References of "Bartolini, Cesare 50000604"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailQualifying and Measuring Transparency: A Medical Data System Case Study
Spagnuelo, Dayana; Bartolini, Cesare UL; Lenzini, Gabriele UL

in Computers and Security (2020)

Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides ... [more ▼]

Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how to interpret transparency, however there are no defined requirements nor ways to verify the quality of the implementation of transparency. We address this problem. We discuss and define applicable metrics for transparency, propose how measurement can be conducted in an operative system, and suggest a practical way in which these metrics can be interpreted in order to increase confidence that transparency is realised in a system. [less ▲]

Detailed reference viewed: 109 (8 UL)
Full Text
Peer Reviewed
See detailThe DAta Protection REgulation COmpliance Model
Bartolini, Cesare UL; Lenzini, Gabriele UL; Robaldo, Livio UL

in IEEE Security and Privacy (2019), 17(6), 37-45

Understanding whether certain technical measures comply with the General Data Protection Regulation’s (GDPR’s) principles is complex legal work. This article describes a model of the GDPR that allows for ... [more ▼]

Understanding whether certain technical measures comply with the General Data Protection Regulation’s (GDPR’s) principles is complex legal work. This article describes a model of the GDPR that allows for semiautomatic processing of legal text and the leveraging of state-of-the-art legal informatics approaches, which are useful for legal reasoning, software design, information retrieval, or compliance checking. [less ▲]

Detailed reference viewed: 240 (19 UL)
Full Text
Peer Reviewed
See detailSistemi Medici e Conformità Legale
Bartolini, Cesare UL; Lenzini, Gabriele UL

in Rivista Italiana di Medicina Legale: Dottrina, Casistica, Ricerca Sperimentale, Giurisprudenza e Legislazione (2019), XLI(1/2019), 225-242

The present document addresses the topic of legal compliance of medical systems, that is, hardware and software devices medically used on people for clinical tests, diagnosis, study, and similar purposes ... [more ▼]

The present document addresses the topic of legal compliance of medical systems, that is, hardware and software devices medically used on people for clinical tests, diagnosis, study, and similar purposes, mainly with respect to EU law. The work briefly overviews the applicable laws and regulations and discusses the relevance on medical systems of concepts that General Data Protection Regulation (GDPR) covers in a wider scope, such as data protection and transparency. The document looks into the practical meaning of legal compliance in a medical system and in the software that defines its behavior. Granted that any lawfulness decision is a prerogative of the judicial authority, the document concludes by suggesting currently-available means, such as official conformity checks, standards, but also conformity guidelines during development, to build a reasonably compliant medical system, or to check for its conformity. [less ▲]

Detailed reference viewed: 172 (9 UL)
Full Text
Peer Reviewed
See detailAn Agile Approach to Validate a Formal Representation of the GDPR
Bartolini, Cesare UL; Lenzini, Gabriele UL; Santos, Cristiana

in JSAI International Symposium on Artificial Intelligence (2019), 11717

Modeling in a knowledge base of logic formulæ the articles of the GDPR enables semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the ... [more ▼]

Modeling in a knowledge base of logic formulæ the articles of the GDPR enables semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the legal meaning of the Regulation’s articles. But legal experts are usually not familiar with logic, and this calls for an interdisciplinary validation methodology that bridges the communication gap between formal modelers and legal evaluators. We devise such a validation methodology and exemplify it over a knowledge base of articles of the GDPR translated <br />AQ2 into Reified I/O (RIO) logic and encoded in LegalRuleML. A pivotal element of the methodology is a human-readable intermediate representation of the logic formulæ that preserves the formulæ’s meaning while rendering it in a readable way to non-experts. After being applied over a use case, we prove that it is possible to retrieve feedback from legal experts about the formal representation of Art. 5.1a and Art. 7.1. What emerges is an agile process to build logic knowledge bases of legal texts, and to support their public trust, which we intend to use for a logic AQ3 model of the GDPR, called DAPRECO knowledge base. [less ▲]

