Kişisel Verilerin Korunması Kanunu için Onam Ontolojisi Geliştirimi

Yıl 2019, Cilt: 21 Sayı: 62, 559 - 575, 21.05.2019

Özgü Can , Emre Olca

https://doi.org/10.21205/deufmd.2019216220

Cited By: 2

Öz

Devletler
vatandaşlarının temel hak ve özgürlüklerini korumak için kanun yapma gibi
kontrol mekanizmalarını kullanırlar. Temel hak ve özgürlüklerden olan kişisel
verilerin korunması için ülkemizde 6698 sayılı Kişisel Verilerin Korunması
Kanunu (KVKK) 2016 yılında kabul edilmiştir. Kişisel mahremiyetin sağlanmasına
yönelik bu kanuna göre, kişisel verinin kullanımı kişinin onamına bağlıdır. Bu
çalışmanın hedefi, kişisel onam kontrolünü gerçekleştirmek için bir onam
ontolojisi geliştirilmesidir. Bu amaçla, 6698 sayılı kanun incelenerek TF-IDF
metin madenciliği metoduna göre onam yönetimi sürecinde olabilecek terimler
çıkartılmaktadır. Çıkartılan bu terimlerden ontoloji sınıfları ve ilişkileri belirlenmekte,
geliştirilen onam ontolojisi sunulmaktadır. 

Anahtar Kelimeler

Mahremiyet, KVKK, Onam Yönetimi, Anlamsal Web, Ontoloji

Development of A Consent Ontology for the Law on The Protection of Personal Data

Öz

Governments
use control mechanisms such as enactment of laws in order to protect the
fundamental rights and freedoms of its citizens. The Law on the Protection of
Personal Data (KVKK) No. 6698 was adopted on 24 March 2016 in Turkey in order
to protect personal data that is one of the fundamental rights and freedoms.
According to this law that is intended for the protection of personal privacy,
the use of personal data depends on the consent of the individual. The aim of
this study is to develop a consent ontology in order to perform the personal
consent management. For this purpose, KVKK is examined and terms that may be
encountered during the consent management process are extracted by using TF-IDF
text mining method. Ontology classes and relationships are determined from
these extracted terms, and the developed consent ontology is presented.

