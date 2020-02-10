An example of a simple knowledge diagram. Credit: Karuna Pande Joshi, CC BY-ND

They track personal information such as credit card numbers, shopping preferences and the messages you read while on the go. Large Internet companies make money from such personal information by sharing it with their subsidiaries and third parties. Public concern about online privacy has led to laws that control who receives this data and how it can be used.

The fight goes on. Senate Democrats recently unveiled a law that would punish technology companies who misuse users’ personal information. This law would join a long list of rules and regulations worldwide, including the credit card industry’s privacy standard governing online credit card transactions, the European Union’s General Data Protection Regulation, the California Consumer Protection Act, which came into force in January, and the United States’ Online Child Protection Act ,

Internet companies must abide by these regulations or risk expensive legal proceedings or government sanctions, such as the Federal Trade Commission’s recent Facebook fine of $ 5 billion.

However, it is technically difficult to determine in real time whether there is a breach of privacy. This problem becomes more and more problematic with the increasing amount of internet data. To ensure that their systems are compatible, companies rely on human experts to interpret the law. This is a complex and time-consuming task for companies that constantly start and update services.

My research group at the University of Maryland, Baltimore County, has developed novel technologies for machines to understand data protection laws and to enforce them using artificial intelligence. These technologies can help companies ensure that their services comply with data protection laws and help governments identify in real time those companies that violate consumer data protection rights.

Machines help to understand regulations

Governments create online privacy policies as plain text documents that are easy for people to read, but difficult for machines to interpret. As a result, the rules must be checked manually to ensure that no rules are violated when a citizen’s private data is analyzed or shared. This affects companies that now have to comply with a large number of regulations.

Rules and regulations are often ambiguous because societies want flexibility in their implementation. Subjective concepts like good and bad vary between cultures and over time. Therefore, laws are formulated generally or vaguely in order to create scope for future changes. Machines cannot handle this vagueness – they work in ones and zeros – so they cannot “understand” privacy as people do. Machines need special instructions to understand the knowledge on which a regulation is based.

The researchers’ application automatically extracted deontic rules such as permissions and obligations from two data protection regulations. Areas involved in the rules are highlighted in yellow. Modal words that can be used to determine whether a rule is a permission, a prohibition or an obligation are highlighted in blue. Gray indicates the temporal or temporal aspect of the rule. Credit: Karuna Pande Joshi, CC BY-ND

One way to help machines understand an abstract concept is to create an ontology or diagram that represents knowledge of that concept. Based on the concepts of ontology from philosophy, new computer languages ​​such as OWL were developed in AI. These languages ​​can define concepts and categories in a subject area or domain, display their properties and show the relationships between them. Ontologies are sometimes called “knowledge graphs” because they are stored in graphical structures.

When my colleagues and I tackled the challenge of making machine data protection regulations understandable, we found that the first step was to collect all of the key knowledge in these laws and create knowledge diagrams to store.

Extract expressions and rules

The key knowledge in the regulations consists of three parts.

First, there are “terms of art”: words or phrases that are precisely defined within a law. They help identify the entity described in the regulation and describe their roles and responsibilities in a language that computers can understand. For example, we extracted terms such as “consumers and providers” and “fines and enforcement” from the EU’s General Data Protection Regulation.

Next, we identified deontic rules: sentences or phrases that give us a philosophical modal logic that deals with deductive behavior. Deontic (or moral) rules contain sentences that describe duties or duties and fall into four main categories. “Permissions” define the rights of an entity / actor. “Obligations” define the responsibilities of a company / actor. “Prohibitions” are conditions or actions that are not permitted. “Levies” are optional or not mandatory information.

To explain this using a simple example, consider the following:

You have permission to drive.

However, in order to drive, you must have a driver’s license.

You are forbidden to accelerate (and you will be punished if you do this).

You can park in areas where you have the opportunity to do so (e.g. chargeable parking spaces, parking meters or open areas that are not near a hydrant).

Knowledge graph for GDPR regulations. Credit: Karuna Pande Joshi, CC BY-ND

Some of these rules apply equally to everyone in all conditions. while others may apply in part, only to one facility, or based on terms agreed by all.

Similar rules that describe doing and forbidding apply to personal online data. There are permissions and prohibitions to prevent data breaches. The companies that store the data are obliged to ensure their security. And there are exemptions for vulnerable groups such as minors.

My group developed techniques to automatically extract these rules from the rules and save them in a knowledge diagram.

Third, we also had to figure out how to include the cross-references that are often used in government regulations to refer to a text in another section of the regulation or in a separate document. These are important knowledge elements that should also be saved in the knowledge diagram.

Existing rules that check for conformity

After my colleagues and I have defined all the important entities, properties, relationships, rules and guidelines of a data protection law in a knowledge diagram, they can use these knowledge diagrams to create applications that can think about the data protection rules.

These applications can dramatically shorten the time it takes businesses to determine whether they are compliant with data protection regulations. They can also help regulators monitor data audit trails to determine if the companies they control are compliant.

This technology can also help individuals get a quick overview of their rights and obligations regarding the private data they share with companies. Once machines are able to quickly interpret long and complex privacy policies, users can automate many worldly compliance activities that are performed manually today. You may also be able to make these guidelines more understandable to consumers.

Britain sets strict data protection rules for children

Provided by

The conversation

This article was republished in The Conversation under a Creative Commons license. Read the original article.

Quote:

Compliance with data protection regulations could be ensured by an AI scan of the Internet for data protection violations (2020, February 10)

Retrieved February 11, 2020

from https://techxplore.com/news/2020-02-compliance-ai-scan-internet-privacy.html

This document is subject to copyright. Apart from any fair dealings for the purpose of private study or research, no

Part may be reproduced without written permission. The content is provided for informational purposes only.