A SHACL-based Data Consistency Solution for Contract Compliance Verification (Extended Paper)

TL;DR

This paper introduces a SHACL-based approach integrated into an existing KG tool to automatically detect and repair data inconsistencies, enhancing GDPR contract compliance verification.

Contribution

It extends the ACT tool by adding SHACL-based consistency checks and automated repair strategies for GDPR contract compliance verification.

Findings

Successfully integrated SHACL validation into ACT

Automated repair strategies improve data consistency

Enhanced contract compliance verification process

Abstract

In recent years, there have been many developments for GDPR-compliant data access and sharing based on consent. For more complex data sharing scenarios, where consent might not be sufficient, many parties rely on contracts. Before a contract is signed, it must undergo the process of contract negotiation within the contract lifecycle, which consists of negotiating the obligations associated with the contract. Contract compliance verification (CCV) provides a means to verify whether a contract is GDPR-compliant, i.e., adheres to legal obligations and there are no violations. The rise of knowledge graph (KG) adoption, enabling semantic interoperability using well-defined semantics, allows CCV to be applied on KGs. In the scenario of different participants negotiating obligations, there is a need for data consistency to ensure that CCV is done correctly. Recent work introduced the automated contracting tool (ACT), a KG-based and ODRL-employing tool for GDPR CCV, which was developed in the Horizon 2020 project smashHit (https://smashhit.eu). Although the tool reports violations with respect to obligations, it had limitations in verifying and ensuring compliance, as it did not use an interoperable semantic formalism, such as SHACL, and did not support users in resolving data inconsistencies. In this work, we propose a novel approach to overcome these limitations of ACT. We semi-automatically resolve CCV inconsistencies by providing repair strategies, which automatically propose (optimal) solutions to the user to re-establish data consistency and thereby support them in managing GDPR-compliant contract lifecycle data. We have implemented the approach, integrated it into ACT and tested its correctness and performance against basic CCV consistency requirements.