Anahtar Kelimeler

Privacy, KVKK, Consent Management, Semantic Web, Ontology

Kaynakça

• [1] Kişisel Verilerin Korunması Kanunu No 6698. 2016. Türkiye. http://www.mevzuat.gov.tr/MevzuatMetin/1.5.6698.pdf (Erişim Tarihi: 08.12.2018).
• [2] The EU General Data Protection Regulation (GDPR). 2016. EU. https://gdpr-info.eu (Erişim Tarihi: 08.12.2018).
• [3] Directive 95/46/EC of the European Parliament and of the Council. 1995. EU. https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML (Erişim Tarihi: 08.12.2018).
• [4] Ortiz-Rodriguez, F., Villazón-Terrazas, B. 2006. EGO Ontology Model: law and regulation approach for E-Government, WS Proceedings of the 3rd European Semantic Web Conference (ESWC 2006), 11-14 Haziran, Budva, Montenegro,.
• [5] Hendler, J., Berners-Lee, T., Miller, E. 2002. Integrating Applications on the Semantic Web, Journal of the Institute of Electrical Engineers of Japan, 122(10):676-680. DOI: 10.1541/ieejjournal.122.676
• [6] W3C Semantic Web Activity. 2013. https://www.w3.org/2001/sw/ (Erişim Tarihi: 08.12.2018).
• [7] Neches, R. et al. 1991. Enabling Technology for Knowledge Sharing, AI Magazine, Volume 12, Issue 3, pp. 36-56. ISSN: 0738-4602
• [8] Gruber, R. T. 1993. A Translation Approach to Portable Ontology Specifications, Knowl. Acquis., Vol. 5(2): 199–220. DOI: 10.1006/ knac.1993.1008
• [9] Studer, R., Benjamins, V. R., Fensel, D. 1998. Knowledge engineering: Principles and methods, Data & Knowledge Engineering, 25(1–2):161–197. DOI: 10.1016/S0169-023X(97)00056-6
• [10] Sheppard, N. P., Safavi-Naini, R., Jafari, M. 2009. A Digital Rights Management Model for Healthcare. IEEE International Symposium on Policies for Distributed Systems and Networks, 20-22 Temmuz, London, UK, 106-109.
• [11] Wu, H. C., Luk, R. W. P., Wong, K. F., Kwok, K. L. 2008. Interpreting TF-IDF term weights as making relevance decisions, ACM Transactions on Information Systems (TOIS), 26(3), Article No. 13.
• [12] Kütükçü, A. 2017. Kişisel Verilerin Korunmasına İlişkin Mevzuat İncelemesi. http://dergi.bmo.org. tr/inceleme/kisisel-verilerin-korunmasina-iliskin-mevzuat-incelemesi (Erişim Tarihi: 08.12.2018).
• [13] Henkoğlu, T. 2017. Veri Koruma Kanununun Getirdikleri, Journal of Current Researches on Social Sciences, 7(2):241-250. DOI: 10.26579/jocress-7.2.18
• [14] Ünver, H. A., Kim, G. 2016. Türkiye’de Veri Gizliliği ve Gözetimi: Kişisel Verilerin Korunması Kanunu Tasarısının Değerlendirmesi. Ekonomi ve Dış Politika Araştırma Merkezi (EDAM), EDAM Siber Politika Kağıtları Serisi 2. http://edam.org. tr/wp-content/uploads/2016/02/ EDAMTurkeyDataPrivacy_TR_format.pdf (Erişim Tarihi: 08.12.2018).
• [15] Yildiz, S. 2017. Protection of Personal Data in Turkish Law. 22nd International Scientific Conference on Economic and Social Development – Legal Changes of Modern World, 29-30 Haziran, Split, Croatia, 196-202.
• [16] Öztürk, B., Altınok Çalışkan, E., 2018. Kişisel Verilerin Korunması Kanunu Hakkında Genel Değerlendirmeler ve Anayasaya Aykırılık Sorunu, Fasikül Hukuk Dergisi, 10(100): 277-336. ISSN: 1309-4327
• [17] Kartal, M. T. 2018. Kişisel Verilerin Korunması: Türk Bankacılık Sektörü Üzerine Kavramsal Bir Değerlendirme, Uluslararası Ekonomi ve Yenilik Dergisi, 4 (1):1–18. DOI: 10.20979/ueyd.347548
• [18] Çekin, M. 2016. 6698 Sayılı Kişisel Verilerin Korunması Hakkında Kanun’un Big Data (Büyük Veri) Ve İrade Serbestisi Açısından Değerlendirilmesi (An Analyze Of The New Turkish Code On The Protectıon Of Personal Data Nr. 6698 Regardıng Big Data and Freedom Of Will), Journal of Istanbul University Law Faculty, 74(2):629–644. ISSN: 1303-4375
• [19] Khan, A., Nadi, S. 2010. Consentir : An Electronic Patient Consent Management System. 4th Annual Symposium of Health Technology, University of Waterloo, 8 Ekim, Waterloo, Ontario.
• [20] Ko, Y.-Y., Liou, D.-M. 2010. The Study of Managing the Personal Consent in the Electronic Healthcare Environment, International Journal of Medical, Health, Biomedical, Bioengineering and Pharmaceutical Engineering, 4(5):176-179. DOI: doi.org/ 10.5281/zenodo.1061834
• [21] Introduction to HL7 Standards. 2018. http://www.hl7.org/implement/standards/ (Erişim Tarihi: 08.12.2018).
• [22] IHE BPPC: Basic Patient Privacy Consents. 2017. https://wiki.ihe.net/index.php/Basic_Patient_Privacy_Consents (Erişim Tarihi: 08.12.2018).
