Ontology Framework for Privacy Protection Pertaining to Learning, Education & Training (LET)

Tracking #: 3733-4947

Authors: 
Swarup Raj Dhungana
Chutiporn Anutariya
Frederic Andres
Jake Knoppers
Marut Buranarach

Responsible editor: 
Guest Editors Education 2024

Submission type: 
Full Paper
Abstract: 
In recent years, teaching-learning methods have emerged into a completely new dimension from what used to be a traditional approach. The in-person lectures have been converted into online virtual learning, the traditional record-keeping has been replaced by robust learning management systems which have made the teaching-learning process a lot more efficient and convenient. However, the increased use of digital storage and access to students' personal information raises concerns about data privacy and security for both LET (Learning, Education, and Training) users and providers. The lack of knowledge of the users about their rights and privacy leading to the lack of practice has resulted in illegal processing and piracy of personal information. Thus, this study focuses on modeling the ISO/IEC 29187-1:2013 standard which has been developed to support modeling generic international requirements for identifying and providing privacy protection of personal information throughout any kind of Information and Communication Technology(ICT)-based learning transaction where the individual has the role of an individual learner. This standard consists of the definition of key ISO concepts and rules that are used to govern the learning transaction involving LET users and providers. This article proposes an ontology framework as a knowledge framework for a compliance assessment service. Furthermore, the study elaborates on the initial implementation of the proposed ontology to establish APIs to create a compliance question-answering system related to LET using a faceted search for the stakeholders of LET. Through the ontology modeling of the ISO/IEC 29187-1 standard version 2, this study provides a clear path toward innovation, enabling the creation of complex validation systems with the introduction of several semantic web-based rules and axioms which not only enhance the standardization process but also serve as a platform for future developments and improvements.
Full PDF Version: 
Tags: 
Reviewed

Decision/Status: 
Reject

Solicited Reviews:
Click to Expand/Collapse
Review #1
Anonymous submitted on 28/Sep/2024
Suggestion:
Reject
Review Comment:

This paper presents an ontology to implement an ISO standard related to privacy protection in ICT-based learning systems. The aim is to develop a validation system assessing the compliance of an ICT-based learning system to the ISO standard.
In general, the quality of the writing does not meet the standard: the presentation of the ontology is awkward in many places. The paper lacks at least a clear presentation of the modeling choices and their justification. A validation of the ontology by experts and through competency questions is missing. As a result, at this stage of the project, the results are of little significance.
The provided link for the Long-term Stable Link to Resources is the Github site of one of the author, and I could not find a path to the project resources (ontology and competency questions) associated to the paper.

Detailed comments:

In section 1.4 what is the FSV view should be explained and the last sentence reformulated.
Section 1.5 shows a certain confusion or lack of familiarity with the notion of ontology. An introduction to ontologies should not start with ontology learning from text which is here out of the scope. Then UML is not an approach but a language and the rest of the sentence is very weird with the use of the verb help twice and inadequately. Also the automatic ontology synthesis does not make sense.
In section 1.6, again awkward introduction to the state of the art. The first sentence is out of the scope and the focus should be on ontologies. The paragraph on WordNet is also out of the scope.

In section 2, SPARQL endpoint is not a step/action in a methodology, it is an artifact.
In section 2.1 the competency question should be better presented. In particular the second one should be rephrased, in the 4th one Agent should be explained, in the last one Registration schemas and Authority should be explained.
In section 2.2 there should not be any reference to an ontology as this step is prior to the construction of the ontology. Clause 3 is not understandable, as it is not introduced.
In section 2.3 what are concepts, rules, guidelines, principles and field should be precisely described. The names of the classes should be singular (Guideline, Principle, etc.). The choice of an OWL ontology should be justified; it seems to me that the model should better be a SKOS thesaurus with hierarchies of SKOS concepts inside SKOS collections and or schemes. Also the SWRL rules, what they capture and how they are intended to be used should be discussed. The explanations in table 2 are very unclear. Finally the presentation of the relations is very awkward and mixes useless generalities very badly presented on the distinction between datatype properties, object properties and annotation properties. “the relationship of ISO concepts that belong to a subject field” does not make sense. The first sentence on ontology validation is also far too general and not correct, it should better be deleted. What are subject matter experts? The paragraph on the validation of the ontology is far insufficient. The validation of the ontology should be given a dedicated section reporting the work of the experts and the result and the implementation of the competency questions with SPARQL queries and the result.
Section 2.4. As already mentioned, a SPARQL endpoint is not a task but an artifact. The installation of a SPARQL endpoint is not part of a methodology but a technical task that supports the knowledge engineering process. What is described in the section are useless generalities that should be deleted.

