Paper published in a book (Scientific congresses, symposiums and conference proceedings)
ML-based Compliance Verification of Data Processing Agreements against GDPR
AMARAL CEJAS, Orlando; ABUALHAIJA, Sallam; BRIAND, Lionel
2023In Proceedings of the 31st IEEE International Requirements Engineering Conference (RE'23), Hannover, Germany, September 4-8, 2023
Peer reviewed
 

Files


Full Text
ML-based Compliance Verification of Data Processing Agreements against GDPR.pdf
Publisher postprint (1.04 MB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Requirements Engineering (RE); Regulatory Compliance; The General Data Protection Regulation (GDPR); Data Processing Agreement (DPA); Machine Learning (ML); Natural Language Processing (NLP)
Abstract :
[en] Most current software systems involve processing personal data, an activity that is regulated in Europe by the general data protection regulation (GDPR) through data processing agreements (DPAs). Developing compliant software requires adhering to DPA-related requirements in GDPR. Verifying the compliance of DPAs entirely manually is however time-consuming and error-prone. In this paper, we propose an automation strategy based on machine learning (ML) for checking GDPR compliance in DPAs. Specifically, we create, based on existing work, a comprehensive conceptual model that describes the information types pertinent to DPA compliance. We then develop an automated approach that detects breaches of compliance by predicting the presence of these information types in DPAs. On an evaluation set of 30 real DPAs, our approach detects 483 out of 582 genuine violations while introducing 93 false violations, achieving thereby a precision of 83.9% and recall of 83.0%. We empirically compare our approach against an existing approach which does not employ ML but relies on manually-defined rules. Our results indicate that the two approaches perform on par. Therefore, to select the right solution in a given context, we discuss differentiating factors like the availability of annotated data and legal experts, and adaptation to regulation changes.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > SVV - Software Verification and Validation
Disciplines :
Computer science
Author, co-author :
AMARAL CEJAS, Orlando  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
ABUALHAIJA, Sallam  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
BRIAND, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
External co-authors :
yes
Language :
English
Title :
ML-based Compliance Verification of Data Processing Agreements against GDPR
Publication date :
08 September 2023
Event name :
31st IEEE International Requirements Engineering Conference
Event place :
Hannover, Germany
Event date :
from 04-09-2023 to 08-09-2023
Audience :
International
Main work title :
Proceedings of the 31st IEEE International Requirements Engineering Conference (RE'23), Hannover, Germany, September 4-8, 2023
Publisher :
IEEE
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR13759068 - Artificial Intelligence-enabled Automation For Gdpr Compliance, 2019 (01/01/2020-31/12/2022) - Lionel Briand
Funders :
FNR - Luxembourg National Research Fund [LU]
Available on ORBilu :
since 24 June 2023

Statistics


Number of views
548 (49 by Unilu)
Number of downloads
468 (11 by Unilu)

Bibliography


Similar publications



Contact ORBilu