The Importance of Expressing GDPR Codes of Conduct and Certificates in Machine Readable Format
a year ago
Presentation on the Expression of GDPR Codes of Conduct and Certificates in Machine Readable Format
Efstratios Koulierakis- ESR 15, University of Groningen
On Friday 31 March 2023, Efstratios Koulierakis presented his work on the importance of expressing GDPR codes of conduct and certificates in machine readable format. The colloquium presentation was based on ESR’s speech in the workshop organised by the COST action Distributed Knowledge Graphs (CA19134), at the University of Salerno from 13 to 15 February 2023.
The colloquium presentation suggested that the existing data protection policy languages, vocabularies and profiles should draw influence from officially approved documents in the domain of EU data protection law. The value of these tools is growing and they can be used in order to bring digital applications in compliance with the General Data Protection Regulation (GDPR). It has already been suggested that data protection policy languages, vocabularies and profiles are useful as a way of expressing personal preferences and usage control restrictions in relation to the SOLID protocol.
Even though the expression of GDPR provisions in machine readable format would have multiple benefits, it is very difficult to be achieved in a sensible way. That is because, the Regulation contains very broad formulations. Hence, there is need for concrete use cases that can bridge the gap between the vague legal requirements and the application of the GDPR is particular case.
The presentation suggested that there is a growing number codes of conduct and data protection certificates which have been officially approved in accordance with procedures laid down by the GDPR. On the one hand, these officially approved documents contain some specific data protection policies. On the other hand, these policies have been approved by the competent data protection authorities that monitor compliance with the law. For this reason, officially approved codes of conduct and data protection certificates can be a source of reliable policies of compliance in particular use cases. For that reason, there is an added value in ensuring that the existing tools for the expression of rules capture the policies in these official documents.
The slides of the presentation can be found here.