=Paper=
{{Paper
|id=Vol-3114/paper5
|storemode=property
|title=Using the SQuaRE series as a guarantee for GDPR compliance
|pdfUrl=https://ceur-ws.org/Vol-3114/paper-05.pdf
|volume=Vol-3114
|authors=Alessandro Simonetta,Maria Cristina Paoletti,Alessio Venticinque
|dblpUrl=https://dblp.org/rec/conf/apsec/SimonettaPV21
}}
==Using the SQuaRE series as a guarantee for GDPR compliance==
https://ceur-ws.org/Vol-3114/paper-05.pdf
Using the SQuaRE series as a guarantee for GDPR
compliance
Alessandro Simonetta Maria Cristina Paoletti Alessio Venticinque
Department of Enterprise Engineering Rome, Italy Naples, Italy
University of Rome Tor Vergata mariacristina.paoletti@gmail.com ORCID: 0000-0003-3286-3137
Rome, Italy ORCID: 0000-0001-6850-1184
alessandro.simonetta@gmail.com
ORCID: 0000-0003-2002-9815
Abstract—In a context where the availability of information [4], could be frustrated due to poor data quality.
represents the opportunity for companies to gain a competitive An example is the algorithm used in Florida [5] to score
advantage in the market through the use of sophisticated AI the risk of reiteration for people who went in jail that was
algorithms, data quality assumes a strategic role. With this
paper we want to show that the adoption of an international subject to bias due to the wrong composition of the data used
quality measurement standard such as the one present in the to trainee it and the features selected. Indeed, the algorithm
SQuaRE series can on the one hand improve the ethical aspect for calculating the score was trained on a dataset where
of machine learning algorithms and on the other hand meet the the criminals were unbalance towards black people and the
requirements imposed by the European Community regarding weight given to the past record of crimes committed and their
the protection of personal data of citizens in Member States
(GDPR). Indeed, although the attention to the protection of importance was not properly set. Therefore, where this risk
personal data is mainly directed towards the aspects of security assessment tool of dangerousness and re-offense risk was used
and confidentiality, in a holistic view we should also evaluate African Americans scored higher in criticality compared to
the risks arising from the absence of quality in the data. In Caucasian ones based on the skin color also if their records
this context, we consider consistent and of reference for the were less critical.
international community the choice of the Italian legislator made
for the Public Administrations. Since 2013 the Agency for Digital This case study tell us the importance of the training data
Italy (AgID) has suggested the adoption of ISO/IEC 25012 set and their quality and the great impact that can have on
for public administrations in charge of managing databases of business decision or citizen life, especially if we concentrate
national interest. In the article, we propose a methodological our study on the use that could do public administration or
approach that ensures the governance of data quality and private companies about the people data.
some open questions regarding the homogeneity of the selected
measures. Attention to the use of data, its collection and its quality
Index Terms—ISO 25000, ISO 25012, ISO 25024, SQuaRE is a very important issue also in Europe, where for years
series, GDPR, data quality, COVID-19 the legislator has been addressing these issues and investing
resources to align regulations with the problems arising from
I. I NTRODUCTION new technologies and new business models [6]. An important
According to The Economist [1], the data represent the new step taken in Europe is the introduction of the General Data
oil for the modern business, not only related to the IT services, Protection Regulation (GDPR) 2016/679 [7], defined to har-
but also for what concern the business decision and the monize the data privacy laws among the European countries
marketing campaigns. Many companies are investing in data and, in order to remodel the methods and the approaches that
analysis, machine learning based algorithms and in solutions the organizations manage the European citizens’ data.
