References of "Bartolini, Cesare 50000604"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailQualifying and Measuring Transparency: A Medical Data System Case Study
Spagnuelo, Dayana; Bartolini, Cesare UL; Lenzini, Gabriele UL

in Computers and Security (2020)

Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides ... [more ▼]

Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how to interpret transparency, however there are no defined requirements nor ways to verify the quality of the implementation of transparency. We address this problem. We discuss and define applicable metrics for transparency, propose how measurement can be conducted in an operative system, and suggest a practical way in which these metrics can be interpreted in order to increase confidence that transparency is realised in a system. [less ▲]

Detailed reference viewed: 91 (3 UL)
Full Text
Peer Reviewed
See detailThe DAta Protection REgulation COmpliance Model
Bartolini, Cesare UL; Lenzini, Gabriele UL; Robaldo, Livio UL

in IEEE Security and Privacy (2019), 17(6), 37-45

Understanding whether certain technical measures comply with the General Data Protection Regulation’s (GDPR’s) principles is complex legal work. This article describes a model of the GDPR that allows for ... [more ▼]

Understanding whether certain technical measures comply with the General Data Protection Regulation’s (GDPR’s) principles is complex legal work. This article describes a model of the GDPR that allows for semiautomatic processing of legal text and the leveraging of state-of-the-art legal informatics approaches, which are useful for legal reasoning, software design, information retrieval, or compliance checking. [less ▲]

Detailed reference viewed: 221 (16 UL)
Full Text
Peer Reviewed
See detailAn Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPR
Bartolini, Cesare UL; Lenzini, Gabriele UL; Santos, Cristiana

Scientific Conference (2018, November 12)

The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal ... [more ▼]

The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal interpretation in the modelling. The formulæ need therefore to be validated by legal experts, but it is unlikely that they are familiar with the formalism used. This calls for an interdisciplinary validation methodology to ensure that the model is legally coherent with the text it aims to represent but that could also close the communication gap between formal modellers and legal evaluators. This paper discusses such a methodology, providing an human-readable representation that preserves the formulæ's meaning but that presents them in a way that is usable by non-experts. We exemplify the methodology on a use case where Articles of the GDPR are translated in the Reified I/O logic encoded in LegalRuleML. [less ▲]

Detailed reference viewed: 178 (8 UL)
Full Text
Peer Reviewed
See detailCloud Providers Viability: How to Address it from an IT and Legal Perspective?
Bartolini, Cesare UL; El Kateb, Donia; Le Traon, Yves UL et al

in Electron Markets (2018), 28(1), 53-75

A major part of the commercial Internet is moving toward the cloud paradigm. This phenomenon has a drastic impact onthe organizational structures of enterprizes and introduces new challenges that must be ... [more ▼]

A major part of the commercial Internet is moving toward the cloud paradigm. This phenomenon has a drastic impact onthe organizational structures of enterprizes and introduces new challenges that must be properly addressed to avoid majorsetbacks. One such challenge is that of cloud provider viability, that is, the reasonable certainty that the Cloud ServiceProvider (CSP) will not go out of business, either by filing for bankruptcy or by simply shutting down operations, thusleaving its customers stranded without an infrastructure and, depending on the type of cloud service used, even withouttheir applications or data. This article attempts to address the issue of cloud provider viability, defining a possible way ofmodeling viability as a non-functional requirement and proposing some approaches that can be used to mitigate the problem,both from a technical and from a legal perspective. By introducing a structured perspective into the topic of cloud viability,describing the risks, factors and possible mitigators, the contribution of this work is twofold: it gives the customer a betterunderstanding to determine when it can rely on the cloud infrastructure on the long term and what precautions it should takein any case, and provides the CSP with means to address some of the viability issues and thus increase its customers’ trust. [less ▲]

Detailed reference viewed: 143 (0 UL)
Full Text
Peer Reviewed
See detailAn approach to information retrieval and question answering in the legal domain
Adebayo, Kolawole John UL; Di Caro, Luigi; Boella, Guido et al

Scientific Conference (2016, November 15)

We describe in this paper, a report of our participation at COLIEE 2016 Information Retrieval (IR) and Legal Question Answering (LQA) tasks. Our solution for the IR part employs the use of a simple but ... [more ▼]

We describe in this paper, a report of our participation at COLIEE 2016 Information Retrieval (IR) and Legal Question Answering (LQA) tasks. Our solution for the IR part employs the use of a simple but effective Machine Learning (ML) procedure. Our Question Answering solution answers "YES or 'NO' to a question, i.e., 'YES' if the question is entailed by a text and 'NO' otherwise. With recent exploit of Multi-layered Neural Network systems at language modeling tasks, we presented a Deep Learning approach which uses an adaptive variant of the Long-Short Term Memory (LSTM), i.e. the Child Sum Tree LSTM (CST-LSTM) algorithm that we modified to suit our purpose. Additionally, we benchmarked this approach by handcrafting features for two popular ML algorithms, i.e., the Support Vector Machine (SVM) and the Random Forest (RF) algorithms. Even though we used some features that have performed well from similar works, we also introduced some semantic features for performance improvement. We used the results from these two algorithms as the baseline for our CST-LSTM algorithm. All evaluation was done on the COLIEE 2015 training and test sets. The overall result conforms the competitiveness of our approach. [less ▲]

