- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Thu, 8 Dec 2022 15:39:32 +0000
- To: "public-solid@w3.org" <public-solid@w3.org>
[[Apologies for cross-postings]] -------- Forwarded Message -------- Subject: [Call for Abstracts] Second COST EU Workshop on Privacy Issues in Distributed Social Knowledge Graphs Date: Mon, 5 Dec 2022 16:53:07 +0000 From: Ross James HORNE <ross.horne@uni.lu> Dear colleagues, This call for contributions is particularly relevant to those who participated in the first edition of the workshop in June 2022, and those who have since expressed an interest. The workshop is, of course, open also to those who did not previously participate. This second edition of PIDSKG will be in Italy, February 2023. [Call for Abstracts] Second COST EU Workshop on Privacy Issues in Distributed Social Knowledge Graphs PIDSKG’23 University of Salerno, Italy 13-15 February 2023 There are up to 20 grants covering travel and expenses available via the COST Action on Distributed Knowledge Graphs https://cost-dkg.eu/ We solicit abstracts from those interested in participating: https://forms.gle/Bf8puVMiVRdp6gUX9 Program Committee: Inès Akaichi, Vienna university of Economics and Business, Austria Rob Brennan, University College Dublin, Ireland Beatriz Esteves, Universidad Politécnica de Madrid, Spain Christian Esposito, University of Salerno, Italy Olaf Hartig, Linköping University, Sweden Ross Horne, University of Luxembourg, Luxembourg Tobias Käfer, KIT, Germany Harshvardhan Pandit, Dublin City University, Ireland Chang Sun, Maastricht University, Netherlands Livio Robaldo, Legal Innovation Lab Wales, Swansea University, UK Arianna Rossi, University of Luxembourg, Luxembourg Call for Abstracts: This workshop series brings together computer scientists and legal experts, with a focus on Solid as a concrete system for data sovereignty, in order to ground a debate around emergent problems from both a technical cybersecurity perspective, and from the legal perspective of data protection. The first edition was hosted by University of Luxembourg 13-15 June 2022, and explored problems concerning privacy in distributed knowledge graphs from an interdisciplinary perspective. In this second edition of the workshop, we aim to consolidate progress on the problems identified in the first edition of the workshop and produce a common deliverable. The program will focus on exchanging methodologies, drawing from areas such as cybersecurity and privacy law, that may be brought together to develop privacy solutions for distributed knowledge graphs. Towards this aim the program will be a mix of talks, demos, and tutorials, that aim to present the current state of research, and trajectories. We solicit abstracts prescribing papers (published or in progress), demos, and tutorials in related areas not limited to the following: 1. HCI aspects for information provision and controls 2. Consenting 3. GDPR Compliance 4. Data Governance 5. Cybersecurity compliance (ISO standards) 6. Measures for enhancing security and privacy 7. Cyber-risk assessments and auditing 8. Automating compliance checking and accountability 9. Vulnerability assessment and management 10. Access and usage control policies 11. Emerging privacy legislation and their implications 12. Privacy-preserving data analysis technologies/ privacy enhancing technologies 13. Risk and Impact assessments 14. Data spaces 15. Solutions for Data Sovereignty 16. Relation to emerging regulatory frameworks (DGA, DSA, DMA, ePrivacy, AI Act, Data Act, Health Data Spaces 17. Identity management and authentication This workshop will place an emphasis on discussing a potential policy layer enhancing existing authentication and authorisation mechanisms, where policies, in addition to constraining operations that agents may perform on data, express information on what is the context, norm, rules, principles, guidelines, or regulation for what/when/who/where/how data should be used, accessed, or otherwise processed. A policy layer is where the typical information for determining access (i.e. request notice) and its decision (e.g. consent or permission) are concerned. We expect an output of the workshop to include a report specifying the consensus of participants on the requirements of such a policy layer. Submission format: Submissions may be in any format (text, PDF, etc.), but should clearly describe the topic proposed. Abstracts will be used by the Program Committee to form the program and ensure contributions are within scope of the workshop. Please submit abstracts to the following Google form: https://forms.gle/Bf8puVMiVRdp6gUX9 Early decisions are possible for those needing to make travel arrangements. Timeline for submissions: 1. Abstracts submitted by 8 January. 2. Decisions on allocated funding 15 January. 3. Workshop: Salerno 13-15 February. 