chosen through data driven approaches. In this scenario they The full compliance to this regulation in the past was ad-
are realizing that the success or their investment are based dressed mainly focused for what concern security issues, but
not only on the amount of data, that however is an important aspect as compliance, integrity and correctness of data are
aspect, but mainly on their quality. This could have an impact now becoming central. In [8] some issues linked to GDPR
on the results of machine learning algorithm that are subject are addressed and in particular the compliance of data man-
to bias on results if the dataset is not properly chosen or have agement and usage for business process. The paper propose
quality problems, i.e. contains unbalanced data. These issues three solutions to reduce data maintenance and information
are more evident if the techniques used are taken to extreme as loss, avoiding degradation through data minimization during
for example in [2] where the use of approximated computing the course of business process. The work covers only part
for low power neural network could be more subject to of the accountability principle in that it is not concerned
errors. Furthermore, the benefit of using methodologies such as with monitoring and measuring the quality of and maintaining
Reinforcement Learning, to contrast the degradation of results the correctness of the data, but addresses the problem of
and to distribute the decision system as reported in [3] and in degradation about information over the time to ensure that
Copyright © 2021 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
�the data once processed is usable for business purposes, in and adequacy of the data used (art. 104 [12]). In addition,
accordance with regulations, even if some of it loses its insurance companies must provide for a regular cycle of
correctness. validation of their internal model that includes assessment of
These aspects are taken into account also in [9] that deals the accuracy, completeness, and adequacy of the data used in
with the problems of GDPR compliance in use of Public the internal model (art. 124 [12]).
Geographic Information System for research and practice. In this scenario, where regulations require to ensure certain
The team apply the pseudonymisation to GIS information to characteristics related to the management and maintenance of
guarantee the privacy of the users that share their data. the data over time, many efforts are directed towards ensuring
In [10] the OpenEHR standard is proposed to address some a high level of security for information management, thanks
requirements of data privacy regulation. It gives a guideline to the application of the ISO/IEC 27000 series [13], but
to guarantee that software for electronic health records are fewer organizations are concerned about managing the risk
interoperable and secure. The health domain is very sensi- associated with their management and quality. A good solution
tive to data quality since the effects of a minimum error could be the application of the ISO 31000 series [14] which
can cause irreparable damage with death or serious injuries. provides principles, a framework and a process for managing
However, the work addresses the requirements of integrity and risk. In section II we describe the state of the art related to the
traceability related to data quality; the proposed versioning SQuaRE approach to data quality assurance and what benefits
assure the indelibility of the clinical record preventing any are recognized from its adoption in several case studies. A
information from being deleted. The creation of a new version focus will be made on the implications of COVID-19 on the
of the electronic clinical record is important against the lost, application of GDPR in the health field. In section III we
destruction or accidental arm of data. This is only a part of the will present the extension of Italian institutions’ approach to
data quality and a section of the requirements that sensitive data quality and we will extend it as a solution to be adopted
information must meet, it does not define KPI or measurement by private organizations, also as an indispensable support to
process. Furthermore, the paper is concentrated on clinical data demonstrate full complaince to GDPR. In section IV we will
only and miss to consider other information as personal data identify the limitations of this work and how we intend to
accuracy that are an important issue. In [11] more details on address them in the future. Finally, in section V we will present
data quality are presented, and a clear picture of the problem concluding remarks.
affecting clinical records is reported. However, the study focus
II. S TATE OF A RT
only on medical information and is not easy to standardize and
applicate to different domains. A. GDPR Data Quality Compliance in COVID-19 Pandemic
According to GDPR, each processing of personal information The pandemic emergency boosted the digitalization and the
must be performed in accordance with the quality principles use of online services. The smart working catching on many
established by art. 5 (adequacy, correctness, update, security, organizations highlighted problems related to data privacy and
protection, integrity) following the requested criteria of ac- data quality, especially for what concern issues that clash with
countability of the data owner. He must guarantee not only the need for infection tracking. New type of communication
the respect of these principles, but also the evidence that he and workflows are been developed and adopted during this
applied all the actions to protect the data (art. 5, par. 2 and time with the objective to be accepted by worker and to
art. 24, par. 1). The regulation assigns specific obligation to transmit them trust in data management and security. A central
the responsible for the processing, different compared to those point in this new situation is the compliance of all the data to
identified for the owner, and in particular the implementation GDPR. Many organizations had problems related to guarantee
of appropriate technical and organizational measures to ensure its requirements and to manage the information in the right
the security of the treatment (art. 32) through the concepts of way.
