Posted: 12/06/16

ADAPT researchers recently won the Best Paper Award at the prestigious 2nd International Workshop on Privacy Engineering that formed part of the 37th IEEE Symposium on Security and Privacy. Kaniz Fatema, Christophe Debruyne, Professor Dave Lewis and Professor Declan O’Sullivan authored the successful paper titled “A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive (EU DPD)”.

The paper proposes a new semi-automated approach to protecting access to personal data. Speaking about the research, the lead author Dr Kaniz Fatema said: “The EU DPD rules are manually encoded into Controlled Natural Language (CNL) rules, then from the CNL rules machine executable rules are converted automatically. These rules are executed by the access control system to protect access to personal data.”

The trustworthiness of a service provider rests largely on the way personal data is handled in a legally compliant way. Protection of personal data laws in data management systems is often difficult to enforce. The authors of this paper argue that the integration of access control rules in these laws into authorisation infrastructures would “make the enforcement of data protection requirements more efficient and effective”. The paper proposes a new semi-automated approach to encoding machine executable rules from the EU Data Protection Directive by the use of Controlled Natural Language.

The paper was presented at the IEEE Symposium Workshop in San Jose, California this May in front of both academics and industry leaders such as Google, Facebook and Uber. Dr Fatema commented that ADAPT “is proud the team’s work was recognised as the Best Paper by privacy experts who are not only computer scientists but also lawyers, policy makers and philosophers”.

The International Workshop on Privacy Engineering is part of a series of Security and Privacy Workshops run in conjunctions with the IEEE Symposium on Security and Privacy. The IEEE Symposium is the premier conference for developments in computer security and electronic privacy. The workshops are designed to explore in further detail specific aspects of security and privacy usually raised at the symposium.

Share this article: