Personal Data Privacy Semantics in Multi-Agent Systems Interactions
0 likes184 views
The document discusses the interaction requirements and design principles for personal data privacy in multi-agent systems, emphasizing decentralized decision-making and compliance with regulations like GDPR. It outlines a conceptual architecture for privacy-aware agent interactions, detailing necessary protocols and semantic representations for data handling. Additionally, it highlights the need for shared understanding among data controllers, subjects, and processors to effectively manage personal data while ensuring autonomy and privacy.
![14
Data privacy agent interactions
Controller Subject
request access
refuse
agree
failure
inform-done
inform-result
[refused]
[agreed and notification necessary]
[agreed]
consent
Controller Subject
Call-for-data
refuse
propose
inform-done
inform-result
reject-proposal
accept-proposal
failure
consent](https://image.slidesharecdn.com/presentationpaams-201009115750/85/Personal-Data-Privacy-Semantics-in-Multi-Agent-Systems-Interactions-14-320.jpg)
![15
Semantic representation of interactions
{
"prov:generatedAtTime": "2020-02-01T04:00:00.000Z",
"@id": "ex:callForActivityData",
"@graph": [
{ "@id": "ex:callForData1",
"ag:permormative": "ag:CallForProposals",
"ag:sender": "ex:controller1",
"ag:protocol": "ag:ContractNet",
"ag:ontology": "http://w3id.org/ns/dpv#",
"ag:content": "ex:consentPatient1"
}
]
}
Data request
through a bid
FIPA protocol
Proposed
consent
JSON-LD representation](https://image.slidesharecdn.com/presentationpaams-201009115750/85/Personal-Data-Privacy-Semantics-in-Multi-Agent-Systems-Interactions-15-320.jpg)
![16
Example: Data collection
ex:dataRequest a dpv:PersonalDataHandling ;
dpv:hasDataSubject ex:patient1 ;
dpv:hasPurpose [a dpv:AcacemicResearch] ;
dpv:hasProcessing [a dpv:Collect];
dpv:hasLegalBasis [a dpv:Consent];
dpv:hasDataController ex:hospital1;
dpv:haRecipient ex:physician3;
dpv:hasPersonalDataCategory [a dpv:PhysicalHealth];
dcterms:title "Personal Data Collection for clinical study ..."
.
patient subject
controller](https://image.slidesharecdn.com/presentationpaams-201009115750/85/Personal-Data-Privacy-Semantics-in-Multi-Agent-Systems-Interactions-16-320.jpg)
![17
Example: Consent
ex:consentPatient1 a dpv:Consent ;
dpv:hasDataSubject ex:patient1 ;
dpv:hasPurpose [a dpv:AcacemicResearch],
[a dpv:CommercialResearch],
[a dpv:CreatePersonalizedRecommendations] ;
dpv:hasProcessing [a dpv:Analyse];
dcterms:title "Consent for Health data analysis in a clinical study ..." ;
dpv:hasDataController ex:hospital1;
dpv:haRecipient ex:physiotherapist1;
dpv:hasPersonalDataCategory [a dpv:PhysicalHealth].
Consent
purposes
Data
recepient](https://image.slidesharecdn.com/presentationpaams-201009115750/85/Personal-Data-Privacy-Semantics-in-Multi-Agent-Systems-Interactions-17-320.jpg)
Personal Data Privacy Semantics in Multi-Agent Systems Interactions
- 1. Personal Data Privacy Semantics in Multi-Agent Systems Interactions Davide Calvaresi • Michael Schumacher • Jean-Paul Calbimonte University of Applied Sciences and Arts Western Switzerland (HES-SO) International Conference on Practical Applications of Agents and Multi-Agent Systems – PAAMS 2020 October 2020 @jpcik
- 2. 2 HES-SO: University of Applied Sciences and Arts Western Switzerland
- 3. 3 Motivation: Personal data protection demographics diagnosis morbidities mobile data self-reported Personal data sensor data Decentralizedhealthcare Who owns the data? Who manages the data? Who grants access to the data? Who can contribute to the data? Who can transfer the data? Who can process the data? Complex compliance restrictions Institutional boundaries Participatory data collection Decentralized decision-makingChallenges
- 4. 4 What this paper is about o personal data privacy interaction requirements o design principles of privacy-aware agent interactions o conceptual architecture o multi-agent protocol specifications o semantic information: purpose – recipient – processing - consent decentralized agent-based data privacy negotiation coordination enforcement semantic representations privacy conditions/handling A B Next →
- 5. 5 Use-case: digital rehabilitation θ request aggregated sensor data data access consent request access request access accept reject motion monitoring sensors knee rehabilitation exercises track exercise and physical activity Patient-centric data control? Personal data reuse? Data sharing negotiation?
