Data-CASE: Grounding Data Regulations for Compliant Data Processing Systems
Document Type
Conference Proceeding
Publication Date
8-18-2023
Abstract
Data regulations, such as GDPR, are increasingly being adopted globally to protect against unsafe data management practices. Such regulations are, often ambiguous (with multiple valid interpretations) when it comes to defining the expected dynamic behavior of data processing systems. This paper argues that it is possible to represent regulations such as GDPR formally as invariants using a (small set of) data processing concepts that capture system behavior. When such concepts are grounded, i.e., they are provided with a single unambiguous interpretation, systems can achieve compliance by demonstrating that the system-actions they implement maintain the invariants (representing the regulations). To illustrate our vision, we propose Data-CASE, a simple yet powerful model that (a) captures key data processing concepts (b) a set of invariants that describe regulations in terms of these concepts. We further illustrate the concept of grounding using "deletion" as an example and highlight several ways in which end-users, companies, and software designers/engineers can use Data-CASE.
Identifier
85190943049 (Scopus)
ISBN
[9783893180912, 9783893180943]
Publication Title
Advances in Database Technology Edbt
External Full Text Location
https://doi.org/10.48786/edbt.2024.10
e-ISSN
23672005
First Page
108
Last Page
115
Issue
1
Volume
27
Grant
1527536
Fund Ref
National Science Foundation
Recommended Citation
Chakraborty, Vishal; Ann-Elvy, Stacy; Mehrotra, Sharad; Nawab, Faisal; Sadoghi, Mohammad; Sharma, Shantanu; Venkatasubramanian, Nalini; and Saeed, Farhan, "Data-CASE: Grounding Data Regulations for Compliant Data Processing Systems" (2023). Faculty Publications. 1516.
https://digitalcommons.njit.edu/fac_pubs/1516
