Definition of data sharing agreements the case of Spanish Data Protection Law

Electronic sharing of data among different parties, includ- ing groups of organizations and/or individuals, while protecting their legitimate rights on these data, is a key both for business and societal transactions. However, data sharing clauses are usually specified in legal documents that are far from being amenable of automated processing by the electronic platform that should enforce them. Furthermore, different parties usually pursue different interests. This may lead to conflicts that need to be solved for the agreements to succeed. Addressing this prob- lem, in this paper we i) discuss a proposal for the definition of a machine processable electronic data sharing multilateral contract (e-DSA); ii) re- call a controlled natural language (CNL4DSA) developed for expressing e-DSA clauses, in particular, authorizations and obligations policies on data; iii) instantiate a resolution process that can solve potential con- flicts posed by different stakeholders' clauses, e.g., legal, organizational, and end-users' clauses, according to specific criteria. We illustrate our approach on a realistic e-Health scenario derived from one described by a Spanish medical institution. The main novelty of this paper are the ref- erence to the Spanish Data Protection Law (S)DPL as the basic source of policies regulating data exchange and the idea of a multi-step e-DSA definition phase that incrementally increases the contract granularity. To the best of our knowledge, this is one of the first attempts to investi- gate how a real DPL can be translated into privacy rules electronically manageable by a devoted e-DSA-based infrastructure.