[CFP] Call for Abstracts: Second COST EU Workshop on Privacy Issues in Distributed Social Knowledge Graphs

[[Apologies for cross-postings]]

-------- Forwarded Message --------
Subject: [Call for Abstracts]  Second COST EU Workshop on Privacy Issues 
in Distributed Social Knowledge Graphs
Date: Mon, 5 Dec 2022 16:53:07 +0000
From: Ross James HORNE <ross.horne@uni.lu>

Dear colleagues,


This call for contributions is particularly relevant to those who 
participated in the first edition of the workshop in June 2022, and 
those who have since expressed an interest. The workshop is, of course, 
open also to those who did not previously participate. This second 
edition of PIDSKG will be in Italy, February 2023.


[Call for Abstracts]

Second COST EU Workshop on Privacy Issues in Distributed Social 
Knowledge Graphs

PIDSKG’23

University of Salerno, Italy

13-15 February 2023


There are up to 20 grants covering travel and expenses available via the 
COST Action on Distributed Knowledge Graphs

https://cost-dkg.eu/

We solicit abstracts from those interested in participating:

https://forms.gle/Bf8puVMiVRdp6gUX9



Program Committee:

Inès Akaichi, Vienna university of Economics and Business, Austria

Rob Brennan, University College Dublin, Ireland

Beatriz Esteves, Universidad Politécnica de Madrid, Spain

Christian Esposito, University of Salerno, Italy

Olaf Hartig, Linköping University, Sweden

Ross Horne, University of Luxembourg, Luxembourg

Tobias Käfer, KIT, Germany

Harshvardhan Pandit, Dublin City University, Ireland

Chang Sun, Maastricht University, Netherlands

Livio Robaldo, Legal Innovation Lab Wales, Swansea University, UK

Arianna Rossi, University of Luxembourg, Luxembourg


Call for Abstracts:

This workshop series brings together computer scientists and legal 
experts, with a focus on Solid as a concrete system for data 
sovereignty, in order to ground a debate around emergent problems from 
both a technical cybersecurity perspective, and from the legal 
perspective of data protection. The first edition was hosted by 
University of Luxembourg 13-15 June 2022, and explored problems 
concerning privacy in distributed knowledge graphs from an 
interdisciplinary perspective.


In this second edition of the workshop, we aim to consolidate progress 
on the problems identified in the first edition of the workshop and 
produce a common deliverable. The program will focus on exchanging 
methodologies, drawing from areas such as cybersecurity and privacy law, 
that may be brought together to develop privacy solutions for 
distributed knowledge graphs. Towards this aim the program will be a mix 
of talks, demos, and tutorials, that aim to present the current state of 
research, and trajectories.


We solicit abstracts prescribing papers (published or in progress), 
demos, and tutorials in related areas not limited to the following:

   1.  HCI aspects for information provision and controls

   2.  Consenting

   3.  GDPR Compliance

   4.  Data Governance

   5.  Cybersecurity compliance (ISO standards)

   6.  Measures for enhancing security and privacy

   7.  Cyber-risk assessments and auditing

   8.  Automating compliance checking and accountability

   9.  Vulnerability assessment and management

   10. Access and usage control policies

   11. Emerging privacy legislation and their implications

   12. Privacy-preserving data analysis technologies/ privacy enhancing 
technologies

   13. Risk and Impact assessments

   14. Data spaces

   15. Solutions for Data Sovereignty

   16. Relation to emerging regulatory frameworks (DGA, DSA, DMA, 
ePrivacy, AI Act, Data Act, Health Data Spaces

   17. Identity management and authentication


This workshop will place an emphasis on discussing a potential policy 
layer enhancing existing authentication and authorisation mechanisms, 
where policies, in addition to constraining operations that agents may 
perform on data, express information on what is the context, norm, 
rules, principles, guidelines, or regulation for what/when/who/where/how 
data should be used, accessed, or otherwise processed. A policy layer is 
where the typical information for determining access (i.e. request 
notice) and its decision (e.g. consent or permission) are concerned. We 
expect an output of the workshop to include a report specifying the 
consensus of participants on the requirements of such a policy layer.


Submission format:

Submissions may be in any format (text, PDF, etc.), but should clearly 
describe the topic proposed. Abstracts will be used by the Program 
Committee to form the program and ensure contributions are within scope 
of the workshop. Please submit abstracts to the following Google form:

https://forms.gle/Bf8puVMiVRdp6gUX9

Early decisions are possible for those needing to make travel arrangements.


