TY - JOUR

T1 - CIDaTa: An Ontology-based Framework for International Data Transfers and GDPR Compliance

AU - Hasan, Mahmudul

AU - Corrales Compagnucci, Marcelo

AU - Kousiouris, George

AU - Anagnostopoulos, Dimosthenis

PY - 2023

Y1 - 2023

N2 - Cross-border data transfers and their legal aspects have created a daunting landscape for application and service providers, in which rules and regulations need to be constantly monitored and addressed, especially in dynamic scenarios such as cloud brokerage or cloud/edge continuum operations. Even if regulations such as the General Data Protection Regulation (GDPR) have started to mature and be understood by the IT industry, further complexity has been added by relatively recent court rulings (such as the Schrems II decision) that create new challenges for the IT domain. The latter is heavily oriented towards a fully automated operational environment thus the consideration of the legality of a data transfer is necessary to comply with current regulations. The aim of this work is to semantically model several concepts surrounding international data transfers and based on the current changes and formulate them around a newly defined ontology (CIDaTa). The work exploits 23 existing ontologies, as dictated by the Linked Data paradigm, and introduces 50 links between them. This will aid in answering questions regarding the legality of a transfer or the necessary steps needed to achieve it. Example questions set to the framework are demonstrated that can enhance the understanding of the implications of a data transfer, enabling future additions that can lead to more automated management of these transfers.

AB - Cross-border data transfers and their legal aspects have created a daunting landscape for application and service providers, in which rules and regulations need to be constantly monitored and addressed, especially in dynamic scenarios such as cloud brokerage or cloud/edge continuum operations. Even if regulations such as the General Data Protection Regulation (GDPR) have started to mature and be understood by the IT industry, further complexity has been added by relatively recent court rulings (such as the Schrems II decision) that create new challenges for the IT domain. The latter is heavily oriented towards a fully automated operational environment thus the consideration of the legality of a data transfer is necessary to comply with current regulations. The aim of this work is to semantically model several concepts surrounding international data transfers and based on the current changes and formulate them around a newly defined ontology (CIDaTa). The work exploits 23 existing ontologies, as dictated by the Linked Data paradigm, and introduces 50 links between them. This will aid in answering questions regarding the legality of a transfer or the necessary steps needed to achieve it. Example questions set to the framework are demonstrated that can enhance the understanding of the implications of a data transfer, enabling future additions that can lead to more automated management of these transfers.

UR - https://www.inderscience.com/info/inarticle.php?artid=137167

U2 - 10.1504/IJMSO.2023.10060489

DO - 10.1504/IJMSO.2023.10060489

M3 - Journal article

VL - 16

SP - 195

EP - 209

JO - International Journal of Metadata, Semantics, and Ontology

JF - International Journal of Metadata, Semantics, and Ontology

IS - 3

ER -