Enabling Interpretability in Smart Cities with Knowledge Graphs: Towards a Better Modelling of Consent
Written by Anelia Kurteva and Anna Fensel
Data sharing is not a new phenomenon. With the current technological advancements, it is happening everywhere and at any time. Such is the case of data sharing in smart cities where one's data is constantly monitored by hundreds of sensors. But do we know what specific data is actually shared, with whom and for what purposes? The General Data Protection Regulation (GDPR), which came into force in May 2018, aims to help answer these questions by highlighting the importance of informed consent, making it one of its six lawful bases that need to be satisfied when dealing with the data of European citizens. GDPR has led to a major shift in all sectors which depend on data sharing and has put the focus on empowering individuals by requesting higher levels of transparency.
One of the major challenges that many companies encountered during the adjustment period to GDPR was representing and managing consent in compliance with it. According to GDPR, one needs to give informed consent for every type of data that is shared. In addition, one needs to be made aware of the purpose for the specific data sharing, the involved entities and the type of processing that will be performed (Art. 13, 14). In the case of data sharing in a smart city, this can be a complex, repetitive and time-consuming process for all of the involved entities (e.g., data providers, data controllers, data processors and any other third-party). Machines are also affected by these issues. A consent decision (e.g., to grant consent, to withdraw consent) can be made and recorded at any time, but can a machine actually understand what is happening in order to enable processes, such as consent verification and GDPR compliance checking? What are the exact implications of revoking consent?
The Semantic Web can provide a solution to these problems, and it is called knowledge graphs. Knowledge graphs, which Fensel et al.  define as “very large semantic nets that integrate various and heterogeneous information sources to represent knowledge about a certain domain of discourse”, have been around for a while, but their applications and benefits for smart cities, and specifically for managing informed consent are yet to be explored. Due to their ability to transform data into information and information into knowledge by adding context via relationships between entities, knowledge graphs can provide the level of traceability, transparency and interpretability that is needed for the implementation of consent through its entire life-cycle (i.e., consent request, comprehension by machines and humans, consent decision, the use of it and its withdraw).
Research is on the rise and solutions using machine learning and artificial intelligence, namely knowledge graphs, are in development. For example, such work is currently being done in the FFG CampaNeo and the Horizon 2020 smashHit projects partnered by the University of Innsbruck. CampaNeo’s main goal is to set up a platform for secure vehicle sensor data sharing between multiple entities. The platform is to provide sensor data analysis and future predictions generated with machine learning models. The sensor data are collected in real-time from a dedicated fleet of cars of Volkswagen that are equipped specifically for the purpose. The smashHit project, funded under H2020-EU.2.1.1 builds further upon the solution of the CampaNeo and provides customers and businesses with a secure data sharing platform. smashHit addresses consent, its representation and management on a deeper level and has planned to have a dedicated tool for automatic contracting.
Both CampaNeo and smashHit address consent, but how exactly will a solution be developed? In the past decade, semantic technologies, namely ontologies and knowledge graphs, started to gain broad real-life adoption. Due to their ability to represent knowledge in human readable and machine-readable format, interoperability, faster and easier knowledge discovery, big companies such as Google have built knowledge graphs and integrated them in their systems. This is also the case with the CampaNeo and smashHit projects, whose data models are represented as knowledge graphs. In both projects, consent is one of the main priorities and will be represented with a carefully crafted ontology (Fig.1). Several ontologies for consent, such as the CDMM Consent Ontology and GConsent have already been developed and even though they have a detailed representation of consent according to GDPR, some limitations still exist. In most cases, the ontologies represent the notion of consent, but do not provide information about what data is consent required for, for what purposes, i.e., handle data granularity in a restricted way, especially for the sensor data, and are not able to handle consent state changes. With smashHit and CampaNeo we aim to overcome these limitations by reusing several ontologies from different areas (finance, business, legal, technology, engineering, mobility) and build a holistic and extensible solution that focuses on consent, users, data, processing, third-party organizations, providing full transparency of the data sharing process.
Fig. 1 Overview of the smashHitCore ontology for secure and controlled sharing of personal and industrial data
The diversity of partners in the smashHit project allows for the unique opportunity of testing the developed solution in the real-world. Infotripla and Forum Virum Helsinki, two of the main industry partners in smashHit, have provided several use cases based on real-world challenges that they have encountered since the acceptance of GDPR in the smart city domain. In addition, Volkswagen7, Atos, LexisNexis and the X/OPEN Company provide their expertise in the areas of mobility, digital transformations, and insurance.
In conclusion, the expansion of the Internet of Things has allowed connecting everyday devices to a network that could be accessed at any time and has defined data as a new currency. Informed consent is not only expected but also obligatory for GDPR compliance and for individuals’ acceptance of the technology. Institutions should focus on raising the awareness regarding it, its possible implications, legal rights, and how semantic technology can deliver better modelling solutions.
- Fensel D. et al. (2020) Introduction: What Is a Knowledge Graph? In: Knowledge Graphs. Springer, Cham. https://doi.org/10.1007/978-3-030-37439-6_1
This article was edited by Wei Zhang