Consent Through the Lens of Semantics:State of the Art Survey and Best Practices

Tracking #: 2751-3965

Authors: 
Anelia Kurteva
Tek Raj Chhetri
Harshvardhan J. Pandit
Anna Fensel

Responsible editor: 
Guest Editors ST 4 Data and Algorithmic Governance 2020

Submission type: 
Survey Article
Abstract: 
The acceptance of the GDPR legislation in 2018 started a new technological shift towards achieving transparency. GDPR put focus on the concept of informed consent applicable for data processing, which led to an increase of the responsibilities regarding data sharing for both end users and companies. This paper presents a literature survey of existing solutions that use semantic technology for implementing consent. The main focus is on ontologies, how they are used for consent representation and for consent management in combination with other technologies such as blockchain. We also focus on visualisation solutions aimed at improving individuals’ consent comprehension. Finally, based on the overviewed state of the art we propose best practices for consent implementation.
Full PDF Version: 
Tags: 
Reviewed

Decision/Status: 
Accept

Solicited Reviews:
Click to Expand/Collapse
Review #1
Anonymous submitted on 19/Apr/2021
Suggestion:
Accept
Review Comment:

I thank the authors for addressing my comments. This paper is ready for publication.

Review #2
By RV Guha submitted on 21/Apr/2021
Suggestion:
Accept
Review Comment:

This manuscript was submitted as 'Survey Article' and should be reviewed along the following dimensions: (1) Suitability as introductory text, targeted at researchers, PhD students, or practitioners, to get started on the covered topic. (2) How comprehensive and how balanced is the presentation and coverage. (3) Readability and clarity of the presentation. (4) Importance of the covered material to the broader Semantic Web community.

Review #3
By Patricia Serrano-Alvarado submitted on 05/May/2021
Suggestion:
Accept
Review Comment:

The authors made a significant effort to include several tables with summaries and recommendations in the new version of the article.

Among modifications not mentioned in their letter, there is a modification on Figure 1 which now considers the consent management in the life-cycle of consent. I think it is a good choice.

I appreciate all modifications done by authors to take into account all comments/feedback of reviewers.

Review #4
By Allan Third submitted on 04/Jun/2021
Suggestion:
Accept
Review Comment:

Thank you for your revisions to this paper, I think you've addressed my main points of concern with the previous version. In particular, the clarification that you're referring to incentivisation to participate in/understand the consent process, rather than incentivisation to share personal data, is much appreciated. The use of the competency questions to evaluate the ontologies also provides a stronger basis for your claims.

Table 4: I appreciate space might be a concern, but it would be easier to read if the Question column contained text rather than a question number - not necessarily the entire question, but enough to be able to see what each question is without having to keep looking back.

I do still think that the level of detail in describing implementations is unnecessary - to what extent does a reader need to know that a tool uses D3.js, or React, or PostgreSQL? They can find that out from the tool page, and these aren't details that contribute to the comparison with regard to consent handling.

I take your point that blockchains are not the topic of the paper, but in evaluating research which uses blockchain, it's important to note that:
1. Encryption and PKI isn't enough for anonymity - if multiple transactions are signed with the same private key, this can leak information in the public immutable data which could be used to deanonymise. To be concerned about privacy, an attention to non-obvious attacks on behalf of the researchers is a factor to look for in blockchain research.
2. While most widely-used current blockchains are computationally expensive, computational expense is not inherent to blockchain, and therefore isn't an inherent objection to a blockchain solution. (Ethereum has already started the move to computationally-cheap proof-of-stake, for example)

I again enjoyed reading the paper. Thank you for writing it.