / Khalid Belhajjame; Ashish Gehani; Pinar Alper. Springer-Verlag, 2018. p. 45-57 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11017 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ujcich, BE, Bates, A & Sanders, WH 2018, A provenance model for the european union general data protection regulation. in K Belhajjame, A Gehani & P Alper (eds), Provenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11017 LNCS, Springer-Verlag, pp. 45-57, 7th International Provenance and Annotation Workshop, IPAW 2018, London, United Kingdom, 7/9/18. https://doi.org/10.1007/978-3-319-98379-0_4
Ujcich BE, Bates A, Sanders WH. A provenance model for the european union general data protection regulation. In Belhajjame K, Gehani A, Alper P, editors, Provenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings. Springer-Verlag. 2018. p. 45-57. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-98379-0_4
Ujcich, Benjamin E. ; Bates, Adam ; Sanders, William H. / A provenance model for the european union general data protection regulation. Provenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings. editor / Khalid Belhajjame ; Ashish Gehani ; Pinar Alper. Springer-Verlag, 2018. pp. 45-57 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{33e84e7cd4cb43cb8028c778a22ef777,
title = "A provenance model for the european union general data protection regulation",
abstract = "The European Union (EU) General Data Protection Regulation (GDPR) has expanded data privacy regulations regarding personal data for over half a billion EU citizens. Given the regulation’s effectively global scope and its significant penalties for non-compliance, systems that store or process personal data in increasingly complex workflows will need to demonstrate how data were generated and used. In this paper, we analyze the GDPR text to explicitly identify a set of central challenges for GDPR compliance for which data provenance is applicable; we introduce a data provenance model for representing GDPR workflows; and we present design patterns that demonstrate how data provenance can be used realistically to help in verifying GDPR compliance. We also discuss open questions about what will be practically necessary for a provenance-driven system to be suitable under the GDPR.",
keywords = "Compliance, Data processing, Data provenance, Data usage, GDPR, General Data Protection Regulation, Modeling, W3C PROV-DM",
author = "Ujcich, {Benjamin E.} and Adam Bates and Sanders, {William H.}",
year = "2018",
month = "1",
day = "1",
doi = "10.1007/978-3-319-98379-0_4",
language = "English (US)",
isbn = "9783319983783",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
pages = "45--57",
editor = "Khalid Belhajjame and Ashish Gehani and Pinar Alper",
booktitle = "Provenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings",

}

TY - GEN

T1 - A provenance model for the european union general data protection regulation

AU - Ujcich, Benjamin E.

AU - Bates, Adam

AU - Sanders, William H.

PY - 2018/1/1

Y1 - 2018/1/1

N2 - The European Union (EU) General Data Protection Regulation (GDPR) has expanded data privacy regulations regarding personal data for over half a billion EU citizens. Given the regulation’s effectively global scope and its significant penalties for non-compliance, systems that store or process personal data in increasingly complex workflows will need to demonstrate how data were generated and used. In this paper, we analyze the GDPR text to explicitly identify a set of central challenges for GDPR compliance for which data provenance is applicable; we introduce a data provenance model for representing GDPR workflows; and we present design patterns that demonstrate how data provenance can be used realistically to help in verifying GDPR compliance. We also discuss open questions about what will be practically necessary for a provenance-driven system to be suitable under the GDPR.

AB - The European Union (EU) General Data Protection Regulation (GDPR) has expanded data privacy regulations regarding personal data for over half a billion EU citizens. Given the regulation’s effectively global scope and its significant penalties for non-compliance, systems that store or process personal data in increasingly complex workflows will need to demonstrate how data were generated and used. In this paper, we analyze the GDPR text to explicitly identify a set of central challenges for GDPR compliance for which data provenance is applicable; we introduce a data provenance model for representing GDPR workflows; and we present design patterns that demonstrate how data provenance can be used realistically to help in verifying GDPR compliance. We also discuss open questions about what will be practically necessary for a provenance-driven system to be suitable under the GDPR.

KW - Compliance

KW - Data processing

KW - Data provenance

KW - Data usage

KW - GDPR

KW - General Data Protection Regulation

KW - Modeling

KW - W3C PROV-DM

UR - http://www.scopus.com/inward/record.url?scp=85053840623&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85053840623&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-98379-0_4

DO - 10.1007/978-3-319-98379-0_4

M3 - Conference contribution

AN - SCOPUS:85053840623

SN - 9783319983783

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 45

EP - 57

BT - Provenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings

A2 - Belhajjame, Khalid

A2 - Gehani, Ashish

A2 - Alper, Pinar

PB - Springer-Verlag

ER -