confidentiality, integrity, availability, resilience and ability to Scientific papers address different aspects of the consequence
restore. of COVID-19 pandemic emergency on data privacy and pro-
The GDPR is not the only regulation in which quality charac- tection in these two years. In [15] a literature review is pre-
teristics (accuracy, completeness, correctness, up-to-date, se- sented about publications that explore the effect of the COVID-
curity, protection, integrity) are reported with a clear meaning 19 outbreak on GDPR compliance. The work identifies some
but difficult to compare in the absence of a common metric de- critiques of the regulation and in particular, it focus on the
scribed by a calculation algorithm. Indeed, even the European ethical use of health data during the pandemic. Furthermore,
Solvency II regulation [12], establishes the need for insurance the infrastructure use and the absence of controls let the
companies to have internal procedures and processes in place possibility of cross border transfer of data outside the Europe.
to ensure the appropriateness, completeness and accuracy of These aspects are treated also in [16], where the authors study
the data used in the calculation of their technical provisions the use of personal information for research activities to defeat
(art. 82 Data quality and application of approximations, in- the COVID-19 and some criticalities linked to specification
cluding case-by-case methods, for technical provisions). When of GDPR. The normative has foreseen procedures to support
granting the basic solvency capital requirement of approval, research in pandemic and the processing of sensitive data,
insurance supervisors must verify the completeness, accuracy, included personal and health, but the derogation of some
�aspect to national laws is an obstacle to a coordinated global that can be used within the measurement framework of the
research. This work enhance also the lack of a framework that serie SQuaRE. The integration of the proposed metrics into
support the proof of compliance of data management to desired the data preparation pipeline for machine learning with the
requirements. A particular case of this problem is studied in analysis of intrinsic properties of dataset could anticipate the
[17]. The paper describes the problems linked to traceability emergence of discriminatory behavior of algorithms that in
application offered by mobile devices, Android and iOS based, particular case may contravene laws or infringe human rights.
to monitor the contacts between people and infections. The Nowadays, the most successful organizations are those who
European legislation is analyzed with respect to sector-specific are able to collect data, select the right set and guarantee the
international rules, as the US Health Insurance Portability and best quality. Their decisions follow a data driven approach
Accountability Act (HIPAA), highlighting the pros and cons and if the basis are wrong, the strategies implemented and the
of its flexibility in responding to critical health situation. services offered will be affected with negative consequences.
These scenarios show that the action to protect data and the Therefore, organizations to be confident with the results of
compliance to regulation is often unfulfilled due to the lack of their processing must trust their data. To achieve this level
a common guidelines and the heterogeneity of normative. of confidence organizations are implementing the regulation
Although, it is reported that data accuracy is a non-core present into the standards and applying process and frame-
aspect of data privacy, individuals have the right to correct work. Many of them are applying data quality evaluation
inaccurate or incomplete personal data that is processed. Using process and data quality management in order to obtain
the SQuaRE series as a data quality measurement standard and certification for their repositories and not only for the software
in order to support GDPR compliance provides for a single ref- that they use to process them. In [23] are reported three case
erence with respect to individual national regulations helping studies of data quality evaluation and certification process
to harmonize the application of legislative specializations in about repositories. An independent entity verifies and certifies
different countries. that the company’s database complies with the requirements
defined in the regulation. The organizations are different each
B. The SQuaRE Approach other for what concern dimension and business domain. The
In this section, in order to support our work, we report an two visions are analyzed to evaluate the impact of the adoption
extensive scientific production that focuses on the application of the ISO/IEC 25012, ISO/IEC 25024 and ISO/IEC 25040
of data quality standards and in particular the SQuaRE series to [24] and their benefit recognized in the three organization
achieve measurable and well-defined goals. Such approaches before and after the process. The case studies consist, for
form the basis of our proposal that aims to achieve full each of them, of two phases. The first evaluate the data
GDPR compliance by achieving the right level of accuracy quality and address the issues found; the second consist in
and satisfying the entire data quality characteristic by applying another evaluation on the improved databases to obtain the
the SQuaRE series. certification. The results show that applying their methodology
Some studies propose a framework for data quality evaluation helps the organization to get a better sustainability in the long
to let organizations to be able to support and maintain data term, improve the knowledge of the business and drive the
quality. In [18] the described framework is based on ISO/IEC organizations in better data quality initiatives for the future.