Detailed reference viewed: 329 (12 UL)
Full Text
Peer Reviewed
See detailA Framework to Reason about the Legal Compliance of Security Standards
Bartolini, Cesare UL; Giurgiu, Andra UL; Lenzini, Gabriele UL et al

in Proceedings of the Tenth International Workshop on Juris-informatics (JURISIN) (2016, November)

Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level ... [more ▼]

Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level, industrial standards and best practices define specific objectives that can be certified by means of auditing procedures from qualified bodies. Implementing a standard does not per se guarantee legal compliance, with the rare exception when the standard is also endorsed by the law itself. But standards and laws in the same domain may have overlaps and correlations, so adopting the former may provide an argument to demonstrate that adequate measures were taken to achieve legal compliance. In this paper, we introduce a framework that, using state-of-the-art Natural Language Semantics techniques, helps process legal documents and standards to build a knowledge base to store their logic representations, and the correlations between them. The knowledge base will help legal experts assess what requirements of the law are met by the standard and, consequently, recognize what requirements still need to be implemented to fill the remaining gaps. An application of the framework is exemplified by comparing a provision of the European General Data Protection Regulation against the ISO/IEC 27001:2013 standard. [less ▲]

Detailed reference viewed: 422 (38 UL)
Full Text
Peer Reviewed
See detailTowards legal compliance by correlating Standards and Laws with a semi-automated methodology
Bartolini, Cesare UL; Lenzini, Gabriele UL; Robaldo, Livio UL

in Proceedings of the 28 Benelux Conference on Artificial Intelligence (BNAIC) (2016, November)

Since legal regulations do not generally provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. If there were a clear correspondence between the ... [more ▼]

Since legal regulations do not generally provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. If there were a clear correspondence between the provisions of a specific standard and the regulation’s requirements, one could implement the standard to claim a presumption of compliance. However, finding those correspondences is a complex process; additionally, correlations may be overridden in time, for instance, because newer court decisions change the interpretation of certain provisions. To help solve this problem, we present a framework that supports legal experts in recognizing correlations between provisions in a standard and requirements in a given law. The framework relies on state-of-the-art Natural Language Semantics techniques to process the linguistic terms of the two documents, and maintains a knowledge base of the logic representations of the terms, together with their defeasible correlations, both formal and substantive. An application of the framework is shown by comparing a provision of the European General Data Protection Regulation against the ISO/IEC 27018:2014 standard. [less ▲]

Detailed reference viewed: 285 (14 UL)
Full Text
Peer Reviewed
See detailCloud Providers Viability: How to Address it from an IT and Legal Perspective?
Bartolini, Cesare UL; El Kateb, Donia UL; Le Traon, Yves UL et al

in Altmann, Jörn; Silaghi, Gheorghe Cosmin; Rana, Omer F. (Eds.) Economics of Grids, Clouds, Systems, and Services (2016)

A major part of the commercial Internet is moving towards a cloud paradigm. This phenomenon has a drastic impact on the organizational structures of enterprises and introduces new challenges that must be ... [more ▼]

A major part of the commercial Internet is moving towards a cloud paradigm. This phenomenon has a drastic impact on the organizational structures of enterprises and introduces new challenges that must be properly addressed to avoid major setbacks. One such challenge is that of cloud provider viability, that is, the reasonable certainty that the Cloud Service Provider (CSP) will not go out of business, either by filing for bankruptcy or by simply shutting down operations, thus leaving its customers stranded without an infrastructure and, depending on the type of cloud service used, even without their applications or data. This article attempts to address the issue of cloud provider viability, proposing some ways of mitigating the problem both from a technical and from a legal perspective. [less ▲]

Detailed reference viewed: 172 (4 UL)
Full Text
Peer Reviewed
See detailCloud Providers Viability: How to Address it from an IT and Legal Perspective?
Bartolini, Cesare UL; El Kateb, Donia UL; Le Traon, Yves UL et al

in Economics of Grids, Clouds, Systems, and Services (2015, September 16)

A major part of the commercial Internet is moving towards a cloud paradigm. This phenomenon has a drastic impact on the organizational structures of enterprises and introduces new challenges that must be ... [more ▼]

A major part of the commercial Internet is moving towards a cloud paradigm. This phenomenon has a drastic impact on the organizational structures of enterprises and introduces new challenges that must be properly addressed to avoid major setbacks. One such challenge is that of cloud provider viability, that is, the reasonable certainty that the Cloud Service Provider (CSP) will not go out of business, either by filing for bankruptcy or by simply shutting down operations, thus leaving its customers stranded without an infrastructure and, depending on the type of cloud service used, even without their applications or data. This article attempts to address the issue of cloud provider viability, proposing some ways of mitigating the problem both from a technical and from a legal perspective. [less ▲]

Detailed reference viewed: 248 (15 UL)