21 May 2021

OntoROPA project is here to eliminate the questions that have been raised by privacy experts, drafters and rulers, when it comes to blockchain technology and GDPR requirements compatibility. This project will provide to blockchain technology the way to address the questions raised, and to remove technical and legal obstacles.
Find out more in this interview with Mercedes Martínez-González, member of the team behind the project.


Could you please introduce yourself?

OntoROPA is a project proposal to facilitate smart privacy legal compliance using technology capable of providing semantics, intelligence, and trust. This is an innovative proposal for the targeted marketplace—i.e. the legal compliance marketplace— since there are no solutions capable of simultaneously providing the three properties mentioned. OntoROPA deals with the creation and maintenance of a critical piece of legal compliance required by the GDPR, the Records of Processing Activities (ROPA).

The OntoROPA team is composed by experts in different areas such as Legal Compliance, Library Science, Information Technology and Security, Computer Science and Knowledge Representation from three different universities: Universidad de Valladolid, Universidad de León and Universitat Autònoma de Barcelona. What is most relevant here is that we are a multidisciplinary team, with convergent shared experiences in Law and Technology, Law and the Semantic Web, the Web of Linked Data, Privacy Engineering and Natural Language Processing. We mainly focus on documentation, regulatory compliance, and data governance. We have vast experience in knowledge management and ontology building, and in implementing technology into legal settings, institutions, and services. From the past six years onwards, we have headed towards LawTech (RegTech), privacy, security, and data protection issues. We have also hosted training sessions on these matters for professionals in the ICT sector, with a very practical orientation. In addition to fundamental research, we have had industrial partners in many national and European projects. Hence, we are used to transfer our research to industry and to the market. At least one of us has a daily experience in holding a running company.


How did you hear about ONTOCHAIN?

We first received the information via the NGI newsletter we were subscribed to. Later, some team members also received e-mails from the NGI organization giving more details of the ONTOCHAIN call and encouraging us to apply.


What motivated you to apply?

ONTOCHAIN focuses on the synergies between Semantic Web and blockchain. This is an appealing and timely issue. Having worked in the Semantic Web field for a long time, we saw the possibilities that blockchain offers when both technologies are combined (which constitute a challenge in itself). On top of that, law as code, and regulatory and legal compliance, are hot topics that will grow even more in the years to come. The real challenge is to produce a sustainable privacy and data protection ecosystem able to be run in a platform economy (i.e., within transactions involving cryptocurrencies).


How was the application process?

The application process was much more lightweight that other EU funding projects such as Horizon 2020. While it posed some challenges due to its novelty, the organizers clarified many issues and it was less bureaucratic.


Can you briefly explain your project and its contribution to the ONTOCHAIN software ecosystem?

OntoROPA ambition is to innovate in legal compliance checking and monitoring, bootstrapping blockchain technology to show that it can also be used for privacy compliance in the new LawTech market. Innovation in legal compliance will be achieved by providing legal value to digital artifacts and procedures created to comply with legal data protection requirements at regional, national and European level. This is something that current tools in the legal compliance market do not provide. Blockchain technology has been put under question by privacy experts, drafters, and rulers because its distributed nature is not entirely compatible with GDPR requirements. OntoROPA will provide to blockchain technology the way to address the issues that have been raised and to remove the technical and legal obstacles. In addition, doing so, it will create a specific market niche, generating a secure and trustworthy legal ecosystem with economic value.


What are your expectations regarding the new software ecosystem that ONTOCHAIN will deliver, its contribution to the NGI priority areas, and benefits for end users?

We are fully aligned with the vision set out by the Commission, NGI is an initiative that seeks a more human internet. We are a team that seeks that the technology available on the internet serves to provide guarantees, means to protect citizens, for example, means to defend their rights. That is why we are interested in providing: instruments that help guarantee not just regulatory compliance, but legal compliance, something that not only helps companies, it is also a warrant, the guarantee for citizens whose personal data is being processed by third parties that those who do so respect their rights. As Tim Berners-Lee has often stated, the Web of Linked Data is not about documents, it is about you. It is an instrument at your service, to know how your data is treated, and to defend your rights. ONTOCHAIN provides the necessary technological tools to ensure that this is being done effectively, and it is being done well.

The legal perspective we are embracing to make it happen is the specific version of the rule of law centred on the protection and enactment of substantive rights. This means that transactions, data governance, and procedural norms contained in binding provisions such as the European GDPR can be modelled in such a way that (i) all stakeholders can participate, (ii) ensuring a legal space in between government, administration, the market, and end-users’ interests. I.e. a space for legal governance. This is what ONTOCHAIN will deliver, as a main component of the digital infrastructure (and data sovereignty) for the new platform-driven economy of the European digital market.