25012 [19] and ISO/IEC 25024 [20] and consist of a software An element often found in these articles is related to the use
that recognize several patterns that identify common failures of open formats for archiving aspects to promote portability
of organization and help to evaluate the KPI defined for this regardless of the technology used. These are all concepts
patterns obtaining a clear picture of the data quality. Small defined in the SQuaRE series.
organizations could be not prepared in the application of the
standards to their data. The framework presented and the
tools, that are starting to spread, represent a solution, that,
III. T HE S OLUTION P ROPOSED
if widely adopted, can help such companies to guarantee the
compliance to the standards with advantage for services results
and business decisions. Previously, we have shown that there are ambiguous
The problem of data quality and in particular of bias present interpretations about characteristic of data quality linked to
in dataset used for machine learning algorithm is studied in regulations and laws that lead to heterogeneous approaches
[21]. This type of systems go under the name of Automated and uncertainty in the level of adherence to the requirements
Decision Systems (ADM) as described in [22]. These are tools that must be met. These issues are addressed by scientific
in which the decision is taken by an AI algorithm in autonomy. works that, also with the support of some case studies,
The use of algorithms in software involves aspects of daily manage to define methodologies and processes to achieve a
life such as the marketing campaigns to suggest to customers high level of data quality through the application of standards.
on a web platform. The work aim is to verify the balance of In the following we will show our proposal starting from
the dataset before it will be used in prediction algorithm and it what has been done by the Italian Public Administration to
cause discriminatory problems. The paper defines metrics with achieve the levels of data quality it needs.
the dual purpose of identifying bias and providing solutions
�A. Italian Digitization Process
In Italy, the process of modernization and digitization of the
Public Administration began with the Digital Administration
Code (Legislative Decree n.82 of March 7, 2005), which states
that public administration data must be made available and
accessible with information and communication technologies
that allow their use and reuse.
In 2013, AgID (Digital Italy Agency) with the resolution n. 68
defines, for databases of national interest, the compliance with
the quality characteristics defined in the international standard
ISO/IEC 25012 ”Data quality model”. Fig. 1. Data Quality Governance.
The adoption of the standard for databases of national interest
is thus the reference for both the Public Administration and
private companies, also in order to enhance the value of infor- The measurement process can take place through commercial
mation assets and improve the quality of services offered and software or, more simply, by building a set of modular queries,
their efficiency. The adoption of this data quality governance reusable and moldable on different realities depending on the
system responds to their growing need for dissemination and model identified. The evaluation of the results must be carried
transparency of the information processed. At the beginning, out by an expert who assesses the level of quality achieved
the AgID, in order to simplify the adoption of ISO/IEC 25012, at the end of each iteration and the progress of the same,
had identified a minimum set of characteristics (accuracy, at various levels of granularity, over time. The organization
completeness, consistency and currentness) from which to start has to implement, if needed, improvement actions to mitigate
and then extend to the entire set. Moreover, in the following risk and improve services through greater IT efficiency and
years through the Three-Year Plan for Public Administration, enhancement of data as an asset.
an essential tool to promote the digital transformation of the
C. Expected Results
Italian Public Administration, the importance of the use of
ISO/IEC 25012 is reaffirmed. The application of the proposed approach allows the organi-
In particular, in the Plan for the three-year period 2020-2022 zation to measure the quality of their data and to identify issues
[25] AgID promotes the increase of data and metadata quality related to their acquisition and management. The organization
(OB.2.2) of which the increase in the number of open datasets can have the possibility of quality controlled and certified in-
conforming to a subset of quality characteristics derived from formation. The automatization of data management and control
the ISO/IEC standard (R.A.2.2b). eliminates manual queries and cleaning operation. High quality
data support the collaboration and the exchange of information
B. Method between internal and external company structures.
The proposed approach is based on four main phases On the other hand, if organizations do not control data quality,
(Fig. 1): the initial design, the exercise of the measurement they may not only be exposed to bias in sensitive data due to
process, the evaluation of the obtained results, and the last incomplete dataset, but are also subject to different types of
phase about the identification of improvement actions. In the risk [26].
