Abstract
Smart city infrastructures such as transportation and energy networks are evolving into so-called cyber physical social systems (CPSSs), which collect and leverage citizens’ data in order to adapt services to citizens’ needs. The privacy implications of such systems are, however, significant and need to be addressed. Current systems either try to escape the privacy challenge via anonymization or use very rigid, hard-coded workflows that have been agreed with a data protection authority. In the case of the latter, there is a severe impact on data quality and richness, whereas in the former, only these hard-coded flows are permitted resulting in diminished functionality and potential. We address these limitations via user modeling in terms of investigating how to model and semantically represent user consent, preferences, and data usage policies that will guide the processing of said data in the data lake. Data protection is a horizontal field and consequently very wide. Therefore, we focus on a concrete setting where we extend the domain-agnostic SPECIAL policy language for a smart mobility use case supplied by Vienna’s largest utility provider. To that end, (1) we create an extension of SPECIAL in terms of a core CPSS vocabulary that lowers the semantic gap between the domain agnostic terms of SPECIAL and the vocabulary of the use case; (2) we propose a workflow that supports defining domain-specific vocabularies for complex CPSSs; and (3) show that these two contributions allow successfully achieving the goals of our setting.
Notes
For the policy language examples, we use the OWL functional syntax which is less verbose.
All namespaces share the S which represents http://www.specialprivacy.eu/vocabs.
References
Aggarwal CC, Philip SY (2008) A general survey of privacy-preserving data mining models and algorithms. In: Privacy-preserving data mining. Springer, pp 11–52
Bellare M, Yee B (1997) Forward integrity for secure audit logs. Tech. rep., Computer Science and Engineering Department University of California at San Diego
Bermejo A, Villadangos J, Astrain JJ, Cordoba A (2013) Ontology based road traffic management. In: Proc. of intelligent distributed computing. Springer, pp 103–108
Bonatti P, Kirrane S, Petrova I, Sauro L, Kerschbaum C, Pirkova E (2018) Special deliverable 2.6: formal representation of the legislation v2. https://www.specialprivacy.eu/images/documents/SPECIAL_D26_M21_V10.pdf
Bonatti P, Kirrane S, Petrova I, Sauro L, Schlehahn E (2017) Special deliverable 2.1: policy language v1. https://www.specialprivacy.eu/images/documents/SPECIAL_D2.1_M12_V1.0.pdf https://www.specialprivacy.eu/images/documents/SPECIAL_D2.1_M12_V1.0.pdf
Bonatti P, Kirrane S, Polleres A, Wenning R (2017) Transparent personal data processing: the road ahead. In: Proc. of TELERISE, pp 337–349
Bonatti PA, Coi JLD, Olmedilla D, Sauro L (2010) A rule-based trust negotiation system. IEEE Trans Knowl Data Eng 22(11):1507–1520
Bonatti PA, Kirrane S (2019) Big data and analytics in the age of the gdpr
Brickley D, Miller L (2010) Foaf vocabulary specification 0.91
Cavoukian A (2011) Privacy by design in law, policy and practice. A white paper for regulators decision-makers and policy-makers
Chen S, Liu T, Gao F, Ji J, Xu Z, Qian B, Wu H, Guan X (2017) Butler, not servant: a human-centric smart home energy management system. IEEE Commun Mag 55(2):27–33
Cledou G, Estevez E, Barbosa LS (2018) A taxonomy for planning and designing smart mobility services. Gov Inf Q 35(1):61–76
Cranor LF (2002) Web privacy with P3P - the platform for privacy preferences. O’Reilly
Dao MS, Pongpaichet S, Jalali L, Kim K, Jain R, Zettsu K (2014) A real-time complex event discovery platform for cyber-physical-social systems. Proc of ICMR, 201–208
Espinoza-Arias P, Poveda-Villalón M, García-Castro R, Corcho O (2019) Ontological representation of smart city data: from devices to cities. Appl Sci 9(1):32
Falkvinge R (2017) Airport: “we’re tracking every single footstep you take and can connect it to your mail address, but your privacy is safe because we say so”. https://falkvinge.net/2017/04/15/schiphol-airport-tracking-every-single-footstep/
Fatema K, Hadziselimovic E, Pandit HJ, Debruyne C, Lewis D, O’Sullivan D (2017) Compliance through informed consent: semantic based consent permission and data management model. In: Proc of PrivOn
Ghinita G, Karras P, Kalnis P, Mamoulis N (2007) Fast data anonymization with low information loss. In: Proc. of VLDB. VLDB Endowment, pp 758–769
