Monitoring of Personal Data Compliance in Supply Chains
Reference number | |
Coordinator | Atos IT Solutions and Services AB |
Funding from Vinnova | SEK 455 802 |
Project duration | September 2020 - December 2021 |
Status | Completed |
Venture | AI - Competence, ability and application |
Call | Staff exchange for applied AI research |
Important results from the project
The project have three axes. First, map and assess the contractual and non-contractual instruments companies use to cascade privacy and data processing instructions down the supply chain. Two, identify flaws and conflicts of instruments actors across the supply chain that hinder data protection. Third, design an AI-based or smart contract compliance tool that could help regulators and data processors monitor the data supply chain contracts.
Expected long term effects
- Identification of challenges IT companies face to comply with data protection and privacy regulations. - Development of a conceptual framework to implement a document-centric approach to compliance checking in the data supply chain. - Implementation of a prototype of a compliance tool based on machine learning and smart contract technologies. - Creation of a multilingual training dataset composed of English and French privacy policies to enhance the prototype.
Approach and implementation
- We collaborated with the Contract Specification and Monitoring (CSM) Lab at the University of Ottawa to develop an automated generation of smart contracts. - We designed a document-centric framework to implement and monitor GDPR compliance in the data supply chain. We then developed and tested several methods to verify compliance of privacy policies to the GDPR by leveraging the advantages of both machine learning and rule-based approaches.