Editorial of the special issue on semantic technologies for data and algorithmic governance

1.Preface

Technology is playing a progressively important key role in enabling effective governance structures, processes, and frameworks. As society increasingly depends on complex systems ranging from simple ‘decision support systems’ to ‘systems of systems’ and ‘semi-autonomous systems’, data and algorithmic governance are paramount. When it comes to data and algorithmic governance tools and techniques, there are still many open questions. For instance, to what extent do these systems safeguard against privacy violations and honour intellectual property rights? Can granular consent be granted, and will its users understand the consequences? How can biases, discrimination, and censorship be identified and acted on? Do transparency and explainability lead to greater accountability? How can trust be woven into the fabric of these systems? Towards this end, this special issue aims to explore the development and evaluation of semantic technologies with respect to the data and algorithmic governance mechanisms, processes, and methodologies that are critically needed to support the development of trust-centric social and business applications.

2.Topics of interest

The special issue solicited high-quality submissions on (but are not restricted to) the following topics:

3.Content

In the following, we provide a high-level overview of the papers comprising this special issue:

Consent Through the Lens of Semantics: State of the Art Survey and Best Practices [4] by Anelia Kurteva, Tek Raj Chhetri, Harshvardhan J. Pandit, and Anna Fensel is a systematic literature review of existing papers, projects, and standardisation efforts that use semantic technology to implement consent based on requirements stipulated in the European Union (EU) General Data Protection Regulation (GDPR).11 The authors propose a consent life-cycle that incorporates five different states: the request for consent, the comprehension by the data subject with respect to what they are consenting to, the decision to give or refuse consent, and the ongoing use of personal data and the consent management. The life cycle is subsequently used to identify best practices for industry, researchers, and policymakers. Based on the analysis performed, the authors conclude that a semantic model for consent is highly beneficial as it allows for a common understanding of consent requirements that both humans and machines can understand, facilitates transparency and risk assessment, and caters to ongoing compliance checking and consent management.

Analysis of Ontologies and Policy Languages to Represent Information Flows in GDPR [3] by Beatriz Esteves and Víctor Rodríguez-Doncel also investigates how semantic technology can be used to satisfy GDPR requirements, however the focus is on the use of ontologies and policy languages. Guided by information flows derived from the rights and obligations stipulated in the GDPR, the authors perform an integrated literature review with the goal of assessing the suitability of existing policy languages and ontologies for modeling GDPR requirements with respect to information flows. The authors conclude that LegalRuleML ,22 the Open Digital Rights Language (ODRL),33 the Data Privacy Vocabulary (DPV),44 and GDPR text extensions (GDPRtEXT)55 have reached a level of maturity that makes them suitable for representing GDPR rights and obligations. These resources were highlighted as together they can be used to represent many of the GDPR information flows, are openly available, and are rooted in standardisation efforts.

Semantic-enabled Architecture for Auditable Privacy-Preserving Data Analysis [2] by Fajar J. Ekaputra, Andreas Ekelhart, Rudolf Mayer, Tomasz Miksa, Tanja Šarčević, Sotirios Tsepelakis, and Laura Waltersdorfer proposes a semantic enables architecture, entitled WellFort, which facilitates secure storage of consent and allows for the execution of privacy-preserving data analytics processes. The effectiveness of the proposed conceptual architecture is demonstrated via a semantic technology-based instantiation and the subsequent evaluation, which was conducted with the help of four separate healthcare use cases. The authors highlight that technological approaches for automated usage compliance checking are already quite mature compared to other features. Future work includes the adaption of the prototype to cater to additional use cases and the development of a multi-purpose audit toolbox to support privacy-preserving data analytics over heterogeneous sources.

Differential Privacy and SPARQL [1] by Carlos Buil Aranda, Jorge Lobo, and Federico Olmedo investigates if differential privacy techniques designed for relational databases and SQL joins can be applied to SPARQL counting queries over Resource Description Framework (RDF) knowledge graphs. The proposed algorithm is realised via a differential privacy query engine that uses approximation in order to answer SPARQL counting and grouping queries. The engine’s potential is demonstrated via various simulations derived from real-world data and queries from Wikidata. Future work involves supporting additional operations (e.g., sums and averages) and analysing the impact differential privacy algorithms have on SPARQL query engines.

Interestingly, all papers were influenced (to a lesser or greater extent) by the GDPR. It is worth noting that the proposed consent mechanisms, ontologies, policy languages, and privacy-preserving technologies could also be used to satisfy some requirements stipulated in the proposed EU Data Governance Act,66 which puts a major focus on consent, and the EU Artificial Intelligence (AI) act,77 which stipulates restrictions with regard to the processing of personal data. Unfortunately, the coverage of the topics of interest for this special issue was limited, suggesting that data and algorithm governance research needs greater attention.