- 6. 6 Information needs o timely access all collected data during the interventions? o opt-out of specific processing/monitoring activities? o establish restrictions on types of data to be collected/reused? o trace the actions and data access of healthcare providers? o limit read/write access to specific healthcare providers? o delete or withdraw her data completely or partially? o change consent conditions/restrictions on data handling purposes? o be notified of risks/evidence of privacy breach or undesired activities? Can the subject …
- 7. 7 Requirements R1: Data handling actors R2: Decentralized interactions R3: Semantic data privacy modelling R4: Interaction protocols R5: Legal compliance establish shared understanding of data handling actors: data controllers, subjects, recipients specify possible interactions among data handling actors without a centralized entity governing their decisions. rely on standard semantic models that represent data handling purposes, processes, consent, privacy follow a well-defined interaction pattern, specified as a set of behaviors, allowing negotiation / collaboration comply with the applicable legal framework, e.g., GDPR
- 8. 8 Requirements R6: Verification R7: Tracking R8: Explainability R9: Transparency R10: Granularity verify the compliance to regulations across institutional boundaries keep track of all interactions, reuse, access, processing, and handling events controllers expose explainable and understandable interfaces for all data handling processes. controllers timely communicate any event concerning data privacy, such as risks, breaches, compromises, etc. choose the granularity at which personal data handling is performed
- 9. 9 Design Principles decentralized agents Data autonomy Goal setting Policies Consent conditions Data quality Anonymization Negotiation protocols Collaboration patterns Data tracking petition Data exclusion requests semantic representation knowledge beliefs goals Privacy specifications Privacy ontologies
- 10. 10 Decentralized Agents Controllers Subjects Recipients Processors people, organizations, or authorities that govern and decide about the purpose and processing of personal data persons to which the data is related people or entities to which the personal information is disclosed persons or entities that perform any processing of the personal data on behalf of the controller
- 11. 11 Decentralized Agents Subject Subject Processor Recipient consent consent Controller analytics request
- 12. 12 Shared semantic vocabularies Processing PersonalData Handling PersonalDataCategory hasPersonalDataCategory Purpose LegalBasis DataController Recipient DataSubject TechnicalOrganisationalMeasure hasRecipient establishment of interactions among decentralized agents common model for representing privacy data Data Privacy Vocabulary (DPV): W3C Data Privacy Vocabularies and Control Community Group https://www.w3.org/ns/dpv
- 13. 13 Data privacy agent interactions – Controller requests personal data (with consent) to a specific subject. – Subject provides personal data (with a consent granted). – Controller calls for personal data to a set of individuals represented by their subject agents. – Subject selects only a certain purpose for data handling. – Subject rejects request for data. – Subject grants access to personal data only for a certain purpose. – Subject/Controller customizes permissions and access rights. – Controller tracks personal data reuse and processing. – Subject deletes or withholds own personal data. – Subject/controller verifies personal data use and policy – Subject objects to data reuse or processing. – Subject requests access to own personal data collected (and metadata) – Controller notifies about data breaches or risk. non-comprehensive minimum set of interactions:
- 14. 14 Data privacy agent interactions Controller Subject request access refuse agree failure inform-done inform-result [refused] [agreed and notification necessary] [agreed] consent Controller Subject Call-for-data refuse propose inform-done inform-result reject-proposal accept-proposal failure consent
- 15. 15 Semantic representation of interactions { "prov:generatedAtTime": "2020-02-01T04:00:00.000Z", "@id": "ex:callForActivityData", "@graph": [ { "@id": "ex:callForData1", "ag:permormative": "ag:CallForProposals", "ag:sender": "ex:controller1", "ag:protocol": "ag:ContractNet", "ag:ontology": "http://w3id.org/ns/dpv#", "ag:content": "ex:consentPatient1" } ] } Data request through a bid FIPA protocol Proposed consent JSON-LD representation
- 16. 16 Example: Data collection ex:dataRequest a dpv:PersonalDataHandling ; dpv:hasDataSubject ex:patient1 ; dpv:hasPurpose [a dpv:AcacemicResearch] ; dpv:hasProcessing [a dpv:Collect]; dpv:hasLegalBasis [a dpv:Consent]; dpv:hasDataController ex:hospital1; dpv:haRecipient ex:physician3; dpv:hasPersonalDataCategory [a dpv:PhysicalHealth]; dcterms:title "Personal Data Collection for clinical study ..." . patient subject controller
- 17. 17 Example: Consent ex:consentPatient1 a dpv:Consent ; dpv:hasDataSubject ex:patient1 ; dpv:hasPurpose [a dpv:AcacemicResearch], [a dpv:CommercialResearch], [a dpv:CreatePersonalizedRecommendations] ; dpv:hasProcessing [a dpv:Analyse]; dcterms:title "Consent for Health data analysis in a clinical study ..." ; dpv:hasDataController ex:hospital1; dpv:haRecipient ex:physiotherapist1; dpv:hasPersonalDataCategory [a dpv:PhysicalHealth]. Consent purposes Data recepient
- 18. 18 Example: Processing ex:dataAnalysis a dpv:Analysis ; dpv:hasDataSubject ex:patient1 ; prov:used ex:patientDataset1 ; dcterms:title "Data Analysis activity for patient data ..." ; prov:isAssociatedWith ex:dataScientist1; prov:wasStartedAtTime "2020-01-11T04:00:00.000Z". ex:analyticsResults a prov:Entity ; prov:wasGeneratedBy ex:dataAnalysis; prov:wasDerivedFrom ex:patientDataset1
- 19. 19 Related work
- 20. 20 Conclusions semantic data models A vision for decentralized personal data privacy interactions. tackle current regulations such as the GDPR. autonomy decentralization negotiation interactions multi-agent systems DPV ontology heterogeneity privacy policies consent
- 21. Future work o Domain-specific vocabularies/ontologies that describe detailed data processing conditions, purposes and data handling policies o Development of multi-agent environments that implement the interactions, deployable in mobile and sensing devices. o Study and implementation of agent negotiation protocols for personal data privacy workflows. o Specification and validation of consent and policies for data privacy, checking for compliance with regulations. o The validation and evaluation of the proposed model, real environment
- 22. ¿questions? Jean-Paul Calbimonte University of Applied Sciences and Arts Western Switzerland HES-SO Valais-Wallis @jpcik