ABOUT THE PROJECT
OntoROPA: Ontology based ecosystem for trustworthy Records of Processing Activities (ROPAs)
Privacy compliance includes the provision of Records of Personal Data Processing Activities (ROPAs). This applies for any entity, company or Public Administration, which processes personal data, and is an obligation arising as a consequence of the entry into force of the General Data Protection Regulation (GDPR) Regulation (EU) 2016/679) (EU 201657), which rules ROPAs in Article 30. Companies and Public Administration are on the road to fully comply with GDPR, which includes the provision of this important pieces of information about personal data processing. Moreover, Public Administration has the obligation to publish them. As a consequence, many ROPAs are now published as spreadsheets available in websites. Our thesis is that ROPAs should not be independent and isolated pieces of information as they are now, this is the main challenge that OntoROPA deals with.
OntoROPA provides an ecosystem where metadata about ROPAs can be assessed with automatic and intelligent processes. The specific objectives are: 1) To obtain a standard ontology for ROPAs; 2) Being able to share trustworthy and open information about ROPAs, ready to be exploited by intelligent processes, in a community-based ecosystem. Linking high-quality data about ROPAs will allow for intelligent extraction of knowledge from these data protection items of information, flexible comparisons of ROPAs, and intelligent processes that assist the inspection of ROPAs.
OntoROPA uses ontologies, metadata, and blockchain, to provide practical solutions for high quality trustworthy ROPAs. Successful Semantic Web approaches such as Linked Data and OWL are combined with blockchain technologies for the aim of ensuring easy access, quality and trust of ROPAs. OntoROPA contributes new value with solutions for reliable, linked, and high-quality semantics about ROPAs. In addition, it provides a model to evolve the ontology created by the research team to a standard supported by a community.
Motivation for the project:
It provides a relevant use case for the ONTOCHAIN ecosystem. ROPAs are an important component of privacy compliance, mandatory for many stakeholders, such as Public Administration. Therefore, they are a potential source of business: Public Administration uses to delegate tasks such as personal data treatments to private companies by means of subcontracting, which implies that these personal data processors (the companies) are themselves obliged to maintain ROPAs for the treatments they process for Public Administration.
Generic use case description:
Representative for the specific new technology, which is being introduced.
A ROPA controller creating a trustworthy ROPA, searching similar ROPAs, and sharing its ROPA with other controllers, data protection supervisors and citizenship.
Create ROPA. Publish ROPA. Share ROPA. Validate ROPA. Certificate ROPA. Query ROPA. Compare ROPAs. Assess ROPA.
How these functionalities can be integrated within the software ecosystem:
A set of tools built on top of the technical infrastructure provided by the ONTOCHAIN ecosystem and standards will provide the support to the end users for these functionalities and the interactions that support trustworthy data flow and sharing.
Gap being addressed:
There is no infrastructure or mechanism available for creating, sharing and exploiting high quality information about Personal Data Processing Activities, that is, ROPAs.
Expected benefits achieved with the novel technology building blocks:
Methods and tools to solve the gap will be available, with the benefit that a more easy manner of creating and exploiting ROPAs will provide more availability of ROPAs, common and standard vocabularies and methods for ROPA management, and the ability to extract knowledge from linked networks of ROPAs.
Potential demonstration scenario:
A Public Administration creates its ROPAs using trustworthy vocabularies and standards, certifies their quality and source, and publishes them as linked data.
Associate Professor in the Computer Engineering Department of the University of Valladolid (Spain) with a long experience in data engineering, IT for Law, knowledge sharing in the web of data and privacy engineering.
David Sanz Esteban
Computer Engineer and Graduated in Law with more than 15 years of experience as data engineer, Privacy Officer of the University of Valladolid since 2018.
Computer Engineer and recognised expert in cybersecurity, Chief Security Envoy in ElevenPaths, Cybersecurity Unit of the Telefónica company. He is also a teacher of cybersecurity in several teaching centers, ranging from universities and professional centers.
Associate Professor in the Department of Library and Information Science at the University of Leon, Spain has a wide research experience on Legal Information, Digital Libraries, Information Usage and Semantic Web.
Pompeu Casanovas Romeu
Director of Advanced Research, professor of Philosophy and Sociology of Law at the UAB Law School, Research Professor at La Trobe University (Australia), and founder of the IDT-UAB.
Holds a PhD in Law (Legal Ontology Development) and specializes in semantic knowledge representation for artificial intelligence and SEO. She has worked at the Legal Information Institute and at Wolters Kluwer (GPO) implementing Linked Data and semantic knowledge graphs for smart applications.
The Universidad de Valladolid (UVA) is one of the most important centers of Higher Education in Spain, multidisciplinar, four campuses --Valladolid, Palencia, Segovia, Soria--, over nearly 28,000 students enroled each year and 29 doctoral programs.
The University of Leon (ULe) is a Spanish public university established in 1979 that carries out research activity in most academic fields and in a good number of areas of technology.