In section 3,
Again the technical details on the API should be discarded. Also the screenshots do not bring anything.
In Table 7, the difference between Axiom and Logical axiom should be explained.
In Table 8, there is a confusion between keywords, terms and concepts that should be fixed.
In section 3.3 there is also a confusion between keyword search and concept search
In section 3.4, again there are awkward explanations. What are “relationships between multiple rules on the standard”? How SWRL rule are intended to be used for compliance checking should be precisely explained. The example with rules 72 and 71 lacks explanations. The description of the possible use of the ontology for Let providers is far too general and hardly understandable. Also, again inadequate vocabulary, e.g. “properties value for these rules”.

Section 4 The conclusion is far too general and does not reflect the current state of the project, the current functionalities offered to end users using the developed ontology.

Other minor comments:

P2 l43: rephrase usage of their personal information prior to its collection.
P3 add space character before (UN)
P4 l3 (a)
P4 l8 delete quotes around ontology
P4 l30 no need to go to the line
P4 l43 delete Similarly
P4 l48 delete I addition to this
P4 l48 add space character before (ICA)
P5 l6 delete or rephrase Utilizing ideas
P5 l12 delete Similarly
P5 l22 add an empty line before the last paragraph and correct the numbers of the sections
P5 l22 presents
P5 l32 IV →V
P6 l22 add space before [15]
P6 l23 delete quotes around modular
P7 l32 delete on expanding the ontology a step further which does not make sense
P10 delete with the help of an API connection
P10 creating APIs that create

Review #2
By Simon Steyskal submitted on 03/Nov/2024
Suggestion:
Major Revision
Review Comment:

# Review

**Summary:**
The present article presents an ontology framework for modeling the ISO/IEC 29187-1 standard to address privacy protection in Learning Ecosystems and Technologies (LET). The proposed framework is used to develop a compliance question-answering system that can assist stakeholders in understanding and adhering to privacy regulations.

**Overall Review:**
The ontology framework and the compliance question-answering system have the potential to significantly enhance privacy protection in online learning environments. However, the article could benefit from a more detailed comparison with existing methods and frameworks to highlight its unique contributions and advantages. As of now, the actual framework the article is about, is only briefly discussed in section 3, while the rest is either mostly filler text or explaining the ontology concepts already published in [28].
Additionally, more empirical evidence or case studies would strengthen the article and demonstrate the effectiveness and impact of the proposed system in real-world scenarios. Currently, one has to take the author's word for it being an actual improvement/help. Improvements in grammar, clarity, and detail would enhance the readability and comprehensibility of the paper (see detailed comments below).
understanding.

Also, the provided link to resources is non-functional, as it only links to the github profile of one of the autors.

## Detailed Comments

### 1. Introduction

---

- >`[p.2, 3-4]`: ... unheard-of *issues* related to safety, health, and education
- challenges
- >`[p.2, 5-6]`: According to the statistics shared by UNESCO
- missing reference
- >`[p.2, 7-8]`: Numerous students *are still required* to learn online in this unique circumstance
- still? what year is this?
- >`[p.2, 9-10]`: The need for personal data and privacy protection has never been greater than it is *now*
- ... because?
- >`[p.2, 9-10]`: which is why students, instructors, and parents *are growing more concerned* about safeguarding personal information and privacy in online learning
- are they though? are they actually aware of the risks?
- >`[p.2, 12-13]`: Personal information and privacy *are the peace of a person’s natural private existence*,
- what? what does that mean?
- >`[p.2, 14-15]`: *The development of technology* currently makes use of such granular data to optimize systems through prediction and analysis
- what technology?
- >`[p.2, 16-17]`: However, *when employing this data for teaching/learning platforms*, the consequences and difficulties associated with storing vast quantities of sensitive data *are greater*
- are greater than?
- only when employing this data for teaching/learning platforms?
- >`[p.2, 16-17]`: which is why data privacy and digital transformation have emerged as *two of the world’s most pressing issues* [8].
- because of the consequences and difficulties associated with storing vast quantities of sensitive data _when employing this data for teaching/learning platforms_?