initial design phase we need to choose the reference context The methodology proposed in this paper allows the organiza-
(conceptual, logical and physical level), we define the quality tion to demonstrate that all activities have been put in place
requirements and the quality model of data to adopt. During to control and properly manage the data.
this phase it is evaluated the opportunity to reduce/extend the The application of a standard capable of supporting the achiev-
model (override/overload of characteristics and/or measures) ing the quality objectives common to the public and private
and identify the target entities in the appropriate phase of sectors, allows to trace a collaborative direction between these
the data life-cycle. Fig. 2 shows the relationship between two actors, establishing a virtuous cycle where the application
the data quality characteristics provided in ISO/IEC 25012 of the same principles makes it easier for both the verify and
and the GDPR principles, noting that these relationships have the prove of compliance with certain national or European
been highlighted as examples and depend on the context rules.
of application. Since each quality characteristic is calculated
through the sum of the contribution of several sub-measures, IV. LIMITATION AND FUTURE WORKS
each organization can choose to give more or less importance In this paper, are not considered problems linked to the
to individual contributions by assigning a weight to them. traceability and the validity of the source of information
In addition, if we consider comparing different quality charac- that can play a key role in automate the process of data
teristics, we may find a different granularity of the constituent controls over the time. In a scenario where the organization
contributions to the measures. In this case, the organization has traceability on the source of its data or part of it, and
may choose to adopt new sub-characteristics or select a subset can easily know its validity status, it can automate the
of them in order to make the measurement system balanced. measurement of its quality and take action to meet its targets.
� Fig. 2. Relationship between ISO/IEC 25012 characteristics and GDPR principles
As we presented, the data integrity has great importance The Ethereum Virtual Machine (EVM) provide the services
in those applications where the quality of the services is to publish the smart contracts on the Ethereum blockchain.
linked to the composition of dataset. The correctness and These can be used to store variables within them, which in
the absence of malicious acts is paramount to avoid that our case can be the data or information related to them. If
organizations can offer a wrong results to their customers on the one hand this allows to validate the contents in the
or make wrong business decision. The spread of services blocks through automatic operations, public and shared, there
based on corrupted data could distribute misinformation and is a limitation in the use of the blockchain due to the size of
compromise compliance with the directives. the transactions because of the content that you want to put
In order to get this target we will evaluate in our future in the blocks. In particular, it is difficult to ensure that every
work the use of blockchain technology. Its use is starting to participant agrees to and complies with the relevant rules
be analyzed especially for domain as healthcare and food on personal data protection in public blockchains. Aspects
and beverage as reported in [27]. In this approach, the data such as a data principal, a data fiduciary, or a data processor
are distributed over a network of nodes that approve the on a blockchain network have no clear demarcation.The
correct transaction, with a consensus algorithm, and reject the compliance of these aspects with the GDPR and how the
malicious one. This architecture guarantee the absence of a SQuaRE series can help to solve them will be discussed
single point of failure and of central control that could be a in more detail in future works due to their complexity of
point of attack. The data are stored in chain of blocks, where treatment.
each of this contains the data, a timestamp and the hash of
previous block. If the data inside a block is changed, its hash V. C ONCLUSION
will be different from the hash stored into the chain, so the
blocks will be invalidate. GDPR compliance is well addressed by following compli-
These features are what we need to guarantee the integrity and ance with the ISO/IEC 27000 and ISO/IEC 31000 series, how-
the validation of data and between the different methodologies ever the lack of quality in some features mentioned in art. 5
that implements the blockchain we will consider the use of of the GDPR can lead to errors that impact European citizens.
the Ethereum and his smart contracts functionality. These For example, a health recall campaign for a cancer prevention
smart contracts enforce a contract or an agreement between screening sent to an outdated residential address causes harm
parties through code without the use of an authority. to the citizen who is not reached by the communication. The
use of blockchain technology can help manage this type of
�situation: when the organization that owns the data (i.e., the [12] European Parliament and Council of Europe, “Directive 2009/138/EC of
address book) needs to change information in the blockchain, the European Parliament and of the Council of 25 November 2009 on
the taking-up and pursuit of the business of Insurance and Reinsurance
it must run a consensus algorithm with the other parties, so all (Solvency II),” 2009.
