Skip to main content
Log in

User consent modeling for ensuring transparency and compliance in smart cities

Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Smart city infrastructures such as transportation and energy networks are evolving into so-called cyber physical social systems (CPSSs), which collect and leverage citizens’ data in order to adapt services to citizens’ needs. The privacy implications of such systems are, however, significant and need to be addressed. Current systems either try to escape the privacy challenge via anonymization or use very rigid, hard-coded workflows that have been agreed with a data protection authority. In the case of the latter, there is a severe impact on data quality and richness, whereas in the former, only these hard-coded flows are permitted resulting in diminished functionality and potential. We address these limitations via user modeling in terms of investigating how to model and semantically represent user consent, preferences, and data usage policies that will guide the processing of said data in the data lake. Data protection is a horizontal field and consequently very wide. Therefore, we focus on a concrete setting where we extend the domain-agnostic SPECIAL policy language for a smart mobility use case supplied by Vienna’s largest utility provider. To that end, (1) we create an extension of SPECIAL in terms of a core CPSS vocabulary that lowers the semantic gap between the domain agnostic terms of SPECIAL and the vocabulary of the use case; (2) we propose a workflow that supports defining domain-specific vocabularies for complex CPSSs; and (3) show that these two contributions allow successfully achieving the goals of our setting.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Listing 1
Listing 2
Listing 3
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Listing 4
Listing 5
Listing 6
Listing 7

Notes

  1. https://www.specialprivacy.eu/

  2. P3P,http://www.w3.org/TR/P3P/

  3. ODRL,https://www.w3.org/TR/odrl-model/

  4. For the policy language examples, we use the OWL functional syntax which is less verbose.

  5. All namespaces share the S which represents http://www.specialprivacy.eu/vocabs.

References

  1. Aggarwal CC, Philip SY (2008) A general survey of privacy-preserving data mining models and algorithms. In: Privacy-preserving data mining. Springer, pp 11–52

  2. Bellare M, Yee B (1997) Forward integrity for secure audit logs. Tech. rep., Computer Science and Engineering Department University of California at San Diego

  3. Bermejo A, Villadangos J, Astrain JJ, Cordoba A (2013) Ontology based road traffic management. In: Proc. of intelligent distributed computing. Springer, pp 103–108

  4. Bonatti P, Kirrane S, Petrova I, Sauro L, Kerschbaum C, Pirkova E (2018) Special deliverable 2.6: formal representation of the legislation v2. https://www.specialprivacy.eu/images/documents/SPECIAL_D26_M21_V10.pdf

  5. Bonatti P, Kirrane S, Petrova I, Sauro L, Schlehahn E (2017) Special deliverable 2.1: policy language v1. https://www.specialprivacy.eu/images/documents/SPECIAL_D2.1_M12_V1.0.pdf https://www.specialprivacy.eu/images/documents/SPECIAL_D2.1_M12_V1.0.pdf

  6. Bonatti P, Kirrane S, Polleres A, Wenning R (2017) Transparent personal data processing: the road ahead. In: Proc. of TELERISE, pp 337–349

  7. Bonatti PA, Coi JLD, Olmedilla D, Sauro L (2010) A rule-based trust negotiation system. IEEE Trans Knowl Data Eng 22(11):1507–1520

    Article  Google Scholar 

  8. Bonatti PA, Kirrane S (2019) Big data and analytics in the age of the gdpr

  9. Brickley D, Miller L (2010) Foaf vocabulary specification 0.91

  10. Cavoukian A (2011) Privacy by design in law, policy and practice. A white paper for regulators decision-makers and policy-makers

  11. Chen S, Liu T, Gao F, Ji J, Xu Z, Qian B, Wu H, Guan X (2017) Butler, not servant: a human-centric smart home energy management system. IEEE Commun Mag 55(2):27–33

    Article  Google Scholar 

  12. Cledou G, Estevez E, Barbosa LS (2018) A taxonomy for planning and designing smart mobility services. Gov Inf Q 35(1):61–76

    Article  Google Scholar 

  13. Cranor LF (2002) Web privacy with P3P - the platform for privacy preferences. O’Reilly

  14. Dao MS, Pongpaichet S, Jalali L, Kim K, Jain R, Zettsu K (2014) A real-time complex event discovery platform for cyber-physical-social systems. Proc of ICMR, 201–208

  15. Espinoza-Arias P, Poveda-Villalón M, García-Castro R, Corcho O (2019) Ontological representation of smart city data: from devices to cities. Appl Sci 9(1):32

    Article  Google Scholar 

  16. Falkvinge R (2017) Airport: “we’re tracking every single footstep you take and can connect it to your mail address, but your privacy is safe because we say so”. https://falkvinge.net/2017/04/15/schiphol-airport-tracking-every-single-footstep/

  17. Fatema K, Hadziselimovic E, Pandit HJ, Debruyne C, Lewis D, O’Sullivan D (2017) Compliance through informed consent: semantic based consent permission and data management model. In: Proc of PrivOn

  18. Ghinita G, Karras P, Kalnis P, Mamoulis N (2007) Fast data anonymization with low information loss. In: Proc. of VLDB. VLDB Endowment, pp 758–769

  19. Hildebrandt M (2015) Smart technologies and the end (s) of law: novel entanglements of law and technology. Edward Elgar Publishing