Detailed reference viewed: 400 (42 UL)
Full Text
Peer Reviewed
See detailFormalizing GDPR provisions in reified I/O logic: the DAPRECO knowledge base
Robaldo, Livio UL; Bartolini, Cesare UL; Lenzini, Gabriele UL et al

in Journal of Logic, Language and Information (2019)

Detailed reference viewed: 185 (20 UL)
Full Text
Peer Reviewed
See detailAn Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPR
Bartolini, Cesare UL; Lenzini, Gabriele UL; Santos, Cristiana

Scientific Conference (2018, November 12)

The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal ... [more ▼]

The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal interpretation in the modelling. The formulæ need therefore to be validated by legal experts, but it is unlikely that they are familiar with the formalism used. This calls for an interdisciplinary validation methodology to ensure that the model is legally coherent with the text it aims to represent but that could also close the communication gap between formal modellers and legal evaluators. This paper discusses such a methodology, providing an human-readable representation that preserves the formulæ's meaning but that presents them in a way that is usable by non-experts. We exemplify the methodology on a use case where Articles of the GDPR are translated in the Reified I/O logic encoded in LegalRuleML. [less ▲]

Detailed reference viewed: 196 (8 UL)
Full Text
Peer Reviewed
See detailCloud Providers Viability: How to Address it from an IT and Legal Perspective?
Bartolini, Cesare UL; El Kateb, Donia; Le Traon, Yves UL et al

in Electron Markets (2018), 28(1), 53-75

A major part of the commercial Internet is moving toward the cloud paradigm. This phenomenon has a drastic impact onthe organizational structures of enterprizes and introduces new challenges that must be ... [more ▼]

A major part of the commercial Internet is moving toward the cloud paradigm. This phenomenon has a drastic impact onthe organizational structures of enterprizes and introduces new challenges that must be properly addressed to avoid majorsetbacks. One such challenge is that of cloud provider viability, that is, the reasonable certainty that the Cloud ServiceProvider (CSP) will not go out of business, either by filing for bankruptcy or by simply shutting down operations, thusleaving its customers stranded without an infrastructure and, depending on the type of cloud service used, even withouttheir applications or data. This article attempts to address the issue of cloud provider viability, defining a possible way ofmodeling viability as a non-functional requirement and proposing some approaches that can be used to mitigate the problem,both from a technical and from a legal perspective. By introducing a structured perspective into the topic of cloud viability,describing the risks, factors and possible mitigators, the contribution of this work is twofold: it gives the customer a betterunderstanding to determine when it can rely on the cloud infrastructure on the long term and what precautions it should takein any case, and provides the CSP with means to address some of the viability issues and thus increase its customers’ trust. [less ▲]

Detailed reference viewed: 175 (1 UL)
Full Text
Peer Reviewed
See detailPrOnto: Privacy Ontology for Legal Reasoning
palmirani, monica; Martoni, Michele; Rossi, Arianna UL et al

in International Conference on Electronic Government and the Information Systems Perspective (2018)

Detailed reference viewed: 359 (38 UL)
Full Text
Peer Reviewed
See detailDevelopment of a test track for driverless cars: vehicle design, track configuration, and liability considerations
Szalay, Zsolt; Tettamanti, Tamás; Esztergár-Kiss, Domokos et al

in Periodica Polytechnica Transportation Engineering (2018), 46(1), 29-35

The Research Center for Autonomous Road Vehicles (RECAR) was founded in 2015 upon the initiative of the Faculty of Transportation Engineering and Vehicle Engineering of Budapest University of Technology ... [more ▼]

The Research Center for Autonomous Road Vehicles (RECAR) was founded in 2015 upon the initiative of the Faculty of Transportation Engineering and Vehicle Engineering of Budapest University of Technology and Economics. The research center is supported by industrial partners and other academic partners targeting research and educational purposes. In complement to this project, the construction of a new automotive test track is also under development especially for autonomous road vehicle testing serving as automotive proving ground in Zalaegerszeg, Hungary. Accordingly, an intensive research has been started in RECAR center in the field of autonomous vehicle technology. The paper’s goal is to share the main practical and methodological experiences with the scientific audience as well as the industrial sector. Based on the initial research actions we intend to enlighten the upcoming research challenges of driverless vehicles and automated intelligent transport system. Basically, three main topics are concerned. Firstly, the main issues concerning autonomous vehicle research are summarized. Secondly, the requirements for autonomous test track design are concluded. Thirdly, the legal questions that emerge with the appearance of driverless vehicles are investigated, especially concerning liability. [less ▲]