• [23] Heinze, O., Birkle, M., Köster, L., Bergh, B. 2011. Architecture of a consent management suite and integration into IHE-based regional health information networks, BMC Medical Informatics and Decision Making, 11:58. DOI: 10.1186/1472-6947-11-58
• [24] Wang, Q., Jin, H. 2012. An Analytical Solution for Consent Management in Patient Privacy Preservation. Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, 28-30 Ocak, Miami, Florida, ABD, 573–582.
• [25] Asghar, M. R., Lee, T., Baig, M. M., Ullah, E., Russello, G., Dobbie, G. 2017. A Review of Privacy and Consent Management in Healthcare: A Focus on Emerging Data Sources. The 13th IEEE International Conference on eScience - Safe Data Workshop (eScience 2017), 24-27 Ekim, Auckland, New Zealand.
• [26] Van Engers, T. M., Kordelaar, P. J. M., Den Hartog, J., Glassée, E. 2000. POWER: Programme for an ontology based working environment for modeling and use of regulations and legislation. 11th International Workshop on Database and Expert Systems Applications, 4-8 Eylül, London, UK.
• [27] Bagby, J. W., Mullen, T. 2005. Legal ontology of contract formation: Application to eCommerce. https://pdfs.semanticscholar.org/f05c/deab50f9f762028d5479a563b2466141c1c9.pdf?_ga=2.197583590.896665147.1544287991-790758232.1503404268(Erişim Tarihi: 08.12.2018).
• [28] W3C. 2012. Web Ontology Language (OWL). https://www.w3. org/OWL(Erişim Tarihi: 08.12.2018).
• [29] Gandon, F. L., Sadeh, N. M. 2003. OWL inference engine using XSLT and JESS. http://mcom.cs.cmu.edu/ OWL/OWLEngine.html.(Erişim Tarihi: 08.12.2018).
• [30] van Engers, T., Hupkes, E., Winkels, R., Boer, A. 2008. An ontology for spatial regulations. ss 86-104. Casanovas, P., Sartor, G., Casellas, N., Rubino, R., ed Computable Models of the Law, Lecture Notes in Computer Science, Vol 4884. Springer, Berlin, Heidelberg, 339s.
• [31] CEN MetaLex-Open XML Interchange Format for Legal and Legislative Resources. 2010. http://www.metalex.eu.(Erişim Tarihi: 08.12.2018).
• [32] Casellas, N. 2012. Linked Legal Data: A SKOS Vocabulary for the Code of Federal Regulations, Semantic Web Journal (SWJ), IOS Press Journal. http://www. semantic-web-journal.net/sites/ default/files/swj311.pdf(Erişim Tarihi: 08.12.2018).
• [33] W3C. 1994. SKOS Simple Knowledge Organization System. 1994. http://www.w3.org/2004/02/skos.(Erişim Tarihi: 08.12.2018).
• [34] Loading Law & Regulations. 2016. http://finregont.com/loading-law-regulations/ (Erişim Tarihi: 08.12.2018).
• [35] Fernández-López, M., Gómez-Pérez, Juristo, N. 1997. METHONTOLOGY: From Ontological Art Towards Ontological Engineering, AAAI-97 Spring Symposium Series, 24-26 Mart, Stanford University, California, ABD.
• [36] Türkiye Cumhuriyeti Anayasası. 1982. https://www.tbmm.gov.tr/ anayasa/anayasa_2018.pdf. (Erişim Tarihi: 08.12.2018).
• [37] Türk Ceza Kanunu. 2004. http://www.mevzuat.gov.tr/MevzuatMetin/1.5.5237.pdf(Erişim Tarihi: 08.12.2018).
• [38] Türk Medeni Kanunu. 2001. http://www.mevzuat.gov.tr/MevzuatMetin/1.5.4721.pdf(Erişim Tarihi: 08.12.2018).
• [39] Ceza Muhakemesi Kanunu. 2004. http://www.resmigazete.gov.tr/eskiler/2004/12/20041217.htm#1.(Erişim Tarihi: 08.12.2018).
• [40] Vergi Usul Kanunu. 1961. http://www.mevzuat.gov.tr/MevzuatMetin/1.4.213.pdf(Erişim Tarihi: 08.12.2018).
• [41] İş Kanunu. 2003. http://www.mevzuat.gov.tr/MevzuatMetin/1.5.4857.pdf(Erişim Tarihi: 08.12.2018).
• [42] Nüfus Hizmetleri Kanunu. 2006. http://www.mevzuat.gov.tr/MevzuatMetin/1.5.5490.pdf(Erişim Tarihi: 08.12.2018).
• [43] Bilgi Edinme Hakkı Kanunu. 2003. http://www.mevzuat.gov.tr/MevzuatMetin/1.5.4982.pdf(Erişim Tarihi: 08.12.2018).
• [44] Elektronik Haberleşme Kanunu. 2008. http://www.mevzuat.gov.tr/ MevzuatMetin/1.5.5809.pdf(Erişim Tarihi: 08.12.2018).
• [45] İnternet Ortamında Yapılan Yayınların Düzenlenmesi ve Bu Yayınlar Yoluyla İşlenen Suçlarla Mücadele Edilmesi Hakkında Kanun. 2007. http://www. mevzuat.gov.tr/MevzuatMetin/1.5.5651.pdf(Erişim Tarihi: 08.12.2018).
• [46] Elektronik İmza Kanunu. 2004. http://www.mevzuat.gov.tr/MevzuatMetin/1.5.5070.pdf(Erişim Tarihi: 08.12.2018).
• [47] OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. 1980. http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm(Erişim Tarihi: 08.12.2018).
