LAUSR

Personal data protection regulation plays an important role in defining the rights and obligations of the agents involved in processing personal data (i.e., data subjects, controllers, and processors). These agents are allowed to execute actions to achieve their goals by obeying the personal data protection rules; however, this exercise may spawn data flow information asymmetry; for instance, a company may have more information regarding how that data is being used than individuals. This asymmetry can undermine individuals’ ability to protect their rights and interests and lead to a lack of trust in organizations and government bodies responsible for protecting their data. In this context, this article proposes: (i) a consent metamodel based on the literature to aid agents in identifying their major concerns when sharing personal data; (ii) a structure to build use case scenarios in the personal data regulation context; (iii) an intelligent normative multiagent system architecture to represent the personal data regulation rights and obligations, as well as the agent’s decision-making process. The latter will consider the normative rewards and punishments in the aforementioned scenario structure; (iv) a use case in the open banking scenario. This article demonstrates how we propose to contribute to representing agents’ preferences and data regulation concerns. We do so with a normative multiagent system and designing agents with cognitive reasoning capabilities.