key: cord-0939547-u08fb8k9
authors: Giacalone, M.; Sinitò, D. C.; Calciano, M. V.; Santarcangelo, V.
title: A Novel Big Data Approach for Record and Represent Compliance in the Covid-19 Era
date: 2021-11-17
journal: Big Data Research
DOI: 10.1016/j.bdr.2021.100290
sha: 9679ccc54c3366fc0963e21cad48aa18e0494319
doc_id: 939547
cord_uid: u08fb8k9

The present work shows the importance of the Big Data Analytics (Anisetti et al., 2018) [2] scenario applied to corporate COVID-19 compliance, following the concept of “accountability” related privacy issues introduced by the new General Data Protection Regulation. This compliance approach is very useful for territorial security, environmental monitoring and safety prevention (in today pandemic context) and it is developed by the use of technologies (RFID, QR-CODE, NFC, blockchain) and HMI (Human Machine Interface) that it is fundamental core for data monitoring and information representation. The paper shows some new approaches about user HMI interface developed to collect big data about compliance and an innovative data representation approach using audio spectrum waves to record, share and evaluate compliance through an audio representation following a new process mapping approach.

We live the historical moment of the Big Data boom, but even more often we realize that those who use this phrase do not really know its meaning: to understand well what Big Data [19] is, we need to understand the deep meaning of the expression and how its influence can be noticed in everyday's life. It is important to start by saying that the same phrase "Big Data" is somewhat misleading as it suggests the enormous amount of data available today in different sectors and, automatically, leads to the conclusion that Big Data revolution means opportunities to have so much information available for business.

This conclusion is only partially true, because there are sectors where data, although in large quantities, are not always available to everyone and, above all, are not always shared [20] .

If Big Data represents for Information Technology (IT) the point from which to start with the necessary tools such as cloud computing, search algorithms, etc., on the other hand Big Data are necessary and useful in the most disparate business sectors as automotive, medicine, astronomy, biology, pharmaceutical chemistry, finance, gaming, commerce, justice [31] .

In the public sphere, there are many other types of Big Data applications: * Corresponding author. -the deployment of police forces where and when the offenses are more likely to occur; -the study of correlation between air quality and health; -genomic analysis to improve rice crops resistance to drought; -the creation of models to analyze data coming from living beings in the biological sciences.

During the COVID-19 emergency [35] a lot of solutions have been implemented to provide corporate compliance. In fact, the concept of "process accountability" is very important for the workflow analysis and for process development. Corporate and cloud tools produce an amount of data log that can be useful to process discover and process analysis. An important reference to be considered from a compliance development perspective is represented by GDPR accountability metrics and solutions. About that the Big Data approach for GDPR compliance is discussed in paragraph 2. In paragraph 3 we present some useful tools to monitor compliance with the COVID-19 provisions and, in paragraph 4 we show some case study of Big Data [38] scenario about security, environmental and health context scenario together with applications about Covid-19 solutions based on Ozone. In the paragraph five we introduce the main contribution of the paper about innovative compliance genome representation using audio spectrum and its application in safety. In this section we also show an example of audio spectrum of the COVID-19 compliance genome as innovative visual process mining approach. In conclusion, in paragraph 6 some final remarks are presented.

In the current health emergency situation due to the coronavirus pandemic, the topic of data protection [27] related to COVID-19 compliance tools has been discussed a lot: the collection and processing of personal data are necessary for reasons of assessment and prevention, following specific rules. However, it is necessary to distinguish the prevention activities put in place by institutional and health subjects from those of private subjects and public bodies; it was in fact clarified by the Italian Guarantor for the protection of personal data that this activity must be carried out only by subjects who institutionally perform these functions in a qualified manner. The Italian "Shared protocol for the regulation of measures to contrast and contain the spread of the COVID-19 virus in workplaces" also took part on 14 March 2020.

