Formalizing GDPR Provisions in Reified I/O Logic: The DAPRECO Knowledge Base

Abstract

The DAPRECO knowledge base is the main outcome of the interdisciplinary project bearing the same name (https://www.fnr.lu/projects/data-protection-regulation-compliance). It is a repository of rules written in LegalRuleML, an XML formalism designed to be a standard for representing the semantic and logical content of legal documents. The rules represent the provisions of the General Data Protection Regulation (GDPR), the new Regulation that is significantly affecting the digital market in the European Union and beyond. The DAPRECO knowledge base builds upon the Privacy Ontology (PrOnto) (Palmirani et al in Proceedings of the 7th international conference on electronic government and the information systems perspective: technology-enabled innovation for democracy, government and governance, 2018c), which provides a model for the legal concepts involved in the GDPR, by adding a further layer of constraints in the form of if-then rules, referring either to standard first order logic implications or to deontic statements. If-then rules are formalized in reified Input/Output logic (Robaldo and Sun in J Log Comput 7, 2017) and then codified in LegalRuleML. Reified Input/Output logic is an application of standard Input/Output logic for legal reasoning, in which Input/Output logic is combined with the reification-based approach in Hobbs and Gordon (A formal theory of commonsense psychology, how people think people think. Cambridge University Press, Cambridge, 2017). The DAPRECO knowledge base is then a case study for reified Input/Output logic, and it shows that the formalism indeed appears to be a good candidate to effectively formalize, via uniform and simple (flat) representations, complex linguistic/deontic phenomena that may be found in legal texts. To date, the DAPRECO knowledge base is the biggest knowledge base in LegalRuleML and Input/Output logic freely available online (https://github.com/dapreco/daprecokb/blob/master/gdpr/rioKB_GDPR.xml).