• [48] Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data - CETS No. 108. 1985. https://www.coe.int/en/web/conventions/full-list/-/conventions/ treaty/108(Erişim Tarihi: 08.12.2018).
• [49] Official Journal of the European Communities. 1995. Directive 95/46/EC of The European Parliement and of The Council. http://eur-lex.europa.eu/ LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML(Erişim Tarihi: 08.12.2018).
• [50] Charter of Fundamental Rights of the European Union. 2000. http://www.europarl.europa.eu/charter/pdf/text_en.pdf (Erişim Tarihi: 08.12.2018).
• [51] Kılınç, D., 2012. Anayasal Bir Hak Olarak Kişisel Verilerin Korunması, Ankara Üniversitesi Hukuk Fakültesi Dergisi (AÜHFD), 61 (3):1089-1169. DOI: 10.1501/ Hukfak_0000001684
• [52] KKVK Kurumsal Tarihçe. 2018. https://kvkk.gov.tr/Icerik/2075/Kurumsal-Tarihce(Erişim Tarihi: 08.12.2018).
• [53] Casellas, N. et al. 2012. Linked legal data: improving access to regulations. Proceedings of the 13th Annual International Conference on Digital Government Research. 4-7 Haziran, College Park, MD, ABD.
• [54] Frantzi, K. T., Ananiadou, S., Tsujii, J. 1998. The c-value/nc-value method of automatic recognition for multi-word terms. Proceedings of the Second European Conference on Research and Advanced Technology for Digital Libraries (ECDL’98), 21-23 Eylül, Heraklion, Crete, Yunanistan, 585–604.
• [55] Kiryakov, A., Popov, B., Ognyanoff, D., Manov, D., Kirilov, A., Goranov, M., 2003. Semantic Annotation, Indexing, and Retrieval. International Semantic Web Conference 2003 (ISWC 2003), 20-23 Ekim, Sanibel Island, FL, ABD, Vol. 2870, 484-499.
• [56] Navigli, R., Velardi, P., 2008. From Glossaries to Ontologies: Extracting Semantic Structure from Textual Definitions. Proceedings of the 2008 Conference on Ontology Learning and Population: Bridging the Gap between Text and Knowledge, Amsterdam, The Netherlands, IOS Press, Vol. 167, 71–87. ISBN 978-1-58603-818-2.
• [57] Jurafsky, D., Martin, J. H. 2018. Syntactic Parsing. 11. Bölüm. Speech and Language Processing (3rd Edt. Draft of September 23, 2018) https://web.stanford.edu/~jurafsky/slp3/11.pdf(Erişim Tarihi: 08.12.2018).
• [58] Cimiano, P., Völker, J. 2005. Text2Onto: A Framework for Ontology Learning and Data-Driven Change Discovery. Proceedings of the 10th International Conference on Applications of Natural Language to Information Systems (NLDB’2005), 15-17 Haziran, Alicante, İspanya.
• [59] Jupp, S., Horridge, M. 2008. TerMine Plugin. https://protegewiki. stanford.edu/wiki/TerMine_Plugin(Erişim Tarihi: 08.12.2018).
• [60] Popov, B., Kiryakov, A., Kirilov, A., Manov, D., Ognyanoff, D., Goranov, M. 2003. KIM – Semantic Annotation Platform. International Semantic Web Conference 2003 (ISWC 2003), 20-23 Ekim, Florida, ABD, 834–849.
• [61] Protégé Ontology Editor. 2018. https://protege.stanford.edu(Erişim Tarihi: 08.12.2018).
• [62] Völker, J. 2008. Text2Onto Neon-Toolkit. http://neon-toolkit.org/wiki/1.x/Text2Onto.html(Erişim Tarihi: 08.12.2018).
• [63] Ontotext. 2000. Ontotext Semantic Technology Company, https://ontotext.com/the-company (Erişim Tarihi: 08.12.2018).
• [64] Technopedia. 2012. Named-Entity Recognition (NER). https://www. techopedia.com/definition/13825/named-entity-recognition-ner(Erişim Tarihi: 08.12.2018).
• [65] Noy, N. F., McGuinness, D. L. 2001. Ontology Development 101: A Guide to Creating Your First Ontology. https://protege.stanford. edu/publications/ontology_development/ontology101.pdf(Erişim Tarihi: 08.12.2018).
• [66] Class TFIDFSimilarity. 2000. http://lucene.apache.org/core/5_1_0/core/org/apache/lucene/search/similarities/TFIDFSimilarity.html (Erişim Tarihi: 08.12.2018).
• [67] Why add one in inverse document frequency?2015. https://stats. stackexchange.com/questions/166812/why-add-one-in-inverse-document-frequency (Erişim Tarihi: 08.12.2018).
• [68] Akcora, B. 2016. Vektör Uzayı Modeli ve TF-IDF Ağırlıklandırması. https://bahadirakcora.wordpress.com/2016/03/13/vektor-uzayi-modeli-ve-tf-idf-agirliklandirmasi-2/ (Erişim Tarihi: 08.12.2018).
• [69] RDF Working Group. 2004. Resource Description Framework (RDF). http://www.w3.org/RDF/ (Erişim Tarihi: 08.12.2018).
• [70] Soguel, D., Butler, D. 2016. Correction: Turkey-Data Leak story. https://apnews.com/0d88b2c4311a464587a485ad56ac986e (Erişim Tarihi: 08.12.2018).
• [71] Apache Jena. 2018. https://jena.apache.org (Erişim Tarihi: 08.12.2018).