  20. Hussein D, Park S, Han SN, Crespi N (2015) Dynamic social structure of things: a contextual approach in CPSS. IEEE Internet Comput 19(3):12–20

    Article  Google Scholar 

  21. Iannella R, Villata S (2018) Odrl information model 2.2/ W3C Recommendation

  22. Information Commissioner’s Office (ICO) UK (2017) Getting ready for the GDPR. https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/ https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/ https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/

  23. Kagal L, Finin TW, Joshi A (2003) A policy language for a pervasive computing environment. In: Proc. of POLICY, pp 63–

  24. Kitchenham BA, Budgen D, Pearl Brereton O (2011) Using mapping studies as the basis for further research - a participant-observer case study. Inf Softw Technol 53(6):638–651

    Article  Google Scholar 

  25. Kolovski V, Hendler J, Parsia B (2007) Analyzing web access control policies. In: Proc. of WWW, pp 677–686

  26. Lebo T, Sahoo S, McGuinness D (2013) Prov-o: the prov ontology. W3C Recommendation

  27. Ly LT, Maggi FM, Montali M, Rinderle-Ma S, van der Aalst WM (2015) Compliance monitoring in business processes: functionalities, application, and tool-support. Inform Syst 54:209–234

    Article  Google Scholar 

  28. Microsoft Trust Center (2017) Detailed GDPR assessment. http://aka.ms/gdprdetailedassessment

  29. Mont MC, Pearson S, Bramhall P (2003) Towards accountable management of identity and privacy: sticky policies and enforceable tracing services. In: Database and expert systems applications. IEEE, pp 377–382

  30. Motik B, Patel-Schneider PF, Parsia B (2012) OWL 2 web ontology language – structural specification and functional-style syntax, 2nd edn. W3C Recommendation

  31. Nymity (2017) GDPR compliance toolkit. https://www.nymity.com/gdpr-toolkit.aspx

  32. Pandit H, Lewis D (2017) Modelling provenance for gdpr compliance using linked open data vocabularies. In: Proc of PrivOn

  33. Peruzzini M, Pellicciari M (2017) A framework to design a human-centred adaptive manufacturing system for aging workers. Adv Eng Inform 33:330–349

    Article  Google Scholar 

  34. Pulls T, Peeters R, Wouters K (2013) Distributed privacy-preserving transparency logging. In: Proc. of WPES

  35. Sabou M, Musil A (2018) Cityspin deliverable 2.1: cyber-physical social systems blueprint (v.1). http://cityspin.net/wp-content/uploads/2017/10/D2.1.pdf

  36. Sabou M, Musil A, Musil J, Biffl S (2018) Protocol for: a systematic mapping study of cyber-physical social systems. Tech. Rep. IFS-QSE 18-02, TU Wien, Austria. http://qse.ifs.tuwien.ac.at/publication/IFS-QSE-18-02.pdf

  37. Sackmann S, Strüker J, Accorsi R (2006) Personalization in privacy-aware highly dynamic systems. Commun ACM, 49(9)

  38. Scherp A, Saathoff C, Franz T, Staab S (2011) Designing core ontologies. Appl Ontol 6(3):177–221. http://dl.acm.org/citation.cfm?id=2351285.2351289

    Article  Google Scholar 

  39. Schreiber G, Raimond Y (2014) Rdf 1.1 primer

  40. Smirnov A, Shilov N, Gusikhin O (2015) Socio-cyberphysical system for proactive driver support - approach and case study. In: Proc of ICINCO, pp 289–295

  41. Sutton A, Samavi R (2017) Blockchain enabled privacy audit logs. In: Proc. of ISWC, pp 645–660

  42. Uszok A, Bradshaw JM, Jeffers R, Suri N, Hayes PJ, Breedy MR, Bunch L, Johnson M, Kulkarni S, Lott J (2003) KAoS policy and domain services: towards a description-logic approach to policy representation, deconfliction, and enforcement. In: Proc. of POLICY, pp 93–96

  43. Wang FY (2010) The emergence of intelligent enterprises: from CPS to CPSS. IEEE Intell Syst 25(4):85–88

    Article  Google Scholar 

  44. Xiao J, Joseph SL, Zhang X, Li B, Li X, Zhang J (2015) An assistive navigation framework for the visually impaired. IEEE Trans Human-Mach Syst 45(5):635–640

    Article  Google Scholar 

  45. Xiong G, Zhu F, Liu X, Dong X, Huang W, Chen S, Zhao K (2015) Cyber-physical-social system in intelligent transportation. IEEE/CAA J Automatica Sinica 2(3):320–333

    Article  MathSciNet  Google Scholar 

  46. Zyskind G, Nathan O, et al. (2015) Decentralizing privacy: using blockchain to protect personal data. In: Proc. of SPW, pp 180– 184

Download references

Funding

This work has been supported by the European Union’s Horizon 2020 research and innovation programme under grant 731601 (SPECIAL) and by the Austrian Research Promotion Agency (FFG): grant no. 861213 (CitySPIN).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Javier D. Fernández.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fernández, J.D., Sabou, M., Kirrane, S. et al. User consent modeling for ensuring transparency and compliance in smart cities. Pers Ubiquit Comput 24, 465–486 (2020). https://doi.org/10.1007/s00779-019-01330-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-019-01330-0

Keywords

Navigation