Timeline for submissions:

   1.  Abstracts submitted by 8 January.

   2.  Decisions on allocated funding 15 January.

   3.  Workshop: Salerno 13-15 February.

   4.  Follow up event in Nuremberg 30-31 March.


----------------

For interest, please find below the report from the first workshop and 
sample abstracts for this second edition of the workshop.

https://docs.google.com/document/d/11O7glhccDJSCfzeAjUOcE-WBv05kS2v3bOB9PUJCslU/edit?usp=sharing


Sample abstracts


Title: Making Sense of Solid for Data Governance and GDPR

Harshvardhan Pandit, Dublin City University, Ireland Abstract: Solid is 
a new radical paradigm based on decentralising data from central 
organisations to individuals, that seeks to empower individuals to have 
active control of who and how their data is being used. In order to 
realise this vision, the use-cases and implementations of Solid also 
require to be consistent with the relevant privacy and data protection 
regulations such as the GDPR. However, to do so requires prior 
understanding of all actors, roles, and processes involved in a 
use-case, which then need to be aligned with GDPR's concepts to identify 
relevant obligations and only then investigate their compliance. To 
assist with this process, we apply the existing standardised 
terminologies and paradigms from ISO/IEC standards to describe the 
actors and implementations of Solid as `cloud technologies'. We then 
investigate the applicability of GDPR's requirements to Solid-based 
implementations, along with an exploration of how existing issues 
arising from GDPR enforcement also apply to Solid. Finally, we outline 
the path forward through specific extensions to Solid's specifications 
that mitigates known issues and enables the realisation of its benefits. 
See https://osf.io/m29hn/


Title:Assessing the Solid Protocol in Relation to Security & Privacy 
Obligations

Christian Esposito, Olaf Hartig, Ross Horne, Chang Sun

Abstract: The Solid specification aims to empower data subjects by 
giving them direct access control over their data across multiple 
applications. As governments are manifesting their interest in this 
framework for citizen empowerment and e-government services, security 
and privacy represent pivotal issues to be addressed. By analyzing the 
relevant legislation, notably GDPR, and international standards, namely 
ISO/IEC 27001:2011 and 15408, we formulate the primary security and 
privacy requirements for such a framework. Furthermore, we survey the 
current Solid protocol specifications regarding how they cover the 
highlighted requirements, and draw attention to potential gaps between 
the specifications and requirements. We also point out the contribution 
of recent academic work presenting novel approaches to increase the 
security and privacy degree provided by the Solid project. This paper 
has a twofold contribution to improve user awareness of how Solid can 
help protect their data and to present possible future research lines on 
Solid security and privacy enhancements.

See https://arxiv.org/abs/2210.08270


Title: Compliance checking on first-order knowledge with conflicting and 
compensatory norms - a comparison among currently available technologies

Livio Robaldo, Legal Innovation Lab Wales, Swansea University, UK

Abstract: This paper analyses and compares some of the automated 
reasoners that have been used in recent research for compliance 
checking. Although the list of the considered reasoners is not 
exhaustive, we believe that our analysis is representative enough to 
take stock of the current state of the art in the topic. We are 
interested here in formalizations at the first-order level. Past 
literature on normative reasoning mostly focuses on the propositional 
level. However, the propositional level is of little usefulness for 
concrete LegalTech applications, in which compliance checking must be 
enforced on (large) sets of individuals. Furthermore, we are interested 
here in technologies that are freely available and that can be further 
investigated and compared by the scientific community. In other words, 
this paper does not consider technologies only employed in industry 
and/or whose source code is non-accessible. This paper formalizes a 
selected use case in the considered reasoners and compares the 
implementations, also in terms of simulations with respect to shared 
synthetic datasets. The comparison will highlight that lot of further 
research still need to be done to integrate the benefits featured by the 
different reasoners into a single standardized first-order framework, 
suitable for LegalTech applications.


Arianna Rossi, University of Luxembourg, Luxembourg

Topic: Personalised transparency & consent, i.e. individual tailoring of 
information disclosures and privacy preferences

Abstract: Not everyone has the same style of apprehending and 
elaborating data-related information (eg experts vs laypeople), while 
asking to users to continuously interact with data permission requests 
is destined to fail. Personalisation may be achieved through manual 
configuration, profile-based, expert-based, personalised assistance (eg 
chatbots), data-driven based on past preferences, etc.

Guiding questions:

- to what extent does Solid enable the personalization of disclosures 
and the tailoring of data permission requests?

- which solution seems the most promising

- What requirements should it have?

- what benefits and risks?

- how to balance the ethical, legal, and societal aspects (ELSA) of 
personalization (e.g., echo chambers)?


Regards,
-- 
---
Harshvardhan J. Pandit, Ph.D
Assistant Professor
ADAPT Centre, Dublin City University
https://harshp.com/

Received on Thursday, 8 December 2022 15:38:12 UTC