Haifa, Israel. July 31–August 5, 2022.
Copyright © 2022 International Joint Conferences on Artificial Intelligence Organization
PL is a low-complexity profile of OWL2, expressly designed to encode data usage policies and personal data protection regulations - such as the GDPR - in a machine understandable way. With PL, the compliance of privacy policies with the GDPR and with the data subjects' consent to processing can be checked automatically and in real time. In this paper, we extend PL to support "sticky policies". They are a sort of license that applies to data transfers, and specifies how the recipient can use the data. Sticky policies may be "recursive", i.e. they may apply not only to the first data transfer, but also to all subsequent transfer operations that the (direct or indirect) recipients may execute in the future. Such recursive sticky policies may be encoded with fixpoints or transitive role closure. In this paper we prove that such extensions make compliance checking intractable. Since the scalability of compliance checking is a major requirement in this area, these results justify a specialized, low complexity approach to encoding sticky policies.