Detailed reference viewed: 212 (14 UL)
Full Text
Peer Reviewed
See detailLegal Ontology for Modelling GDPR Concepts and Norms
Palmirani, Monica; Bartolini, Cesare UL; Martoni, Michele et al

in JURIX 2018 proceedings (2018)

Detailed reference viewed: 218 (25 UL)
Full Text
Peer Reviewed
See detailProperty and the Cloud
Bartolini, Cesare UL; Santos, Cristiana; Ullrich, Carsten UL

in Computer Law and Security Report (2018)

Data is a modern form of wealth in the digital world, and massive amounts of data circulate in cloud environments. While this enormously facilitates the sharing of information, both for personal and ... [more ▼]

Data is a modern form of wealth in the digital world, and massive amounts of data circulate in cloud environments. While this enormously facilitates the sharing of information, both for personal and professional purposes, it also introduces some critical problems concerning the ownership of the information. Data is an intangible good that is stored in large data warehouses, where the hardware architectures and software programs running the cloud services coexist with the data of many users. This context calls for a twofold protection: on one side, the cloud is made up of hardware and software that constitute the business assets of the service provider (property of the cloud); on the other side, there is a definite need to ensure that users retain control over their data (property in the cloud). The law grants protection to both sides under several perspectives, but the result is a complex mix of interwoven regimes, further complicated by the intrinsically international nature of cloud computing that clashes with the typical diversity of national laws. As the business model based on cloud computing grows, public bodies, and in particular the European Union, are striving to find solutions to properly regulate the future economy, either by introducing new laws, or by finding the best ways to apply existing principles. [less ▲]

Detailed reference viewed: 188 (19 UL)
Full Text
Peer Reviewed
See detailLaw and the software development life cycle
Bartolini, Cesare UL; Lenzini, Gabriele UL

Scientific Conference (2017, November 25)

The increasing demand of reliable software services and the dependability that our daily personal and professional life have on them is bringing significant changes in the domain of software service ... [more ▼]

The increasing demand of reliable software services and the dependability that our daily personal and professional life have on them is bringing significant changes in the domain of software service engineering. One of the most revolutionary is the introduction of regulations, repeating what in the past has concerned the product market. Regulations need to find a balance between the interests of several roles and reduce the inevitable tensions that would otherwise arise among them, as well as to defend the right of the weakest parties (normally the end users). There are multiple interests to balance: the interests of end users, the protection of intellectual property, a fair competition against other enterprises, just to name a few. While some of these requirements concern the structure and organization of the enterprise, some of them are fit to penetrate into the software development life cycle. This would serve multiple purposes: allow the enterprise to design services which already take the legal requirements into account; visually represent the requirements and their interaction with the functionality of the system; develop the software components using tools and methodologies that are able to deal with those requirements; define metrics to measure the degree to which such requirements are met; measure the impact of the requirements on the functionality of the service and on other parameters of the service (such as performance or storage occupation); verify and monitor whether the legal requirements are met; and, last but not least, to have an argument to be used in case of a complaint in a court or at a competent authority. Before being considered in the software service life cycle, legal requirements must undergo a preprocessing phase in which they are translated into some form which is compatible with the tools and methodologies proper of the software engineering, for instance being modelled into a formalism that makes them processable by a machine. There is a significant amount of interdisciplinary topics that need to be combined together to reach an integration between regulation and software life cycle. In particular, at least from three complementary perspectives are needed. One perspective requires the analysis of the provisions of the law, the extraction of the legal requirements classified according to the stakeholders affected, and the translation of those requirements into some formal model that can be processed using appropriate software tools. A second perspective requires a study of the legal requirements from the point of view of requirements engineering techniques, also defining metrics to measure them. The third concerns the models used in the various stages of software engineering (design, modeling, development, validation and testing), which need to be extended to accommodate the legal requirements in their formal representation. Only by putting together these perspectives a comprehensive approach to deal with legal requirements in software engineering is possible. [less ▲]