The main guidelines relating to the FAQ issued by the Guarantor are therefore listed below:

-due to the health risk caused by the spread of the virus, which led to the declaration of a state of emergency throughout the national territory, the competent Authorities proceeded to collect personal data, including health data, for reasons of assessment and prevention (just think of the simple measurement of body temperature). -in accordance with the provisions of the "Shared protocol for the regulation of measures to contrast and contain the spread of the Covid-19 virus in workplaces" of March 14, 2020, staff, whether an employee, supplier or visitor, before the access to his workplace, may be subject to body temperature control. If this temperature is higher than 37.5 • , the access will not be allowed. -the detection of body temperature in workplaces represents a processing of personal data, and for this reason it is essential that the collection of the data by the employer/owner of the company takes place in accordance with the provisions of current privacy legislation. -the company must therefore detect body temperature of employers/customers only if it is necessary to document the reasons that prevented access to the premises. It is necessary to provide information on the processing of personal data, indicating reference to the legal basis and as regards the reference to the duration of the treatment and the conservation of the data, it can be made "until the end of the state of emergency". In the case of temporary isolation of the worker due to exceeding the temperature threshold, the employer/owner of the company will be required to guarantee maximum confidentiality and to protect the dignity of the worker. -as regards the attestation of non-provenance of the employee from the epidemiological risk areas and the absence of contacts, in the last 14 days, with subjects tested positive for COVID-19, the employer must previously inform the staff and anyone who intends make entry into the company, the foreclosure of access to those who, in the last 14 days, have had contacts with subjects who tested positive for COVID-19 or come from risk areas, according to the World Health Organization indications [26] . It may also require the issuance of a declaration certifying to not come from epidemiological risk areas and the absence of contacts, in the last 14 days, with subjects who tested positive for COVID-19; this declaration integrates a processing of personal data, for which it will be necessary to collect only the necessary, adequate and relevant data with respect to the prevention of contagion from COVID-19. -in the case that a member of the company develops fever and symptoms of respiratory infection such as cough, compatible with COVID-19, he must immediately report it to the person-nel office. In this circumstance, it will be necessary to proceed with its isolation based on the provisions of the health authority and that of others present from the premises. The company must then proceed immediately to notify the competent health authorities and the emergency numbers for COVID-19 provided by the Region or by the Ministry of Health. During the investigation period, the company will be able to ask what possible close contacts have been and to order them to leave the plant as a precaution, according to the indications of the Health Authority [35] . -until the end of the state of emergency, in a precautionary manner and to try to counter the advance of this pandemic, it is possible for companies to resort to smart working.

GDPR is providing prompt and effective responses to help protect collective health while ensuring compliance with the protection of individuals' personal data, whether they are citizens struggling with contact tracing applications or workers subjected to virus prevention and contrast measures in the company [16] . Companies and public administrations are demonstrating very high levels of attention to the needs of data processing and, consequently, to everyone's rights. The culture of privacy is alive and has been properly metabolized in these years of attempting to comply with the GDPR. The DPOs (data protection officers) and the privacy [11] , legal and compliance offices of the companies are carrying out exceptional work in balancing everyone's needs, in compliance with the rules of the regulation and many, just in these days, are discovering that the GDPR is helpful and not of any hindrance in the best defining flows and retention of data acquired during the emergency [1] . Data processing is crucial to ensure that every regulated action of being together respects the ethical imperative of equality, non-discrimination and the prohibition of stigma. The development of a lot of tools to provide COVID-19 compliance using confidential data have introduced a privacy problem, but following the GDPR accountability approach it is possible to define and implement new solutions to provide COVID-19 compliance that ensure high privacy and security standard. In fact, in previous works we have introduced and developed some quantitative approaches and IoT (Internet of Things) solutions to monitor personal data accountability [21] .

It is very important to notice that COVID-19 compliance requires personal information, and following the GDPR compliance [28] it is possible to implement, manage and provide COVID-19 accountability. It represents a Big Data scenario characterized by personal data (e.g. identifiers, action tracking, location, health parameters). Next paragraph introduce some possible technologies to develop a tool for COVID-19 compliance.

Then, internet of things can be an excellent tool for monitoring compliance with the provisions of COVID-19 [3] . Tracking is possible via devices/objects. In this paragraph we consider the comparison of some technologies and approaches used for COVID-19 compliance monitoring and also a solution to check GDPR [4] compliance.

During the COVID-19 era, the most important solutions implemented for compliance have considered some technologies [7] as tools to manage and monitor compliance.