### 1.1. Policies around the World for LET

---

- >`[p.2, 23-24]`: As an illustration, the *Family Educational Rights and Privacy Act (FERPA)*
- missing reference

### 1.2. Importance of Privacy Protection

---

- >`[p.2, 38-39]`: *websites will be required to use clear and plain language*
- for what? in general? or only for explaining if and how personal information will be used?
- >`[p.2, 46-47]`: – Right to access: Learners should always have the right to access their data stored by the learning provider in digital format.
- what if the personal data was not collected in digital format in the first place?
- where are all those rights coming from? GDPR? add references to the respective articles
- >`[p.2, 50-51]`: – Right to object: Learners have [...] the right to object to the use of their information *which is different from those consented to*.
- only to those uses that are different from those consented to? can't you object to also those uses that you consented to?

- >`[p.3, 12-13]`: Such assistance is now scarce on the market
- according to whom? why? what market?
- >`[p.3, 14-15]`: *Therefore*, an automated system built on top of an ontology framework can assist general users...
- therefore? why?

### 1.3. ISO Standard & Compliance

---

- >`[p.3, 16-34]`: What's the relevance of this entire subsection? Is it needed at all?

### 1.4. ISO/IEC LET Privacy Protection standard

---

- >`[p.4, 8-9]`: Functional Support Services *(*(FSV) view
- extra parenthesis

### 1.5. Ontology Overview

---

- >`[p.4, 16-20]`: the entire paragraph is a bit wishy-washy and could be more concise
- >`[p.4, 17-18]`: is ontology [17]
- are ontologies
- >`[p.4, 26-27]`: a particularly *attractive* study subject [3]
- rephrase
- >`[p.4, 27-28]`: According to W3C (World Wide Web Consortium), ontologies define the terms used to describe and represent an area of knowledge
- missing reference

- >`[p.4, 51]`: when legal facts were triggered. [29]
- move the reference to the end before the period

### 1.7. Existing Ontology Models

---

- >`[p.5, 11-12]`: Additionally, it includes 26 sub-classes and *21 class attributes*
- what are class attributes? you mean (datatype/object) properties?
- >`[p.5, 13-14]`: Similarly, the UT (Uniform Terminology for European Private Law) initiative
- missing reference
- >`[p.5, 22-26]`: Section ??
- section references are broken

### 2. Research Methodology

### 2.1. Domain & Scope Analysis

---

- >`[p.6, 5-6]`: ontology creation based on ISO/IEC 29187-1 standard *V2*
- so standard version 2 but ontology version 1?
- >`[p.6, 10]`: – Upon a learning transaction,
- the concept of a "learning transaction" wasn't introduced before
- >`[p.6, 14]`: – Which rule *speaks for*
- what does that mean?

### 2.2. Concept Ingestion

---

- >`[p.6, general]`: clause 3.0 but also clause 3
- use consisting naming schemes

- the entire section is very hard to read and follow, especially without any references to the respective tables and figures

- >`[p.6, 32-33]`: the reference which is stored in the *Source* feature.
- ??

### 2.3. Ontology Construction

---

- >`[p.6, 47-48]`: As per the ISO/IEC 29187-1 standard version 2, the principles can be classified into a total of 7 main classes and 21 sub-classes under *the main 7 classes of principle* whereas among these 21 sub-classes, a
- what? what are classes of principle?

- >`[p.7, 38-39]`: SWRL Rules
- What about SHACL Rules? I reckon they could serve as a good alternative to SWRL rules
- replace all $->$ with $\rightarrow$

- >`[p.7, 42-43]`: Guideline(?g) ∧ belongsToRule(?g, ?r)− >
- the dash from the arrow is actually modelled as superscript

- >`[p.8, 44-45]`: The domain and ranges of all the object properties are provided in Table 3
- the arrow direction of "belongsToRule" is wrong in the diagram and should point from Guideline to Rule
- a lot of the object properties in Table 3 aren't included in Fig 3 and vice versa (belongsToSubjectfield, ruleProperties,..)
- use rdfs:subClassOf arrows to indicate the subclass relationships in Fig 3 instead of the reverse bold arrows

- >`[p.9, 30-31]`: Table 6Annotation Properties and descriptions.
- can be removed

- >`[p.9, 37-43]`: The proposed ontology was presented and acclaimed by the ISO/IEC JTC 1/SC 36 Working Group 3 committee ... The developed compliance system is able to accurately answer all defined competency questions.
- reference? we have to take your word for it?