actors are informed of the change. Also, if the data is changed [13] International Organization for Standardization, ”ISO/IEC 27000:2018,
without applying the rules of the blockchain, everyone else “Information Technology, Security Techniques, Information Security
Management Systems,Overview and Vocabulary”, International
knows, automatically, that that data is invalid. The use of Organization for Standardization Std., 2018. [Online]. Available:
such technology in applications of this type is not yet mature, https://www.iso.org/standard/73906.html (accessed Nov, 2021)
and in-depth studies on the choice of appropriate algorithms [14] International Organization for Standardization, ”ISO 31000:2018(en)
Risk management — Guidelines”, International Organization for
to ensure compliance with regulations must be pursued. The Standardization Std., 2018. [Online]. Available: https://www.iso.org/iso-
ISO/IEC 25000 series makes it possible to avoid this type of 31000-risk-management.html (accessed Nov, 2021)
problem by continuously measuring the quality of the data [15] S. McLennan, L. Celi, and A. Buyx, “Covid-19:putting the general data
protection regulation to thetest,” JMIR Public Health and Surveillance,
held by organizations. Moreover, the scientific literature is vol. 6, 04 2020.
full of examples where the absence of quality in the learning [16] R. Becker, A. Thorogood, J. Ordish, and M. J. Beauvais, “Covid-
data of an automated decision making system leads to biased 19 research: Navigating the european general data protection
regulation,” J Med Internet Res, vol. 22, 2020. [Online]. Available:
analyses especially when the sensitive attributes describing http://www.jmir.org/2020/8/e19799/
the individuals in the knowledge base are incomplete. Some [17] L. Bradford, M. Aboy, and K. Liddell, “Covid-19 contact tracing apps:
studies [28] are trying to relate the unbalance of the learning A stress test for privacy, the gdpr, and data protection regimes,” Journal
of law and the biosciences, vol. 7, p. lsaa034, 05 2020.
dataset with respect to the fairness of automated classifications. [18] J. Calabrese, S. Esponda, and P. M. Pesado, “Framework for Data
Thus, the importance of data quality is becoming a strategic Quality Evaluation Based on ISO/IEC 25012 and ISO/IEC 25024,” in
goal for many companies that often find themselves using VIII Conference on Cloud Computing, Big Data & Emerging Topics,
2020. [Online]. Available: http://sedici.unlp.edu.ar/handle/10915/104778
replicas of out-of-date data. [19] International Organization for Standardization, ”ISO/IEC 25012:2008
Software engineering — Software product Quality Requirements
R EFERENCES and Evaluation (SQuaRE) — Data quality model”, International
[1] The Economist, “The world’s most valuable resource is no longer oil, Organization for Standardization Std., 2008. [Online]. Available:
but data,” The Economist, USA, 6th May 2019. https://www.iso.org/standard/35736.html (accessed Nov, 2021)
[2] G. Cardarilli, L. Di Nunzio, R. Fazzolari, D. Giardino, M. Matta, and [20] International Organization for Standardization, ”ISO/IEC 25024:2015
M. S. S. Patetta, M.and Re, “Approximated computing for low power Systems and software engineering — Systems and software Quality
neural networks,” TELKOMNIKA, vol. 7, pp. 1236–1241, 2019. Requirements and Evaluation (SQuaRE) — Measurement of data
[3] M. Matta, G. C. Cardarilli, L. Di Nunzio, R. Fazzolari, D. Giardino, quality”, International Organization for Standardization Std., 2015.
A. Nannarelli, M. Re, and S. Spanò, “A reinforcement learning-based [Online]. Available: https://www.iso.org/standard/35749.html (accessed
qam/psk symbol synchronizer,” IEEE Access, vol. 7, pp. 124 147– Nov, 2021)
124 157, 2019. [21] A. Simonetta, A. Trenta, M. C. Paoletti, and A. Vetrò, “Metrics for
[4] L. Canese, G. C. Cardarilli, L. Di Nunzio, R. Fazzolari, D. Giardino, identifying bias in datasets,” SYSTEM, in press.
