Beatriz Esteves

Universidad Politécnica de Madrid | UPM · Departamento de Inteligencia Artificial

Purpose: Following the impact of the GDPR on the regulation of the use of personal data of European citizens, the European Commission is now focused on implementing a common data strategy to promote the (re)use and sharing of data between citizens, companies and governments while maintaining it under the control of the entities that generated it. I...

News about personal data breaches or data abusive practices, such as Cambridge Analytica, has questioned the trustworthiness of certain actors in the control of personal data. Innovations in the field of personal information management systems to address this issue have regained traction in recent years, also coinciding with the emergence of new de...

With the enforcement of the European Union’s General Data Protection Regulation, users of Web services – the ‘data subjects’ –, which are powered by the intensive usage of personal data, have seen their rights be incremented, and the same can be said about the obligations imposed on the ‘data controllers’ responsible for these services. In particul...

Push-notifications, by design, attempt to grab the attention of subscribers and impart new or valuable information in a particular context. These nudges are commonly initiated by marketing teams and subsequent delivery interruptions tend to conflict with subscriber priorities and activities. In this work, we present a definition of urgency applied...

This demo shows an ODRL editor where RDF policies can be defined and enforced to grant access to personal data stored in Solid Pods. Policies are represented using OAC, the ODRL profile for Access Control, which allows the definition of complex, fine-grained permissive and prohibitive policies that are aligned with GDPR requirements regarding the p...

This article surveys existing vocabularies, ontologies and policy languages that can be used to represent informational items referenced in GDPR rights and obligations, such as the ‘notification of a data breach’, the ‘controller’s identity’ or a ‘DPIA’. Rights and obligations in GDPR are analyzed in terms of information flows between different sta...

Push-notifications are a communication tool leveraged by many apps to disseminate information, engage with their user base and provide a means of encouraging users to take particular actions. The nuanced intent behind a push is not always distinguishable to the end-user at moments of delivery. This work explores the text content of notifications pu...

This paper aims to describe a research project focused on the digital representation of information related to the privacy and data protection domain. Currently, privacy policies are used by data controllers as a tool to achieve compliance with data protection regulations such as the EU GDPR, instead of being a privacy instrument at the disposal of...