SPECIAL - Scalable Policy-awarE linked data arChitecture for prIvacy, trAnsparency and compLiance

Date: 
01/01/2017 to 31/12/2019

Introduction

Our vision is to reconcile Big Data and personal data protection via an innovative data handling solution and a transparency framework. We develop this technology to ease industry’s difficulties with GDPR compliance and to enable respectful treatment of personal information. The SPECIAL platform:

  • supports the acquisition of user consent at collection time and the recording of both data and metadata (consent, policies, event data, context) according to legislative and user-specified policies;
  • caters for privacy-aware, secure workflows that include usage/access control, transparency and compliance verification;
  • demonstrates robustness in terms of performance, scalability and security ;
  • provides a dashboard with feedback and control features that make privacy in Big Data comprehensible and manageable for data subjects, controllers, and processors.

Who is the project designed for?

The outcome of the SPECIAL-project will be for the direct benefit of data subjects and a business enabler for data controllers.
The specification and technology proposed by SPECIAL will allow the acquisition of user consent at collection time and the recording of both data and metadata and make this information available at all stages of processing. Specifying purposes in the database and establishing an underlying communication link allows data controllers to handle personal data in accordance with the legal provisions and to demonstrate transparency and offering relevant choices to their customers.

Therefore the SPECIAL-stakeholders are:

  • data subjects in their roles as customers, citizens, app-users, subscribers etc.,
  • data controllers in particular big data scientists, technology companies and operational data owners, etc.,
  • big data scientists and companies
  • entities providing infrastructure or software for data controllers that must be able to show that their product’s GDPR-compatibility
  • policy makers, parliamentarians and the data protection community may provide the necessary encouragement to deploy the solutions
  • entities interested in providing data protection relevant information to data subjects based on the user interaction research driven within SPECIAL

How is your project benefitting the end-user?

The direct “end-users” of the technology and knowhow proposed in SPECIAL will be data controllers, thus companies processing data, or their contractors such as developers for apps and software, data centres etc., however the main benefit will reside with natural persons in their role as customers, citizens or users. The application of SPECIAL will enable data subjects to gain more transparency and control over how their personal data is processed.

Parts of the SPECIAL-results may support some of the features foreseen in the GDPR such as serving as a technical specification to exercise the right to object according to Art. 21 (5) GDPR.

Please briefly describe the results your project achieved so far

Completion of 18 project deliverables. All public deliverables can be found here:
https://www.specialprivacy.eu/publications/public-deliverables

The completion of the initial version of the policy language and a vocabulary for expressing data processing and sharing events.

The completion of initial versions of the consent, control and transparency User Interfaces and the setup of user studies in order to determine their effectiveness.

Publication of 8 papers on topics relevant to SPECIAL. The papers can be found here:
https://www.specialprivacy.eu/publications/scientific-publications

Strong involvement in a series of relevant workshops such as:

  • "How safe is the new data protection?", legal workshop on the GDPR
  • Federated Semantic Data Management”, Dagstuhl-Seminar with strong focus on Access Control and Privacy
  • Society, Privacy and the Semantic Web -Policy and Technology”, workshop held in conjunction with the International Semantic Web Conference.

Dissemination in relation to the project and our initial outputs at six conferences and five workshops on Data Protection, Privacy, Legal Informatics, Semantic Technology, and Blockchain.

A W3C-workshop will be held April 17th -18th in Vienna to define the relevant Vocabulary and contents a specification must be able to express to fulfil our aims and goals.

(The above represents the status as of April 2018)

What are the next steps for your project?

The project follows an agile approach. Based on the specification and the legal and technical requirements provided by the interdisciplinary team the use case partners finalize the second phase of planning and definition of the pilots followed by intensified implementation work for the pilots. Feedback loops allow further developments of the big data policy engine, insights regarding the user interaction and changes in the legal setting such as the ratification of a final version of the ePrivacy-Regulation to influence the pilot development.

Week: 
Wednesday, 14 February, 2018

News

Share your view to identify EU-US priorities on cybersecurity and privacy R&I

The AEGIS project is working to promote cybersecurity and privacy dialogue and cooperation between the US and the EU.

As part of its activities AEGIS is conducting an online survey to identify R&I priorities for EU-US cooperation in cybersecurity and privacy.

Events

28/06/2018
Free Live Cybersecurity Webinar – Cyberwatching.eu: opportunities for CS&P clusters

Cyberwatching.eu launch the first webinar for clusters that are actively working in Cybersecurity and Privacy, in order to share experiences and information on how they can help their members to keep up to date in these sectors.

One of the main goals of cyberwatching.eu project is to take advantage of the results of previous European R&D projects to build new product and services, fostering synergies among different European clusters. In this webinar we will give you an overview of:

10/10/2018 to 11/10/2018
Transatlantic ICT Forum 2018