M. Re, and S. Spanò, “Multi-agent reinforcement learning: A review of [22] R. Fahy and N. Appelman, Netherlands/Research, 2020,
challenges and applications,” Applied Sciences, vol. 11, no. 11, 2021. pp. 164–175, chapter in: Report Automating Society 2020,
[Online]. Available: https://www.mdpi.com/2076-3417/11/11/4948 Chiusi, F., Fischer, S., Kayser-Bril, N. & Spielkamp,
[5] J. Angwin, J. Larson, S. Mattu, and L. Kirchner, “Machine bias : There’s M. eds., Berlin: AlgorithmWatch, October 2020. [On-
software used across the country to predict future criminals. and it’s line]. Available: https://www.ivir.nl/publicaties/download/Automating-
biased against blacks.” https://www.propublica.org/, 2016. Society-Report-2020.pdf/
[6] Council of Europe, “Recommendation CM/Rec(2020)1 of the Com- [23] F. Gualo, M. Rodriguez, J. Verdugo, I. Caballero, and M. Piattini, “Data
mittee of Ministers to member States on the human rights impacts of quality certification using iso/iec 25012: Industrial experiences,” Journal
algorithmic systems,” 2020. of Systems and Software, vol. 176, p. 110938, 2021. [Online]. Available:
[7] European Parliament and Council of Europe, “Regulation (eu) 2016/679 https://www.sciencedirect.com/science/article/pii/S0164121221000352
of the european parliament and of the council of 27 april 2016 on the [24] International Organization for Standardization, ”ISO/IEC 25040:2011
protection of natural persons with regard to the processing of personal Systems and software engineering — Systems and software Quality
data and on the free movement of such data, and repealing directive Requirements and Evaluation (SQuaRE) — Evaluation process”,
95/46/ec (general data protection regulation),” 2016. International Organization for Standardization Std., 2011. [Online].
[8] R. Zaman and M. Hassani, “On enabling gdpr compliance in business Available: https://www.iso.org/standard/35765.html (accessed Nov,
processes through data-driven solutions,” SN Computer Science, vol. 1, 2021)
no. 4, pp. 1–15, Jun. 2020. [25] Agenzia per l’Italia Digitale, Piano Triennale 2020-2022. Presidenza
[9] K. Hasanzadeh, A. Kajosaari, D. Häggman, and M. Kyttä, “A del Consiglio dei Ministri, 2020.
context sensitive approach to anonymizing public participation [26] A. Simonetta, A. Vetrò, M. C. Paoletti, and M. Torchiano, “Integrating
gis data: From development to the assessment of anonymization SQuaRE data quality model with ISO 31000 risk management to
effects on data quality,” Computers, Environment and Urban measure and mitigate software bias,” IWESQ 2021, in press.
Systems, vol. 83, p. 101513, 2020. [Online]. Available: [27] J. Grecuccio, E. Giusto, F. Fiori, and M. Rebaudengo, “combining
https://www.sciencedirect.com/science/article/pii/S0198971520302465 blockchain and iot: Food-chain traceability and beyond.”
[10] M. Sousa, D. Gonçalves-Ferreira, C. Pereira, G. Bacelar, S. Frade, [28] A. Vetrò, M. Torchiano, and M. Mecati, “A data quality
O. Pestana, and R. Cruz-Correia, “openehr based systems and the general approach to the identification of discrimination risk in automated
data protection regulation (gdpr),” Studies in health technology and decision making systems,” Government Information Quarterly,
informatics, vol. 247, pp. 91–95, 01 2018. vol. 38, no. 4, p. 101619, 2021. [Online]. Available:
[11] V. C. Pezoulas, K. D. Kourou, F. Kalatzis, T. P. Exarchos, https://www.sciencedirect.com/science/article/pii/S0740624X21000551
A. Venetsanopoulou, E. Zampeli, S. Gandolfo, F. Skopouli,
S. De Vita, A. G. Tzioufas, and D. I. Fotiadis, “Medical
data quality assessment: On the development of an automated
framework for medical data curation,” Computers in Biology
and Medicine, vol. 107, pp. 270–283, 2019. [Online]. Available:
https://www.sciencedirect.com/science/article/pii/S0010482519300733