Hildebrandt M (2015) Smart technologies and the end (s) of law: novel entanglements of law and technology. Edward Elgar Publishing
Hussein D, Park S, Han SN, Crespi N (2015) Dynamic social structure of things: a contextual approach in CPSS. IEEE Internet Comput 19(3):12–20
Iannella R, Villata S (2018) Odrl information model 2.2/ W3C Recommendation
Information Commissioner’s Office (ICO) UK (2017) Getting ready for the GDPR. https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/ https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/ https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/
Kagal L, Finin TW, Joshi A (2003) A policy language for a pervasive computing environment. In: Proc. of POLICY, pp 63–
Kitchenham BA, Budgen D, Pearl Brereton O (2011) Using mapping studies as the basis for further research - a participant-observer case study. Inf Softw Technol 53(6):638–651
Kolovski V, Hendler J, Parsia B (2007) Analyzing web access control policies. In: Proc. of WWW, pp 677–686
Lebo T, Sahoo S, McGuinness D (2013) Prov-o: the prov ontology. W3C Recommendation
Ly LT, Maggi FM, Montali M, Rinderle-Ma S, van der Aalst WM (2015) Compliance monitoring in business processes: functionalities, application, and tool-support. Inform Syst 54:209–234
Microsoft Trust Center (2017) Detailed GDPR assessment. http://aka.ms/gdprdetailedassessment
Mont MC, Pearson S, Bramhall P (2003) Towards accountable management of identity and privacy: sticky policies and enforceable tracing services. In: Database and expert systems applications. IEEE, pp 377–382
Motik B, Patel-Schneider PF, Parsia B (2012) OWL 2 web ontology language – structural specification and functional-style syntax, 2nd edn. W3C Recommendation
Nymity (2017) GDPR compliance toolkit. https://www.nymity.com/gdpr-toolkit.aspx
Pandit H, Lewis D (2017) Modelling provenance for gdpr compliance using linked open data vocabularies. In: Proc of PrivOn
Peruzzini M, Pellicciari M (2017) A framework to design a human-centred adaptive manufacturing system for aging workers. Adv Eng Inform 33:330–349
Pulls T, Peeters R, Wouters K (2013) Distributed privacy-preserving transparency logging. In: Proc. of WPES
Sabou M, Musil A (2018) Cityspin deliverable 2.1: cyber-physical social systems blueprint (v.1). http://cityspin.net/wp-content/uploads/2017/10/D2.1.pdf
Sabou M, Musil A, Musil J, Biffl S (2018) Protocol for: a systematic mapping study of cyber-physical social systems. Tech. Rep. IFS-QSE 18-02, TU Wien, Austria. http://qse.ifs.tuwien.ac.at/publication/IFS-QSE-18-02.pdf
Sackmann S, Strüker J, Accorsi R (2006) Personalization in privacy-aware highly dynamic systems. Commun ACM, 49(9)
Scherp A, Saathoff C, Franz T, Staab S (2011) Designing core ontologies. Appl Ontol 6(3):177–221. http://dl.acm.org/citation.cfm?id=2351285.2351289
Schreiber G, Raimond Y (2014) Rdf 1.1 primer
Smirnov A, Shilov N, Gusikhin O (2015) Socio-cyberphysical system for proactive driver support - approach and case study. In: Proc of ICINCO, pp 289–295
Sutton A, Samavi R (2017) Blockchain enabled privacy audit logs. In: Proc. of ISWC, pp 645–660
Uszok A, Bradshaw JM, Jeffers R, Suri N, Hayes PJ, Breedy MR, Bunch L, Johnson M, Kulkarni S, Lott J (2003) KAoS policy and domain services: towards a description-logic approach to policy representation, deconfliction, and enforcement. In: Proc. of POLICY, pp 93–96
Wang FY (2010) The emergence of intelligent enterprises: from CPS to CPSS. IEEE Intell Syst 25(4):85–88
Xiao J, Joseph SL, Zhang X, Li B, Li X, Zhang J (2015) An assistive navigation framework for the visually impaired. IEEE Trans Human-Mach Syst 45(5):635–640
Xiong G, Zhu F, Liu X, Dong X, Huang W, Chen S, Zhao K (2015) Cyber-physical-social system in intelligent transportation. IEEE/CAA J Automatica Sinica 2(3):320–333
Zyskind G, Nathan O, et al. (2015) Decentralizing privacy: using blockchain to protect personal data. In: Proc. of SPW, pp 180– 184
Funding
This work has been supported by the European Union’s Horizon 2020 research and innovation programme under grant 731601 (SPECIAL) and by the Austrian Research Promotion Agency (FFG): grant no. 861213 (CitySPIN).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Fernández, J.D., Sabou, M., Kirrane, S. et al. User consent modeling for ensuring transparency and compliance in smart cities. Pers Ubiquit Comput 24, 465–486 (2020). https://doi.org/10.1007/s00779-019-01330-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-019-01330-0