The first tool projected and implemented is based on the use of QRCODE. In fact, 2D BARCODE ( Fig. 1 ) allow both tracking of the picking/releasing of PPE (Personal Protective Equipment) in an asset/compliance management perspective, but also for training/information purposes and for the management of the monitoring of sanitized company areas. This approach is based on a static infor- mation printed in the QRCODE marker with a remote URI. It cannot be used without a network. It is very easy to implement, thanks to the camera of every smartphone and it is based only on the print of the codes. This is the approach adopted for "Green Pass" checking and tracking.

The second tool is based on the use of RFID/NFC tags (Fig. 2) , and can be used through devices equipped with RF antennas. In this case RF waves have interactions with objects (with tags) for monitoring access in certain areas or with specific instruments. NFC is characterized by local memory and can be useful to store a status, allowing only some users to write information. Differently by QR-CODE approach, it could be used without network access. This approach requires RFID/NFC support on the device (not present on old smartphone) and it is characterized by the cost of each RF tag.

Another important approach is represented by BLE (BLUETOOTH LOW ENERGY), that is the technology of "Immuni" official Covid-19 Italian app. This approach allows to carry out proximity tracking between mobile devices (Fig. 3) and requires Bluetooth interface active on smartphone. This approach can work also without internet connection, using information exchange on local smartphone.

An alternative approach is represented by the use of GPS, that is an important functionality, especially outdoors, thanks to the use of satellite (Fig. 4) . This approach requires internet connection to exchange recorded data. GPS could be used also as information channel broadcast in institutional developments as for car navigators.

A very interesting and innovative approach about proximity IoT can be represented by data over sound, an interesting solution where it is possible to share audio waveforms as input trigger.

In this case the audio input represents a possible coding for user authentication, that is generated following an anti-elusive OTP logic. This approach requires only a speaker for the transmitter and a microphone for the receiver to acquire the information to validate [21] .

Following this concept, it is possible to adapt all the devices for authentication, because every smartphone can reproduce audio signals using their speakers that can be interpreted by devices equipped by microphone.

This approach (DoA domotics) is the same implemented in the innovative lamp of Thegg Domotica S.r.l, (Fig. 5) controlled by data over audio information.

All these approach for compliance require the use of blockchain [22] for anti-elusive accountability. In fact, this technology is used to temporally certify digitized workflows and process compliance or to mark the fingerprint of distributed log dumps (Fig. 6) . The hash of single transaction is recorded in distributed ledgers of pub- lic (e.g. bitcoin, NEM), permissioned o consortium blockchains in relation to the purpose to be pursued.

To detect compliance automatically it is very important to use Process Mining techniques (Fig. 7) . Process Mining is applied to the OLTP (Log) generated by the workflow management system and allows to determine the "process gap" regarding the territorial dispositions for compliance COVID-19 [23] using a Knowledge Base that maps the rules to follow. The same approach has been considered for some tools implemented to manage and evaluate GDPR accountability. Fig. 7 shows the ProM module applied on OLTP (online transaction processing) DBMS to define the process gap considering the mapped rules of COVID-19 compliance dispositions of a defined place (e.g. Italy).

In this paragraph we present some Big Data compliance practical case studies implemented following the approach introduced previous, starting with Big Data Guard platform. This project is characterized by an application (available on the store) developed by the innovative "SME iInformatica S.r.l." for voluntary monitoring of the territory by citizens who become "security ambassadors" from a social responsibility perspective.

The "hybrid" application, which was also presented as a contribution for the containment and contrast of the spread of the coronavirus to the "Innova per l'Italia" project under the name of Smart Covid App, can be immediately declined in Covid monitoring key, in order to provide support to civil protection, to the citizen and to institutions in an effective joint active monitoring key to avoid and report any crowds and anomalies. The platform can be used by citizens and by institutions, as showed by HMI (see Fig. 8 ). Big Data Guard can allow institutions (doctors, hospital operators, law enforcement, civil protection, etc.) to be able to carry out realtime geo-localized surveys and reports for real-time monitoring of the evolution of the pandemic. Citizens can report any violations of geo-localized government provisions in real time.

