The project DAPRECO is an FNR-CORE project carried out by four researchers at SnT: Gabriele Lenzini (PI), Andra Giurgiu (WP1 leader), Cesare Bartolini (WP2 leader), and myself (WP3 leader). The official website of DAPRECO may be found here.
The recently approved General Data Protection Regulation (GDPR) is expected to have a significant impact on the European Digital Single Market because it changes how enterprises have to protect individual's personal data records. The GDPR, however, set certain requirements but do not establish means to achieve them.
On the other hand, ISO security standards certified. The key idea of DAPRECO is to correlate provisions in the ISO security standards with provisions in the GDPR, in order to provide presumption of compliance with the GDPR for enterprises for which the ISO security standards are certified.
Note that ISO standards can only provide presumption of compliance with the GDPR. ISO standards are not part of the law, thus they do not guarantee an exemption from liability. However, they can provide a strong argument in courts, especially if legal authorities deemed as valid the correlations between provisions in the standards with provisions in the GDPR.
DAPRECO proposes a methodology for building a knowledge base of machine readable formulae that represents provisions, and correlate them. The logic is defeasible, in order to take into account different legal interpretations of the norms and their correlations.
The project is structured along three work packages:
- WP1 (Andra Giurgiu): the work package will produce a report in plain text proposing an initial legal interpretation of the correlations between the provisions in the GDPR and those in the security standards. The work package will also produce the XML representations of the GDPR and the ISO standards in Akoma Ntoso.
- WP2 (Cesare Bartolini): the work package will develop a conceptual model of the GDPR, expressed in the form of a set of legal ontologies possibly leveraging from existing ontologies. Similar ontologies will be built for ISO security standards. The result will be OWL ontologies where relevant concepts are modeled and related to each other. The concept in the ontology will be tagged in the Akoma Ntoso documents via special tags.
- WP3 (Livio Robaldo): the work package will associate the provisions in the GDPR and the ISO standards with formulae in reified Input/Output logic, a novel deontic formalism specifically designed for representing norms expressed in natural language. Items in the formulae are associated with concepts in the ontologies and structural elements (paragraphs, points, etc.) in the Akoma Ntoso documents via the legal XML standard LegalRuleML.
The result will be the DAPRECO knowledge base, a machine-readable representation of the norms in the GDPR, the ones in the ISO standards and the correlations between the two.