### 2.4. SPARQL Endpoint

### 3. Results and Discussion

### 3.1. Ontology Framework

- >`[p.10, 19-20]`: As shown in Table 7,
- according to table 7 there are 9 datatype properties, 5 annotation properties, and 15 object properties, but tables 4-6 only list 8 datatype properties, 3 annotation properties, and 10 object properties

### 3.2. API Connection

---

- >`[p.11, 19-20]`: get_concept($term )Takes a term as a keyword and provides all the details on the concept.
- only snake case function, why not camel case?
- what term? how can one get the "concept" for a term?
- >`[p.11, 23-24]`: those rule that involves individual learner.
- rules that involve
- >`[p.11, 25-26]`: and returns only those rule that involves
- rules that involve
- >`[p.11, 25-26]`: getAllRulesDetail()Returns all the rules and detailed information *about the rule*.
- about them
- >`[p.11, 28-29]`: Although the API for this study is hosted on a local machine, this can be easily hosted on any server as required.
- link to repository?

### 3.3. Compliance Q/A System

---

- >`[p.11, 38-39]`: by using any terms
- ? what terms?

### 3.4. Discussion & Limitations

---

- >`[p.12, 48-49]`: unlike other modeling approaches.
- such as? missing ref
- >`[p.12, 50-51]`: as described in Clause 3.0
- missing ref

- >`[p.14, 5-6]`: must be aware of which is not easily understood using the standard document.
- standards document
- but it is easily understood using the ontology?
- >`[p.14, 6-7]`: Rule 086, Rule 087, and Rule 089),
- inconsistent numbering, see page 13, line 45: rule 71 and rule 71 (no leading 0)
- >`[p.14, 10-11]`: Therefore, *some of the properties value for these rules are not set *
- ?? what does that mean?

Review #3
Anonymous submitted on 15/Dec/2024
Suggestion:
Reject
Review Comment:

This paper presents an ontology representing the ISO/IEC 29187 model and an application making use of it.

First of all, it is difficult to validate the work carried out building the ontologies without access to the full list of ontological requirements as well as the ontology code. Therefore, the first comment for authors is to make all resources related with the ontology available, if not openly, at least for reviewers.

Regarding the ontology described, it is not clear whether it is a new ontology or what is the difference with reference 28 [the file is available only for registered users.]

The related work lacks some references such as ORDL vocabulary (https://www.w3.org/TR/odrl-model/) or DPV family (https://w3c.github.io/dpv/2.0/dpv/). A detailed comparison of existing ontologies and why they are not reused is not provided. Probably a consequence of using an ad-hoc methodology rather than existing ones based on reused as the Neon Methodology [1] or LOT [2]. Authors should follow best practices and reuse existing ontologies.

The ontology evaluation is based on Hemit reasoner, expert revies, and competency question evaluation. The reasoner-based evaluation gives positive results, however, it is not clear whether the evaluation was done only over the ontology or also instantiated data, as some logical consistency problems could be hidden if no data making them visible is added. For the other two evaluations, more details and data should be provided, who were the experts, knowledge about ontologies and the standard, grade of involvement with the ontology developers, overlap with authors' teams, etc.

Is the SPARQL endpoint available somewhere? It is claimed that "A SPARQL endpoint is a way to interact with linked data on the web and to obtain the results in a structured format," but no URL for the endpoint is provided. In the next section, it is mentioned that the fuseki server is hosted locally, shouldn’t it be avaiale online to be part of the web of data?

In section 3.1 it is not clear if that refers to the ontology schema or the data. In addition, how is the data used for the system presented? How is that graph exploited by the application?

It is not clear whether SWRL rules are created or could be created in the future.

In section 3.4 the sentence "For instance, any system built using the proposed ontology helps the LET Providers to interact and understand the concepts and the rules associated with any actions that they wish to pursue." should be proven and in conclusions section "The use of ontology in compliance management not only helps SMEs understand their obligations but also enables them to take a proactive approach to compliance, reducing the risk of potential violations or penalties."

[1] de Figueroa, MC Suárez, et al. NeOn methodology for building ontology networks: Specification, scheduling and reuse. Diss. Universidad Politécnica de Madrid, 2010.

[2] Poveda-Villalón, María, et al. "LOT: An industrial oriented ontology engineering framework." Engineering Applications of Artificial Intelligence 111 (2022): 104755.