The free service connects citizens, surveillance and public administration. The application considers a survey sent to the user to identify the absence or presence of a "security" risk in a specific area (via GPS). The system has a granted patented marking system (via QRCODE for indoor and GPS for outdoor use) and an administrator dashboard for institutions. The platform interfaces with Google Maps and Open Street Maps. The system certifies reports via blockchain [40] by writing a hash of record insert in the database as a payload of a blockchain transaction. The application consists of a module intended for users (citizens, security staff) available through two applications for mobile devices (Android and iOS apps). Two web-based portals are available for the bodies that are responsible for the control and management of the application. The logic and core of the app is hosted on a web server and accessible via the HTTPS secure protocol. The database uses MySQL databases. The files and data recorded in the application database are encrypted.

Considering the explained approaches for checking the correct position of the user, it is important to underline that it is acquired using the information provided by the mobile device where the application is run. Based on the permissions provided by the user, the location will be determined using information from GPS or mobile networks. In addition, the system also provides for the localization of areas, gates, vehicles, indoor areas via QRCODE which can only be interpreted by system-enabled devices.

Each action that can be performed by users (such as safety assessment, or reporting) is associated with a timestamp related to the actual moment in which that operation was performed and saved in the blockchain by making a transaction with an hash of the activity made by the user as payload. Before being written to the database, the user data is subjected to symmetric AES encryption (with 256-bit key) and the HMAC algorithm (with SHA-256 hash function).

Moreover, since the application uses the data flow of each user individually, no algorithm is used to cross the flows. It is possible to reconstruct all the entries made in the blockchain. The system can record data in its permissioned blockchain or in permissionless blockchain. In some installations the dump of the DB at daily intervals is also certified temporally by sending via PEC (certified Italian e-mail system).

Considering as benchmark the "Immuni" platform, adopted by Italian Government for COVID-19 contact tracking, it is interesting to map strengths and weaknesses with our application. The following table shows that Big Data Guard limits are represented by the necessity of internet and by the use of QR-CODE for indoor nearby tracking, instead of BLE. BLE is a great opportunity for tracking but is limited on new devices. The outdoor tracking can be conducted by the use of GPS. Big Data Guard represents a good solution for legacy devices thanks to the client-server oriented approach and it supports anti-elusive certification by the use of blockchain. Big Data Guard can represent an interesting software-oriented architecture to manage and monitor compliance and it is very useful for implement compliance solutions based on interconnected hardware devices, particularly important in Covid-19 scenario.

In fact, considering the diffusion of sanitation devices in different buildings, even their use must necessarily deal with compliance constraints, the integration of certified logs with monitoring applications in the best of automatically controlled and perfectly controllable compliance via HMI. Following this approach, Dien Group S.r.l. developed the Dien Ozone device, a sanitizer resulting from the experimental development conducted by the company located in Matera equipped with expert system for automatic compliance control thanks to the use of sensors and a safety QR-CODE as distributed safety button. A big data approach is characterized by the use of some knowledge base that interacts with the HMI and device for a defined scope for the compliance control. Fig. 9 shows the COVID-19 system for compliance where sanitizing devices are distributed, guided by Semantic Knowledge Base for compliance, write transactions on Covid-19 blockchain ledgers together with Covid Smart App interaction, following the rules of Semantic KB for GDPR compliance. A similar approach can be shown for environmental monitoring thanks to the use of corporate fleet. This is the Ecosud Car project, a prototype of the company Ecosud S.r.l. with the objective to transform a corporate car in a mobile station for environmental analysis, thanks to the use of an embedded device that allows to carry out a predictive outdoor monitoring activity of the territory.

The device embedded is managed by an intelligent car mirror (see Fig. 10 ), which records in real-time way all environmental parameters (temperature, humidity, environmental gas, acoustic, electromagnetic and radioactive pollution) associating to the measurements, the relevant GPS coordinates and related information acquired by the embedded and the operator feedback. Information acquired are used to create a dynamic fuzzy cartography (with TOPSIS ranking) using also the data collected by the environmental ambassadors, together with official dataset of territory and reports obtained through OSINT.

Another innovative approach about compliance system is the Virtual Ambu of Centro Rham S.r.l., an innovative dynamic platform to support patients using a dynamic UX considering the privacy compliance and the typology of support to give. This system is a virtual clinic to support clients during the Covid-19 emergency with particular focus on real-time usability (depending on the type of user and assistance activities to be carried out according to the knowledge base) and on the security of information stream (even in the presence of NAT through an innovative STUN approach). The implemented knowledge base customizes all the UI/UX scenarios providing an important level of privacy compliance and a set of functionalities adapted for the assistance activities.

