Support in the adoption of the General Data Protection Law through semantic annotations in description of web services

Abstract:

With the General Data Protection Law in effect in Brazil since 2020, many organizations are being compelled to implement data processing practices. This has been addressed by different knowledge areas such as Information Science, Information Management, and Information Technology. These areas aim to understand and incorporate the legal requirements of General Data Protection Law in organization processes and to implement them in information systems. In this context, a challenge faced is the execution of data processing through web services (e.g., collection, storage, and deletion) made available and accessed by various information systems, including those across different organizations. Identifying which services perform personal data processing and, based on that, conducting practices in compliance with the General Data Protection Law is a crucial aspect. In this work, an approach is proposed for semantic enrichment of REST web service descriptions using annotations based on OpenAPI and a domain reference ontology for Data Privacy (OntoPrivacy). This approach aims to provide additional information, through metadata, about the processing operations and the types of sensitive data being handled. Alongside this approach, a software tool (Privacy Finder) was developed to support the automatic location of the annotations in described service APIs. For validation, the proposed solution was applied in the context of the Pix Application Programming Interface of the Central Bank of Brazil. Additionally, the solution was analyzed in light of related works in the literature, as well as technical productions whose computer program fillings were found in the Brazilian National Institute of Industrial Property database. The analysis also revealed a trend in the growth of such productions, particularly since the publication year of the mentioned law.

Keywords:
data privacy; GDPL; ontology; semantic annotation; web services; metadata; information management; information governance