COST EU Workshop on Privacy Issues in Distributed Social Knowledge Graphs (PIDSKG)

To systematically explore the legal and technical aspects of privacy in the context of Distributed Social Knowledge Graphs. We aim to extract precise privacy requirements for personal Knowledge Graphs related to norms such as those described in GDPR, ISO 27001, 190086, NIST SP 800-122, and EU ePrivacy Directives. We aim to establish links between such privacy goals and design decisions in protocols for interacting with Knowledge Graphs, such as the Social Linked Data protocol suite Solid. We will also explore to what extent emerging requirements lead to an evolution of security and privacy goals, for instance, when designing a system that balances requirements such as presenting views of logs to the data protection officer or to administrators for evaluating data breaches, against other requirements such as the right to be forgotten.

Please contact Ross Horne at ross.horne@uni.lu if you would like to contribute to this workshop in any of the following ways:

• You may wish to propose a demo of your work on Solid on the afternoon of day 1.
• You may wish to contribute to the discussion on legal aspects of Solid and government outreach on day 2.
• You may wish to contribute to the technical discussion on security & privacy aspects of Solid on day 3.
• You may be a member of the COST DKG network and wish to attend all sessions, and contribute to the discussion towards deliverables.

Keynote speaker: Bart Jacobs, Radboud University Nijmegen, NL

Title: IRMA as precursor EU-wallet-ID

Abstract

This presentation will describe the ideas behind the identity platform IRMA, with the corresponding IRMA app. IRMA is non-profit, open source, internationally available, and is operated by an independent foundation. IRMA has been up-and-running for some three years, with a growing user-base, now close to 100.000. IRMA offers first of all attribute-based authentication. This means that users can show, for instance, that they are over 18 without revealing anything else about themselves. IRMA offers also attribute-based signing: it allows users to digitally sign documents, with several attributes. A verifier of the resulting signed document can cryptographically check that the document was signed by someone with these attributes. In this way a medical doctor can sign, for instance, a recipe with his/her medical credentials, as attributes. IRMA has a privacy-friendly decentralised architecture, in which attributes only exist in digitally signed form on a user's phone. This means that it is well-suited for international (cross-border) usage, since only public keys are needed --- and no complicated internationally connected infrastructure. The presentation contains the essence of how IRMA works and of IRMA's guarantees. It also includes new, regulatory challenges raised by wallet-IDs.

Biography

Bart Jacobs is a professor of computer security, privacy and identity at Radboud University Nijmegen, The Netherlands. His work covers both theoretical computer science and more practical, multidisciplinary work, esp. in computer security and privacy. Jacobs is a member of the Academia Europaea and of the Royal Netherlands Academy of Arts and Sciences (KNAW), and a recipient of an ERC Advanced Grant. He is an active participant in societal debates about security and privacy, in the media and in various advice roles e.g. for government and parliament. He chairs a non-profit spin-off on attribute-based identity management (see <irma.app>) and is co-founder of Nijmegen's interdisciplinary hub on security, privacy and data governance (<ru.nl/ihub>).

For more information, see: http://www.cs.ru.nl/~bart/

Invited speaker: Ruben Verborgh, Ghent University–imec, BE

Ruben will present the Solid API for Distributed Knowledge Graphs.

Ruben Verborgh is Professor of decentralized Web technology at IDLab of Ghent University–imec and Visiting Fellow at the Oxford Martin School within the University of Oxford. He is also a Solid Ecosystem Architect for Inrupt and an advisor to other companies. From this hybrid academic and industrial perspective, his professional goal is to support Solid on its mission to inspire, transform, and reshape our data-driven society. Adapted from: https://ruben.verborgh.org/#site

Day 1, 13 June: Solid as a System, and Personal Identity

Objective: The purpose of this day is to introduce participants to systems built on Solid using the Solid protocol. The keynote speech introduces a key ingredient in trustworthy information systems, not only Solid, that is: the Identity services used to verify that users are who they claim to be. The afternoon session features demos of projects based on Solid, mainly led by PhD students. The end of the day is led by the organisers, and will refine the agenda for days 2&3.

9:30-10:45 Opening session: remote attendance possible. (see below for links).

9:30-9:45: Welcome and objectives from organisers
Chair: Chang Sun, Maastricht University, NL

9:45-10:45: Keynote Bart Jacobs, Radboud University, Nijmegen, NL
Title: IRMA as precursor EU-wallet-ID
Chair: Ross Horne, University of Luxembourg, LU

Coffee: 10:45-11:15

11:15-12:15: Invited talk from Ruben Verborgh, Ghent University–imec, BE
Title: The Solid API for Distributed Knowledge Graphs
Chair: Olaf Hartig, Linköping University, SE

12:15-13:30: Lunch at Dimi Si (Italian at Belval campus).