All these applications represent an important amount of data, collected during 2020, that will be interpreted in future researches following Big Data approach to provide considerations and evidences for the improvement of services.

A very challenging problem is to choose one of the many representations about compliance. The most used historical representation is the semaphorical and tachimetrical form. But it's time to provide information in new ways considering also the evolution of technology.

In an extremely digitized world, with a large number of devices equipped with speakers and microphones, it is particularly interesting to imagine new ways of exchanging and saving information using a green approach. In this regard, it is very interesting to consider a system based on audio streams, that can use data over sound approach as a solution for exchanging information simply by using audio coding [24] . From this perspective, the acoustic waveforms (see Fig. 11 ) can be particularly useful for managing multiple information in a semantic perspective for systems that must ensure compliance. In this way it is possible to record the compliance status of the system in an acoustic waveform and use an interconnected system via microphone-speaker (Data over Sound protocol) to share, check and compare audio waveforms. The waveform then becomes can represent a process genome of the system compliance.

Audio representation represent a very interesting solution to:

-record events over time in append; -hear and interpret the audio without the necessity of a visual HMI by an expert user; -share information coded in the audio between devices using Data over Sound approach; -use specific range (Hz) as a carrier, sound levels (dB) and specific tones (hysochronic, binaural beats) as semantic to map a process over time.

The non-conformities that are found or the salient events of the system are recorded in the acoustic waveform following an appropriate semantics [6] . The sounds therefore become the repositories of the state of the system, which is suitably shared through a data over sound exchange, then, it allows the exchange of compliance information using traditional broadcast channels (e.g. -radio, TV), making it possible to interact with remote devices exclusively through the use of acoustic information [15] . The acoustic process information can be mapped through the use of specific carriers, dB levels and the use of isochronic tones and specific binaural beats. This acoustic information can be interpreted by a computer or directly listened by an expert user (as a stethoscope).

To assess compliance, it is easier to use comparison mechanisms of the acoustic waveforms in the spectral form. Identifying the frequency components of each audio signal is crucial for audio comparison. The time-domain signal is difficult to inspect and must be converted to its frequency-domain equivalent before analysis can be performed. The algorithm considers cross-correlation in the spatial and frequency domain for the comparison of audio waveform.

Then a waveform could monitor any compliance and noncompliance in a bounded environment and be conveyed by audio. Such a waveform would be write-accessible only to authorized personnel and encoded for example within an NFC device or in a memory associated with a Data over Sound based device.

The compliance genome is then stored in an audio waveform that then becomes significant in the time history of the referenced object or medium. As a result, auditors can report their actions in an acoustic waveform by performing appropriate augmentation of the waveform associated with the object/system. This application has been carried out in the context of monitoring fire safety and workplace safety equipment for accident prevention and compliance management.

Solutions based on the internet of things and virtual and augmented reality allow real-time monitoring of fire extinguisher status information. However, they always require the use of online tools, complex interfaces and physical tools in the case of virtual and augmented reality viewers.

The goal of this application, developed by the southern Italy company "L'Antincendio S.r.l." and covered by patent, which differs from what is present in the state of the art, is the possibility of mapping the status of fire extinguishers over time using an acoustic waveform. An audio that tells the story of the fire extinguishers and is then recorded in a sequential concatenated way (append) to add progressive information content over time. Like a human genetic patrimony, the mapping of all the operations carried out on a fire extinguisher (maintenance, control, detection of anomalies, testing) up to its disposal (end of life) can represent the informative genetic patrimony of the fire extinguisher. And the acoustic wave has as advantage the possibility to be enjoyed simply by listening to it, thus making it possible to have an immediate feedback on the life of the extinguisher without interacting in an articulated way with the feedback from the auditor/maintainer on its history. The same principle is also very important for the exchange between devices equipped with data over sound in view of information sharing. The same approach is functional for blockchain certification. Each audio waveform will then have its own fingerprint that will be certified in blockchain but also in the NFC associated with the device that becomes an excellent repository of control information certified in blockchain, as well as the link to the acoustic waveform.

