Enabling End-to-End User Data Privacy Compliance for GDPR/DMA Using Machine Learning
DOI:
https://doi.org/10.63282/3117-5481/AIJCST-V1I3P102Keywords:
GDPR, DMA, Data Privacy, Machine Learning, Compliance Automation, Explainable AI, Privacy Risk Scoring, Data Governance, Federated Learning, Anomaly DetectionAbstract
The rapid growth of digital platforms and cloud systems has increased personal data collection. Regulations like GDPR and DMA enforce strict data privacy and transparency rules. Organizations face challenges in achieving end-to-end compliance across complex systems. Traditional manual compliance methods are not scalable or adaptable. There is a need for automated and intelligent compliance solutions. The paper proposes an ML-based workflow for privacy regulation compliance. It includes data discovery, classification, consent checking, and anomaly detection. The system identifies sensitive data and monitors access patterns. It uses supervised, unsupervised, and reinforcement learning techniques. Explainable AI ensures transparency, accountability, and auditability. A layered model includes data ingestion, risk scoring, and governance reporting. NLP and deep learning enable automated data labeling. Clustering detects unusual access patterns and potential violations. Federated learning ensures privacy during distributed model training. Results show improved accuracy, faster compliance, and reduced privacy risks.
References
[1] Johnson, M., Jain, R., Brennan-Tonetta, P., Swartz, E., Silver, D., Paolini, J., ... & Hill, C. (2021). Impact of big data and artificial intelligence on industry: developing a workforce roadmap for a data driven economy. Global Journal of Flexible Systems Management, 22(3), 197-217.
[2] Yablonsky, S. (2019). Multidimensional data-driven artificial intelligence innovation. Technology innovation management review, 9(12), 16-28.
[3] Breaux, T. D., Antón, A. I., & Doyle, J. (2008). Semantic parameterization: A process for modeling domain descriptions. ACM Transactions on Software Engineering and Methodology (TOSEM), 18(2), 1-27.
[4] Maxwell, J. C., & Antón, A. I. (2009, August). Developing production rule models to aid in acquiring requirements from legal texts. In 2009 17th IEEE International requirements engineering conference (pp. 101-110). IEEE.
[5] Gasser, U., & Almeida, V. A. (2017). A layered model for AI governance. IEEE Internet Computing, 21(6), 58-62.
[6] Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users' information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information systems research, 15(4), 336-355.
[7] Toubiana, V., Narayanan, A., Boneh, D., Nissenbaum, H., & Barocas, S. (2010, March). Adnostic: Privacy preserving targeted advertising. In Proceedings Network and Distributed System Symposium.
[8] Sun, Y., Liu, J., Wang, J., Cao, Y., & Kato, N. (2020). When machine learning meets privacy in 6G: A survey. IEEE Communications Surveys & Tutorials, 22(4), 2694-2724.
[9] Shokri, R., & Shmatikov, V. (2015, October). Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security (pp. 1310-1321).
[10] Goodfellow, I., Bengio, Y., Courville, A., & Bengio, Y. (2016). Deep learning (Vol. 1, No. 2, pp. 1-800). Cambridge: MIT press.
[11] Ribeiro, M. T., Singh, S., & Guestrin, C. (2016, August). "Why should i trust you?" Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining (pp. 1135-1144).
[12] Lundberg, S. M., & Lee, S. I. (2017). A unified approach to interpreting model predictions. Advances in neural information processing systems, 30.
[13] Doshi-Velez, F., & Kim, B. (2017). Towards a rigorous science of interpretable machine learning. arXiv preprint arXiv:1702.08608.
[14] Voigt, P., & Von dem Bussche, A. (2017). The eu general data protection regulation (gdpr). A practical guide, 1st ed., Cham: Springer International Publishing, 10(3152676), 10-5555.
[15] Butin, D., & Le Métayer, D. (2015, May). A guide to end-to-end privacy accountability. In 2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity (pp. 20-25). IEEE.
[16] Governatori, G. (2009, December). Rule-based versus principle-based regulatory compliance. In Legal Knowledge and Information Systems: JURIX 2009, the Twenty-second Annual Conference (Vol. 205, p. 37). IOS Press.
[17] Vagnoni, G., Eisenbarth, M., Andert, J., Sammito, G., Schaub, J., Reke, M., & Kiausch, M. (2019). Smart rule-based diesel engine control strategies by means of predictive driving information. International Journal of Engine Research, 20(10), 1047-1058.
[18] Hossain, E., Khan, I., Un-Noor, F., Sikander, S. S., & Sunny, M. S. H. (2019). Application of big data and machine learning in smart grid, and associated security concerns: A review. Ieee Access, 7, 13960-13988.
[19] Esayas, S., & Mahler, T. (2015). Modelling compliance risk: a structured approach. Artificial Intelligence and Law, 23(3), 271-300.
[20] Lavanya, P. M., & Sasikala, E. (2021, May). Deep learning techniques on text classification using Natural language processing (NLP) in social healthcare network: A comprehensive survey. In 2021 3rd international conference on signal processing and communication (ICPSC) (pp. 603-609). IEEE.
[21] Salur, M. U., & Aydin, I. (2020). A novel hybrid deep learning model for sentiment classification. IEEE Access, 8, 58080-58093.
[22] Zhang, C., Xie, Y., Bai, H., Yu, B., Li, W., & Gao, Y. (2021). A survey on federated learning. Knowledge-Based Systems, 216, 106775.