13:30-15:30: Parallel booths demonstrating Solid systems:

1. Christian Esposito, on blockchain authentication, Salerno, IT
2. Sebastian Schmid & Daniel Schraudner, Nuremberg, DE
3. Christoph Braun, KIT, DE
4. Chang Sun, Maastricht University, NL
5. Hadrien Bailly, Dublin City University, IE
6. Beatriz Estévez, Madrid, ES

Coffee: 15:30-16:00

16:00-17:00: Round table discussion: What are the Privacy Issues with Solid?
Objective: empower participants so they may influence the parallel sessions in Days 2&3.
Chair: Christian Esposito, University of Salerno, IT

18:30: Drinks and Dinner at Cafe Coyote (Tex-Mex at Belval campus) https://coyote.de/filialen/luxembourg/

Day 2, 14 June: Solid in Relation to Privacy Law & Government

Day 2 opening session 9:30-10:45:

9:30-9:45: Presentation on Solid & government from Bart Buelens, VITO, BE

9:45-10:45: Round table focusing on gap between Privacy Law and Solid Privacy

1. Bart Buelens, VITO, Flanders-based research company, BE
2. Cedric Muller, Luxembourg government privacy regulation, CTIE, LU
3. Aurelia Tamò-Larrieux, Maastricht University, NL
4. Sandrine Munoz, Data Protection Officer, University of Luxembourg, LU
5. Rob Brennan, Dublin City University, IE

Chair: Marcos Da Silveira, LIST, LU

10:45-11:15: Coffee

11:15-12:15: Parallel breakout sessions on Policy & Governance
Objective: Three parallel sessions will be organised according to themes relevant to Policy to be determined according to the interests of participants. This represents an opportunity to present freely work in progress and for whiteboard discussions. All participants may prepare slides and demos as they wish. Provisional topics include:

1. Protocols between the Controller, Processor & Data Subject (Laurens Debackere)
2. The rights of the Data Subject: to forget, to modify, to object (Aurelia Tamò-Larrieux)
3. Problems Adopting Solid in Government Organisations (Bart Buelens)
4. Data Protection Vocabularies and Legal KR (Harshvardhan Pandit)

12:15-13:30: Lunch at Jay Nepal (Nepalese & Indian), on Belval campus

13:30-14:45 remote attendance possible (see below for links)

13:30-13:45: Presentation from Harshvardhan Pandit on W3C Data Privacy Vocabularies and Controls CG

13:45-14:45: Round table discussion on privacy required by law.

1. Marc Florea & Michel Dumontier, Maastricht, NL
2. Harshvardhan Pandit. Trinity College Dublin, IE
3. Arianna Rossi & Xengie Doan, University of Luxembourg, LU
4. Laurens Debackere, Digitaal Vlaanderen, BE
5. Jan Lindquist, StandICT, SE

14:45-15:30: reflection, offline: plan for afternoon parallel sessions.
Chair: Kimberly Garcia, St. Gallen, CH

15:30-16:00: Coffee

16:00-17:00: Parallel breakout sessions on privacy policy
Objective: There will be a follow up to the morning parallel sessions, with the possibility of reorganising new topics.

19:00: Dinner at Restaurant Maria Bonita aux Rives de Clausen “The Brazilian Experience”, Luxembourg city (allowing 1:30h for travel + stroll through the city) https://www.restaurantmariabonita.lu/

Day 3, 15 June: Solid Privacy as a Cyber Security Problem

9:30-10:45 Hybrid session with remote participation (see below for links)

9:30-10:00: Opening talk on privacy from Sabrina Kirrane, Vienna University of Economics and Business, AT

10:00-10:45: Round table on Cyber security & privacy for Solid

1. Sabrina Kirrane & Inès Akaichi, Vienna University of Economics and Business, AT
2. Beatriz Estévez, Universidad Politécnica de Madrid, ES
3. Sergiu Bursuc & Xihui Chen, University of Luxembourg, LU
4. Jamal Nasir, on ISO 27001 & Solid, NUI Galway, IE
5. Bart Jacobs, Radboud University, Nijmegen, NL

Chair: Ross Horne, University of Luxembourg, LU

11:15-12:15: Parallel session on privacy-preserving protocols
Objective: These parallel sessions will be an opportunity for more technical discussions on Cyber Security and Solid. Provisionally, these sessions will be organised around the topics, with a named leader:

1. Access control policies for Solid (Beatriz Estevez)
2. Differential privacy & multi-party computation (Xihui Chen)
3. Private attribute-based authentication (Bart Jacobs)

12:15-13:30: lunch at Nonna Nenetta (Italian at Belval campus) https://www.nonna-nenetta.lu/

13:30-14:30: Lightning talks and summaries on privacy and Solid: highlighting most promising outcomes. Prepared by all during breakout sessions.
Chair: Christian Esposito, University of Salerno, IT

14:30-15:30: Coordinated dissemination strategy
Chairs: Michel Dumontier & Chang Sun, Maastricht University, NL

15:30: Coffee

Social activity: The High Furnaces & Exhibitions at Belval

COVID-19: This will be a CovidCheck event, meaning proof of vaccination or a test is required, subject to changes of rules by the Luxembourg government. https://covid19.public.lu/en/sanitary-measures/gatherings.html

Culture: Esch-sur-Alzette is European Capital of Culture 2022: https://esch2022.lu/en/