Detailed reference viewed: 300 (6 UL)
Full Text
Peer Reviewed
See detailModelling Metrics for Transparency in Medical Systems
Pierina Brustolin Spagnuelo, Dayana UL; Bartolini, Cesare UL; Lenzini, Gabriele UL

in Proceedings of TrustBus 2017 (2017, July)

Detailed reference viewed: 253 (20 UL)
Full Text
See detailHuman Rights in the era of Information and Communication Technology
Bartolini, Cesare UL; Lenzini, Gabriele UL

Speeches/Talks (2017)

Detailed reference viewed: 138 (10 UL)
Full Text
Peer Reviewed
See detailCritical features of autonomous road transport from the perspective of technological regulation and law
Bartolini, Cesare UL; Tettamanti, Tamás; István, Varga

in Transportation Research Procedia (2017), 27

Autonomous vehicular technology significantly stresses the issue of safety. Although the use of driverless cars raises considerable expectations of a general improvement in safety, new challenges ... [more ▼]

Autonomous vehicular technology significantly stresses the issue of safety. Although the use of driverless cars raises considerable expectations of a general improvement in safety, new challenges concerning the safety aspects stem from the changing context. On the one and, the paper addresses regulatory issues raised by the impact of technological changes, particularly standardization problems. On the other hand, the issue of liability questions is investigated as it might cause today’s main legal obstacle for the wide spreading of autonomous cars, especially as autonomous cars might jeopardize the existing approaches to vehicular liability. The aim of this paper is to scrutinize the basic problems in both fields. We provide what, at the current state-of-the-art, appear to be reasonable recommendations from the perspective of technological regulation and law, in order to deal with the main problems that might hamper the development of autonomous transport technology. [less ▲]

Detailed reference viewed: 219 (5 UL)
Full Text
Peer Reviewed
See detailTowards legal compliance by correlating Standards and Laws with a semi-automated methodology
Bartolini, Cesare UL; Giurgiu, Andra UL; Lenzini, Gabriele UL et al

in Bosse, Tibor; Bredeweg, Bert (Eds.) Communications in Computer and Information Science (2017)

Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an ... [more ▼]

Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of compliance in favour of the implementing party, provided there is a clear correspondence between the provisions of a specific standard and the regulation's requirements. However, identifying such correspondences is a complex process which is complicated further by the fact that the established correlations may be overridden in time e.g., because newer court decisions change the interpretation of certain legal provisions. To help solve these problems, we present a framework that supports legal experts in recognizing correlations between provisions in a standard and requirements in a given law. The framework relies on state-of-the-art Natural Language Semantics techniques to process the linguistic terms of the two documents, and maintains a knowledge base of the logic representations of the terms, together with their defeasible correlations, both formal and substantive. An application of the framework is shown by comparing a provision of the European General Data Protection Regulation with the ISO/IEC 27018:2014 standard. [less ▲]

Detailed reference viewed: 306 (29 UL)
Full Text
Peer Reviewed
See detailUsing Ontologies to Model Data Protection Requirements in Workflows
Bartolini, Cesare UL; Muthuri, Robert; Cristiana, Santos

in Otake, Mihoko; Kurahashi, Setsuya; Ota, Yuiko (Eds.) et al New Frontiers in Artificial Intelligence (2017)

Data protection, currently under the limelight at the European level, is undergoing a long and complex reform that is finally approaching its completion. Consequently, there is an urgent need to customize ... [more ▼]

Data protection, currently under the limelight at the European level, is undergoing a long and complex reform that is finally approaching its completion. Consequently, there is an urgent need to customize semantic standards towards the prospective legal framework. The aim of this paper is to provide a bottom-up ontology describing the constituents of data protection domain and its relationships. Our contribution envisions a methodology to highlight the (new) duties of data controllers and foster the transition of IT-based systems, services, tools and businesses to comply with the new General Data Protection Regulation. This structure may serve as the foundation for the design of data protection compliant information systems. [less ▲]