This method (see Fig. 2 ) is characterized by:

-a step of defining the recording semantics of the information genome characterized by values to be encoded as decibels and in specific audio frequency ranges and to the encoding of the temporal representation; -a definition phase of the content to be recorded, such as a check, anomaly or maintenance, in append in the audio waveform associated with an NFC or QRCODE tag; -a certification phase of the hash of the audio waveform inside the NFC tag and in the blockchain; -a possible sharing phase of the waveform through data over sound with data controller and connector devices present in the environment or remote in view of data analysis; -a phase of interpretation of the state of the device by the maintainer/auditor by listening to the acoustic waveform or by visual analysis of the representation of the audio waveform in the form of spectrogram or by automatic analysis of the present components. All this using a human-machine interface (HMI).

The audio spectrogram thus becomes a valid visual tool for the analysis of informative components by virtue of the frequencies and decibels that can be used to describe the acoustic waveform. The audio itself, on the other hand, is an excellent tool for the immediate listening of the extinguisher story.

From this point of view, it is possible to create Big Data Audio repositories, where the logging information is recorded in the form of acoustic waves, shared among devices interconnected through audio. Audio spectrum (see Fig. 16 ) can map all the process, recording the history of status of a product or an environment, that can be called compliance genome, useful to process mining [39] . This representation can be a solution to track the COVID-19 compliance of a company registering the number of people transiting in an area, the non-conformities registered (e.g. -gathering level) or the presence of a COVID-19 [41] positive case.

This approach is very useful to develop an interesting alternative to process mining model to represent compliance through the audio waveform of process mapping. In fact, process mining algorithms (e.g. -ProM suite) develop some representation as fuzzy and visual inductive miner where the audio spectrum can represent anomalies and trends using audio intensity (dB) and frequency (Hz). Following this approach, the graphical audio representation provides an important snapshot on the process discovered considering for example frequencies to map some layer/process phases and the intensity to map conformities and non-conformities. Considering a log about the COVID-19 compliance access to a business environment it is possible to define these phases to define the allowed/denied admission: fill questionnaire, wear PPE and check temperature. Considering the ProM environment, it is possible to import log and to extract heuristic model (see Fig. 13 ), fuzzy model (Fig. 14) and visual inductive model (Fig. 15 ). Following this approach, it is easy to summarize the workflow and to detect anomalies in the process.

Thanks to the model extracted it is possible to define the process gap. In fact, considering the extracted model (see Fig. 12 ) we can see that wearing PPE and checking temperature are two phases in full compliance. It is possible to notice that the questionnaire has not been filled in 2 cases. Considering a lot of phases, this extraction is very useful to underline the process gap and to define measures for process enhancement. Interesting considerations can be done using fuzzy miner and visual inductive approach (see Fig. 13 and Fig. 14) . In this case we can see a summarization of the workflow with the detailed focus on each path.

Following this approach, it is possible to define a visual audio genome representation (see Fig. 16 ) for visual-acoustic pro-cess mapping. In this case the phases are related to audio spectrum range. For example, the variable positive is related to the 1-70 Hz range, wear_PPE is related to 70-352 Hz, check_temperature to 0.352-1.5 kHz, fill_questionnaire to 1.5-5.5 kHz and ad-mission_denied over 5.5 kHz. Following this approach, the nonconformities are the binaural beats related to intensity level (dB pitch -yellow). Critic non conformity about variable "wear PPE" are represented by the absence of PPE or by wearing community masks. It is possible to notice also detected temperature over 37,5 • C and non-compliance with some requirements present in the self-certifications carried out. The presence of non-critic nonconformities is represented in the audio by lower db levels (dB pitch -blue) and is related to the use of a mask with basic protection (variable "wear_PPE") and to the detection of an out-of-range temperature returned normal following a new monitoring after 5 minutes (variable "check_temperature"). It is a normal problem in summer for the high temperatures of outdoor context. Using this representation the cost or value of each phase can be represented with a different color gradient. Interpreting the history and status of a process is therefore possible by listening to the sound (genome) or by viewing its spectral graphical representation as if it were an extraction of a process mining module.

