[MOTIVATING SCENARIO] Sharing personal data according to GDPR : represent an exception to a context

[DrLeturc]

Description

According to GDPR, Data can be shared if they are not personal data. Personal Data can be collected by an application if they are justified by a use case. However Medical Data (which are Personal Data) should never be shared, only if the user gives an explicit consent. CNIL is a French institution that must regulate companies w.r.t. GDPR and needs to know quickly companies that do not align with these standards.

In this context, a company MediSportHelper offers to their users a service to coach them to practice a sport or to help them improve in their sport by proposing them a customized training program w.r.t. their medical data. A user accept to give an explicit agreement to collect medical data but not sharing them when he subscribes to the website.

Competency Questions

ID	Question in natural language
q1	How to check if a rule has been respected w.r.t. their associated exceptions ?

Glossary

• Exception: A proposition that excludes some contexts of application of a rule or exceptions..

Recommendations

...

TBox

:hasException rdf:type owl:ObjectProperty ;
                rdfs:comment "Associates exceptions to a context of application of a norm"@en ;
                rdfs:label has exception"@en .

ABox

:gdprNorm a hmas:Norm .

:gdprNorm hmas:hasException _:e1 .

:gdprNorm hmas:permits 
[ a rdf:Bag ;
  rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate :hasBeenSharedTo ; sp:object _:entity ] ) ] ;
  rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate a ; sp:object :ShareableData ] ) ] .
] .

:gdprNorm hmas:hasException _:e1 .

# Assumption that :ShareableData and :MedicalData are distinct classes
_:e1 a rdf:Bag ;
  rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate a ; sp:object :PersonalData ] ) ] ;
  rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate :belongsTo ; sp:object _:agt ] ) ] . 

_:e1 :hasException _:e2.

_:e2 a rdf:Bag ;
  rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate :isJustifiedBy ; sp:object _:justificationX ] ) ] .

_:e2 :hasException _:e3.

_:e3 a rdf:Bag ;
  rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate a ; sp:object :MedicalData ] ) ] .

_:e3 :hasException _:e4.

_:e4 a rdf:Bag ;
  rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:agt ; sp:predicate :givesExplicitConsent ; sp:object _:dataE1 ] ) ] .

Related links

• link toward issues that are associated to the domain
• link toward issues that are associated to this motivating scenario
• link toward related features that are associated to this motivating scenario

[DrLeturc]

Too complex motivating scenario. We need to break things down.

[DrLeturc]

Too complex motivating scenario. We need to break things down.