Detailed reference viewed: 187 (20 UL)
Full Text
Peer Reviewed
See detailSoftware Testing Techniques Revisited for OWL Ontologies
Bartolini, Cesare UL

in Hammoudi, Slimane; Ferreira Pires, Luís; Selic, Bran (Eds.) et al Model-Driven Engineering and Software Development (2017)

Ontologies are an essential component of semantic knowledge bases and applications, and nowadays they are used in a plethora of domains. Despite the maturity of ontology languages, support tools and ... [more ▼]

Ontologies are an essential component of semantic knowledge bases and applications, and nowadays they are used in a plethora of domains. Despite the maturity of ontology languages, support tools and engineering techniques, the testing and validation of ontologies is a field which still lacks consolidated approaches and tools. This paper attempts at partly bridging that gap, taking a first step towards the extension of some traditional software testing techniques to ontologies expressed in a widely-used format. Mutation testing and coverage testing, revisited in the light of the peculiar features of the ontology language and structure, can can assist in designing better test suites to validate them, and overall help in the engineering and refinement of ontologies and software based on them. [less ▲]

Detailed reference viewed: 125 (5 UL)
Full Text
Peer Reviewed
See detailAn approach to information retrieval and question answering in the legal domain
Adebayo, Kolawole John UL; Di Caro, Luigi; Boella, Guido et al

Scientific Conference (2016, November 15)

We describe in this paper, a report of our participation at COLIEE 2016 Information Retrieval (IR) and Legal Question Answering (LQA) tasks. Our solution for the IR part employs the use of a simple but ... [more ▼]

We describe in this paper, a report of our participation at COLIEE 2016 Information Retrieval (IR) and Legal Question Answering (LQA) tasks. Our solution for the IR part employs the use of a simple but effective Machine Learning (ML) procedure. Our Question Answering solution answers "YES or 'NO' to a question, i.e., 'YES' if the question is entailed by a text and 'NO' otherwise. With recent exploit of Multi-layered Neural Network systems at language modeling tasks, we presented a Deep Learning approach which uses an adaptive variant of the Long-Short Term Memory (LSTM), i.e. the Child Sum Tree LSTM (CST-LSTM) algorithm that we modified to suit our purpose. Additionally, we benchmarked this approach by handcrafting features for two popular ML algorithms, i.e., the Support Vector Machine (SVM) and the Random Forest (RF) algorithms. Even though we used some features that have performed well from similar works, we also introduced some semantic features for performance improvement. We used the results from these two algorithms as the baseline for our CST-LSTM algorithm. All evaluation was done on the COLIEE 2015 training and test sets. The overall result conforms the competitiveness of our approach. [less ▲]

Detailed reference viewed: 358 (12 UL)
Full Text
Peer Reviewed
See detailA Framework to Reason about the Legal Compliance of Security Standards
Bartolini, Cesare UL; Giurgiu, Andra UL; Lenzini, Gabriele UL et al

in Proceedings of the Tenth International Workshop on Juris-informatics (JURISIN) (2016, November)

Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level ... [more ▼]

Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level, industrial standards and best practices define specific objectives that can be certified by means of auditing procedures from qualified bodies. Implementing a standard does not per se guarantee legal compliance, with the rare exception when the standard is also endorsed by the law itself. But standards and laws in the same domain may have overlaps and correlations, so adopting the former may provide an argument to demonstrate that adequate measures were taken to achieve legal compliance. In this paper, we introduce a framework that, using state-of-the-art Natural Language Semantics techniques, helps process legal documents and standards to build a knowledge base to store their logic representations, and the correlations between them. The knowledge base will help legal experts assess what requirements of the law are met by the standard and, consequently, recognize what requirements still need to be implemented to fill the remaining gaps. An application of the framework is exemplified by comparing a provision of the European General Data Protection Regulation against the ISO/IEC 27001:2013 standard. [less ▲]

Detailed reference viewed: 450 (38 UL)