Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models
Regulatory compliance is mandatory for Internet of Things (IoT) manufacturers, particularly under stringent frameworks such as the General Data Protection Regulation (GDPR), which governs the handling of personal data. We introduce a novel framework for automating IoT compliance verification by inte...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11072168/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849319322598506496 |
|---|---|
| author | Kelvin U. Echenim Karuna P. Joshi |
| author_facet | Kelvin U. Echenim Karuna P. Joshi |
| author_sort | Kelvin U. Echenim |
| collection | DOAJ |
| description | Regulatory compliance is mandatory for Internet of Things (IoT) manufacturers, particularly under stringent frameworks such as the General Data Protection Regulation (GDPR), which governs the handling of personal data. We introduce a novel framework for automating IoT compliance verification by integrating a Large Language Model (LLM) with a domain-specific Knowledge Graph (KG). The framework achieves two primary objectives: 1) leveraging the LLM to interpret natural-language compliance queries, and 2) employing a KG populated with synthetic GDPR scenarios to provide structured, up-to-date regulatory guidance, modeling obligations, permissions, and prohibitions for both deontic (normative) and non-deontic (factual) queries, thus mitigating biases and hallucinations inherent in language models. Evaluated on 50 representative GDPR compliance queries, our approach achieves high semantic alignment (mean BERTScore F1 of 0.89), with expert reviewers rating approximately 84% of generated compliance advice as fully or mostly correct. This work offers IoT manufacturers a scalable, automated solution for data privacy compliance. |
| format | Article |
| id | doaj-art-6e4966b153f144c3a6b322e1eb8bcabc |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-6e4966b153f144c3a6b322e1eb8bcabc2025-08-20T03:50:31ZengIEEEIEEE Access2169-35362025-01-011311843811845110.1109/ACCESS.2025.358627811072168Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language ModelsKelvin U. Echenim0https://orcid.org/0009-0006-8930-2612Karuna P. Joshi1https://orcid.org/0000-0002-6354-1686Department of Information Systems, University of Maryland, Baltimore County, MD, USADepartment of Information Systems, University of Maryland, Baltimore County, MD, USARegulatory compliance is mandatory for Internet of Things (IoT) manufacturers, particularly under stringent frameworks such as the General Data Protection Regulation (GDPR), which governs the handling of personal data. We introduce a novel framework for automating IoT compliance verification by integrating a Large Language Model (LLM) with a domain-specific Knowledge Graph (KG). The framework achieves two primary objectives: 1) leveraging the LLM to interpret natural-language compliance queries, and 2) employing a KG populated with synthetic GDPR scenarios to provide structured, up-to-date regulatory guidance, modeling obligations, permissions, and prohibitions for both deontic (normative) and non-deontic (factual) queries, thus mitigating biases and hallucinations inherent in language models. Evaluated on 50 representative GDPR compliance queries, our approach achieves high semantic alignment (mean BERTScore F1 of 0.89), with expert reviewers rating approximately 84% of generated compliance advice as fully or mostly correct. This work offers IoT manufacturers a scalable, automated solution for data privacy compliance.https://ieeexplore.ieee.org/document/11072168/Data privacy complianceIoTknowledge graphslarge language modelsregulatory compliance automationsemantic interoperability |
| spellingShingle | Kelvin U. Echenim Karuna P. Joshi Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models IEEE Access Data privacy compliance IoT knowledge graphs large language models regulatory compliance automation semantic interoperability |
| title | Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models |
| title_full | Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models |
| title_fullStr | Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models |
| title_full_unstemmed | Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models |
| title_short | Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models |
| title_sort | automating iot data privacy compliance by integrating knowledge graphs with large language models |
| topic | Data privacy compliance IoT knowledge graphs large language models regulatory compliance automation semantic interoperability |
| url | https://ieeexplore.ieee.org/document/11072168/ |
| work_keys_str_mv | AT kelvinuechenim automatingiotdataprivacycompliancebyintegratingknowledgegraphswithlargelanguagemodels AT karunapjoshi automatingiotdataprivacycompliancebyintegratingknowledgegraphswithlargelanguagemodels |