As far as data are really in uncountable amounts, the real revolution referred to Big Data is the ability to use all this information to process, analyze and find objective evidence on different themes: the Big Data revolution refers precisely to what can be done with this amount of information, that is, to the algorithms capable of dealing with so many variables in a short time and with few computational resources. Until recently, to analyze a mountain of data that today we would call Small or Medium Data, a scientist would have taken a long time and would have used extremely expensive mainframe computers. Today, with a simple algorithm, the same information can be processed within a few hours, perhaps using a simple laptop to access the analysis platform. This presupposes new capacities to connect information to each other, to provide a visual approach to data, suggesting patterns and models of interpretation so far unimaginable. Following Big Data approach applied to process compliance it is possible to focus the attention on critical phases useful to detect "process gap" and to implement "process enhancement". Covid-19 process tracking, also for the check of Green Pass, represent an important Big Data case study, a real opportunity to implement, test and improve solutions for people tracking and for the compliance management on large scale.

In this perspective the use of data over sound can be an interesting approach to share and hear data information (as a stethoscope of process information), particularly referring to status and history. The same concept can be used to develop a blockchain of distributed device in the world that can be updated using audio through broadcasting media. In fact, data and hashes coded in audio waveform emitted by broadcast medium (e.g. Radio, TV) can be acquired by devices provided by microphone that can be connected to a ledger. Then, it is possible to imagine devices with blockchain interconnected by audio [34] .

But it is possible also to consider other representation of compliance information considering the correlation between two concepts (e.g. -COVID-19 and GDPR or COVID-19 and smart working) modeling the status in a new technical way. An interesting way can be the representation of compliance status with an electric or magnetic field mapped by two charges (see Fig. 17 ). The two charges can be the representation of the GDPR [8] compliance and the COVID-19 compliance.

We hope that this paper can open new challenging horizons about new approaches on data representation, sharing and analysis.

How will country-based mitigation measures influence the course of the COVID-19 epidemic?

Privacyaware Big Data Analytics as a service for public health policies in smart cities

Thinking ahead about the trade impact of COVID-19

GDPR compliance: your tech department's next big opportunity

Big Data security and privacy, in: A Comprehensive Guide Through the Italian Database Research over the Last 25 Years

Big data semantics

Data-intensive applications, challenges, techniques and technologies: a survey on Big Data

Fake news and manipulated data, the new GDPR, and the future of information

App mediche e protezione dei dati personali

New Technology, Big Data and the Law

Big Data e Privacy by Design

Sistema fuzzy e relativo metodo per il monitoraggio predittivo del territorio

Dispositivo dinamico e relativo metodo per la ispezione cartografica e per il trasferimento di know-how

Box monitora ambiente per automobili

Hermes: data transmission over unknown voice channels

Rapid implementation of mobile technology for real-time epidemiology of COVID-19

Data visualization: enhancing big data more adaptable and valuable

Innovative methods for the development of a notoriety system

Big Data and forensics: an innovative approach for a predictable jurisprudence

Big data compliance for innovative clinical models

An innovative approach for the GDPR compliance in Big Data era

Big data for corporate social responsibility: blockchain use in Gioia del Colle DOP

On the responsible use of digital data to tackle the COVID-19 pandemic

Full-indexembedding patchwork algorithm for audio watermarking

ISO 26000: una guida alla responsabilità sociale

Scrutinizing the EU general data protection regulation

Conceptualizing the right to data protection in an era of Big Data

General Data Protection Regulation (GDPR)

ISO 26000: The Business Guide to the New Standard on Social Responsibility, Routledge

Linked data visualization: techniques, tools, and Big Data

The sentiment of the infosphere: a sentiment analysis approach for the Big Conversation on the Net

La responsabilidad social y la norma ISO 26000

The Visual Organization: Data Visualization, Big Data, and the Quest for Better Decisions

Metodo e sistema basato su data over sound per la certificazione di transazioni, la verifica della conformità o l'invio di informazioni in broadcast

First cases of coronavirus disease 2019 (COVID-19) in France: surveillance, investigations and control measures

Combination of AHP and TOPSIS methods for the ranking of information security controls to overcome its obstructions under fuzzy environment

Existential challenges for healthcare data protection in the United States

Data Privacy: Foundations, New Developments and the Big Data Challenge

Data science in action

Big Data for supply chain management in the service and manufacturing sectors: challenges, opportunities, and future perspectives

COVID-19: challenges to GIS with Big Data

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.Uncited references [5]