4. Follow up event in Nuremberg 30-31 March. ---------------- For interest, please find below the report from the first workshop and sample abstracts for this second edition of the workshop. https://docs.google.com/document/d/11O7glhccDJSCfzeAjUOcE-WBv05kS2v3bOB9PUJCslU/edit?usp=sharing Sample abstracts Title: Making Sense of Solid for Data Governance and GDPR Harshvardhan Pandit, Dublin City University, Ireland Abstract: Solid is a new radical paradigm based on decentralising data from central organisations to individuals, that seeks to empower individuals to have active control of who and how their data is being used. In order to realise this vision, the use-cases and implementations of Solid also require to be consistent with the relevant privacy and data protection regulations such as the GDPR. However, to do so requires prior understanding of all actors, roles, and processes involved in a use-case, which then need to be aligned with GDPR's concepts to identify relevant obligations and only then investigate their compliance. To assist with this process, we apply the existing standardised terminologies and paradigms from ISO/IEC standards to describe the actors and implementations of Solid as `cloud technologies'. We then investigate the applicability of GDPR's requirements to Solid-based implementations, along with an exploration of how existing issues arising from GDPR enforcement also apply to Solid. Finally, we outline the path forward through specific extensions to Solid's specifications that mitigates known issues and enables the realisation of its benefits. See https://osf.io/m29hn/ Title:Assessing the Solid Protocol in Relation to Security & Privacy Obligations Christian Esposito, Olaf Hartig, Ross Horne, Chang Sun Abstract: The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analyzing the relevant legislation, notably GDPR, and international standards, namely ISO/IEC 27001:2011 and 15408, we formulate the primary security and privacy requirements for such a framework. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements. See https://arxiv.org/abs/2210.08270 Title: Compliance checking on first-order knowledge with conflicting and compensatory norms - a comparison among currently available technologies Livio Robaldo, Legal Innovation Lab Wales, Swansea University, UK Abstract: This paper analyses and compares some of the automated reasoners that have been used in recent research for compliance checking. Although the list of the considered reasoners is not exhaustive, we believe that our analysis is representative enough to take stock of the current state of the art in the topic. We are interested here in formalizations at the first-order level. Past literature on normative reasoning mostly focuses on the propositional level. However, the propositional level is of little usefulness for concrete LegalTech applications, in which compliance checking must be enforced on (large) sets of individuals. Furthermore, we are interested here in technologies that are freely available and that can be further investigated and compared by the scientific community. In other words, this paper does not consider technologies only employed in industry and/or whose source code is non-accessible. This paper formalizes a selected use case in the considered reasoners and compares the implementations, also in terms of simulations with respect to shared synthetic datasets. The comparison will highlight that lot of further research still need to be done to integrate the benefits featured by the different reasoners into a single standardized first-order framework, suitable for LegalTech applications. Arianna Rossi, University of Luxembourg, Luxembourg Topic: Personalised transparency & consent, i.e. individual tailoring of information disclosures and privacy preferences Abstract: Not everyone has the same style of apprehending and elaborating data-related information (eg experts vs laypeople), while asking to users to continuously interact with data permission requests is destined to fail. Personalisation may be achieved through manual configuration, profile-based, expert-based, personalised assistance (eg chatbots), data-driven based on past preferences, etc. Guiding questions: - to what extent does Solid enable the personalization of disclosures and the tailoring of data permission requests? - which solution seems the most promising - What requirements should it have? - what benefits and risks? - how to balance the ethical, legal, and societal aspects (ELSA) of personalization (e.g., echo chambers)? Regards, -- --- Harshvardhan J. Pandit, Ph.D Assistant Professor ADAPT Centre, Dublin City University https://harshp.com/ -- --- Harshvardhan J. Pandit, Ph.D Assistant Professor ADAPT Centre, Dublin City University https://harshp.com/
Received on Thursday, 8 December 2022 15:39:48 UTC