Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models

Files

Automating_IoT_Data_Privacy_Compliance_by_Integrating_Knowledge_Graphs_With_Large_Language_Models.pdf (1.52 MB)

Links to Files

https://ieeexplore.ieee.org/document/11072168

Permanent Link

https://doi.org/10.1109/ACCESS.2025.3586278
 http://hdl.handle.net/11603/39490

Collections

UMBC Faculty Collection
UMBC Computer Science and Electrical Engineering Department
UMBC Information Systems Department
UMBC Student Collection

Author/Creator

Author/Creator ORCID

https://orcid.org/0009-0006-8930-2612
 https://orcid.org/0000-0002-6354-1686

Date

2025-07-07

Type of Work

journal articles
Text

Department

Program

Citation of Original Publication

Echenim, Kelvin U., and Karuna P. Joshi. “Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models.” IEEE Access 13 (July 7, 2025): 118438–51. https://doi.org/10.1109/ACCESS.2025.3586278.

Rights

Attribution 4.0 International

Subjects

Law
regulatory compliance automation
General Data Protection Regulation
Cognition
semantic interoperability
large language models
Knowledge graphs
IoT
Data privacy compliance
UMBC Ebiquity Researh Group
UMBC Knowledge, Analytics, Cognitive and Cloud Computing (KnACC) lab
UMBC Cybersecurity Institute
Large language models
Privacy
knowledge graphs
wearables
Regulation
Internet of Things
Data privacy
Accuracy
UMBC KNowlege, Analytics, Cognitive and Cloud Computing (KnACC) Lab

Abstract

Regulatory compliance is mandatory for Internet of Things (IoT) manufacturers, particularly under stringent frameworks such as the General Data Protection Regulation (GDPR), which governs the handling of personal data. We introduce a novel framework for automating IoT compliance verification by integrating a Large Language Model (LLM) with a domain-specific Knowledge Graph (KG). The framework achieves two primary objectives: 1) leveraging the LLM to interpret natural-language compliance queries, and 2) employing a KG populated with synthetic GDPR scenarios to provide structured, up-to-date regulatory guidance, modeling obligations, permissions, and prohibitions for both deontic (normative) and non-deontic (factual) queries, thus mitigating biases and hallucinations inherent in language models. Evaluated on 50 representative GDPR compliance queries, our approach achieves high semantic alignment (mean BERTScore F1 of 0.89), with expert reviewers rating approximately 84% of generated compliance advice as fully or mostly correct. This work offers IoT manufacturers a scalable, automated solution for data privacy compliance.