Data Sovereignty Governance Framework

Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops Pub Date : 2020-06-27 DOI:10.1145/3387940.3392212

Kapil Singi, S. Choudhury, Vikrant S. Kaulgud, R. Bose, Sanjay Podder, Adam P. Burden

{"title":"Data Sovereignty Governance Framework","authors":"Kapil Singi, S. Choudhury, Vikrant S. Kaulgud, R. Bose, Sanjay Podder, Adam P. Burden","doi":"10.1145/3387940.3392212","DOIUrl":null,"url":null,"abstract":"Data has emerged as a central commodity in most modern applications. Unregulated and rampant collection of user and usage data by applications led to concerns on privacy, trust, and ethics. This has resulted in several governments and organizations across geographies to frame laws on data (e.g., the European Union's General Data Protection Regulation (GDPR)) that govern and define boundaries for the storage, processing and transitioning of data; and thereby safeguard the interests of its citizens. Data Sovereignty and Data Localization are two important aspects, which deal with the adherence to the laws and governance structures, that define where and how data is collected and processed. The applicability of different laws depends upon several attributes such as the nature, type, and purpose of data. Non-compliance to laws/regulations can lead to serious repercussions for enterprises, ranging from hefty penalties to loss of brand value. Ensuring that all of their applications are complaint to various laws and regulations is non-trivial. Enterprises have to deal with a plethora of laws (that are constantly evolving) and are often confused even in correctly identifying all the applicable laws for their context leave alone ensuring compliance to regulations. Therefore, in this paper, we propose a knowledge graph based data sovereignty governance framework that assists in classifying data and in identifying the relevant applicable laws.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3387940.3392212","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Data has emerged as a central commodity in most modern applications. Unregulated and rampant collection of user and usage data by applications led to concerns on privacy, trust, and ethics. This has resulted in several governments and organizations across geographies to frame laws on data (e.g., the European Union's General Data Protection Regulation (GDPR)) that govern and define boundaries for the storage, processing and transitioning of data; and thereby safeguard the interests of its citizens. Data Sovereignty and Data Localization are two important aspects, which deal with the adherence to the laws and governance structures, that define where and how data is collected and processed. The applicability of different laws depends upon several attributes such as the nature, type, and purpose of data. Non-compliance to laws/regulations can lead to serious repercussions for enterprises, ranging from hefty penalties to loss of brand value. Ensuring that all of their applications are complaint to various laws and regulations is non-trivial. Enterprises have to deal with a plethora of laws (that are constantly evolving) and are often confused even in correctly identifying all the applicable laws for their context leave alone ensuring compliance to regulations. Therefore, in this paper, we propose a knowledge graph based data sovereignty governance framework that assists in classifying data and in identifying the relevant applicable laws.

查看原文本刊更多论文

数据主权治理框架

在大多数现代应用程序中，数据已成为核心商品。应用程序对用户和使用数据的不规范和猖獗收集导致了对隐私、信任和道德的担忧。这导致多个地区的政府和组织制定了有关数据的法律(例如，欧盟的《通用数据保护条例》(GDPR))，这些法律管理和定义了数据存储、处理和转换的边界;从而维护其公民的利益。数据主权和数据本地化是两个重要方面，它们处理对法律和治理结构的遵守，这些法律和治理结构定义了在何处以及如何收集和处理数据。不同法则的适用性取决于若干属性，如数据的性质、类型和目的。不遵守法律法规可能会给企业带来严重的后果，从巨额罚款到品牌价值的损失。确保它们的所有应用程序都符合各种法律法规是非常重要的。企业必须处理大量的法律(这些法律是不断发展的)，甚至在正确识别其上下文的所有适用法律时也经常感到困惑，更不用说确保遵守法规了。因此，在本文中，我们提出了一个基于知识图谱的数据主权治理框架，该框架有助于对数据进行分类并确定相关的适用法律。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops

自引率

0.00%

发文量