1. Introduction

2. Related Work

Table 1. Related reference findings in our investigation.

3. Novelty of the work

Figure 1. Novel architecture of secure international data transfer.

Figure 1. Novel architecture of secure international data transfer.

Figure 2. Novel architecture of NLP model and Smart contract tunnel.

Figure 2. Novel architecture of NLP model and Smart contract tunnel.

4. Legal Consideration for International Cloud Data Transfer.

4.1. Natural Language Processing Modelling.

A complex Natural Language Processing (NLP) model is used in the context of automating data policy verification to guarantee adherence to laws like GDPR and DPDPA. The first step of the procedure involves using an embedding layer to transform input data into high-dimensional embeddings that capture semantic information about each token. Positional encodings are added to transformer-based models in order to maintain the token order. Subsequently, these embeddings are processed by multi-head attention methods, allowing the model to focus on multiple data points at once, thereby capturing intricate dependencies and relationships. A feedforward network is used to further modify the attention mechanism’s output, increasing its representational capacity. Finally, the model is able to ascertain whether the data conforms with the given policies by using a softmax function to build a probability distribution across potential verification results. A signal is delivered to start the data transfer if the verification is successful, as shown by the model’s output, guaranteeing that the procedure is carried out accurately and effectively without the need for human intervention.

Figure 3. Flow control diagram of secure international data transfer.

Figure 3. Flow control diagram of secure international data transfer.

4.1.1. Embedding Layer and Positional Encoding

The process begins with the input sequence $X=\{x_1,x_2,\cdots ,x_n\}$, where each $x_i$ represents a token or piece of data. The input sequence is first passed through an embedding layer to obtain a set of embedding vectors:

$$\mathbf{E}=\{{\mathbf{e}}_1,{\mathbf{e}}_2,\cdots ,{\mathbf{e}}_n\}=\mathrm{Embed}\left(X\right)$$

where each ${\mathbf{e}}_i\in {\mathbb{R}}^d$ is a vector representation of the input token $x_i$.

For models such as transformers that require positional information, positional encodings are added to the embeddings:

$${\mathbf{z}}_i={\mathbf{e}}_i+\mathrm{PE}\left(i\right)$$

where $\mathrm{PE}\left(i\right)$ is the positional encoding vector for position i.

4.1.2. Multi-Head Attention

Next, the embeddings are processed through multi-head attention. The attention mechanism is defined as:

$$\mathrm{Attention}(\mathbf{Q},\mathbf{K},\mathbf{V})=\mathrm{softmax}\left({\displaystyle \frac{\mathbf{Q}{\mathbf{K}}^{\top }}{\sqrt{d_k}}}\right)\mathbf{V}$$

where $\mathbf{Q}={\mathbf{W}}^Q{\mathbf{z}}_i$, $\mathbf{K}={\mathbf{W}}^K{\mathbf{z}}_i$, and $\mathbf{V}={\mathbf{W}}^V{\mathbf{z}}_i$ are the query, key, and value matrices for the input ${\mathbf{z}}_i$, and $d_k$ is the dimension of the key vectors.

4.1.3. Feedforward Layer

The outputs of the attention heads are concatenated and projected:

$${\mathbf{h}}_i^{\left(1\right)}=\mathrm{Concat}({\mathrm{head}}_1,{\mathrm{head}}_2,\cdots ,{\mathrm{head}}_h){\mathbf{W}}^O$$

where ${\mathbf{W}}^O$ is the output projection matrix.

Following the attention mechanism, the output is passed through a feedforward network:

$${\mathbf{h}}_i^{\left(2\right)}=\mathrm{ReLU}({\mathbf{W}}_1{\mathbf{h}}_i^{\left(1\right)}+{\mathbf{b}}_1)$$

$${\mathbf{h}}_i^{\left(3\right)}={\mathbf{W}}_2{\mathbf{h}}_i^{\left(2\right)}+{\mathbf{b}}_2$$

where ${\mathbf{W}}_1$, ${\mathbf{W}}_2$, ${\mathbf{b}}_1$, and ${\mathbf{b}}_2$ are the weights and biases of the feedforward network.

4.1.4. Output Layer and Final Verification

Finally, the model produces an output probability distribution:

$$\mathbf{y}=\mathrm{softmax}({\mathbf{W}}_o{\mathbf{h}}_n^{\left(3\right)}+{\mathbf{b}}_o)$$

where ${\mathbf{W}}_o$ and ${\mathbf{b}}_o$ are the weights and biases of the output layer.

The final verification decision is given by:

$$\widehat{y}=argmax\left(\mathbf{y}\right)$$

If $\widehat{y}=\mathrm{Verified}$, the model sends a green signal to the smart contract to initiate the data transfer:

$$\mathbb{I}(\widehat{y}=\mathrm{Verified})=1$$

5. Experimental Results and Discussion

5.1. Training of NLP Model

The NLP model has been trained by giving inputs such as user’s personal data like their identity information, credit card information etc. The model detects whether the data is confidential and the access control by authorized user. We have trained the model to check these two policies, further we will implement to verify more policies for GDPR, CCPA as well as India’s DPDPA(Digital Personal Data Protection Act). The model will take users data as input and tells which policies are complying like Article 5(1)(f) - Integrity and Confidentiality, Article 32 - Security of Processing of GDPR and Section 1798.150 - Data Breach Liability, Section 1798.81.5 - Reasonable Security Procedures of CCPA. TF-IDF vectorizer with a Naive Bayes are used in the model. The TF-IDF vectorizer transforms the raw text data into numerical form, where each word is represented by a score that reflects its importance in the document relative to the entire corpus. The Naive Bayes classifier then uses these numerical vectors to learn and predict labels for the text data.

Figure 4 shows a sample test dataset we used to train the model.

Note: Only some part of dataset is shown for example.

Figure 4. Sample dataset example used for training.

Figure 4. Sample dataset example used for training.

The procedure starts when a user enters their personal information, which is then safely sent via a REST API to an NLP model. The purpose of this model is to evaluate the data and guarantee adherence to pertinent data protection laws. The model particularly verifies GDPR compliance if the user plans to move their data to European nations. In contrast, the model evaluates data against CCPA regulations in the event that it is transported to California. The model then assesses whether the data management procedures adhere to the strict guidelines set forth in the relevant rules. Following compliance verification, the model gives the go-ahead for a smart contract to authorise and start the data migration process to the chosen area, guaranteeing that all legal requirements are are satisfied before the transfer occurs.

Figure 5. NPL model compliance check procedure.

Figure 5. NPL model compliance check procedure.

5.2. NLP Model Accuracy

By comparing the model’s output with the expected output for a specific set of test data, the accuracy of the NLP model is determined. The accuracy score gives information about the model’s ability to accurately detect and confirm adherence to data policies.

$$\mathrm{Accuracy}={\displaystyle \frac{\mathrm{Number}\mathrm{of}\mathrm{Correct}\mathrm{Predictions}}{\mathrm{Total}\mathrm{Number}\mathrm{of}\mathrm{Predictions}}}\times 100$$

Table 2. NLP Model Accuracy.

Table 2. NLP Model Accuracy.

Test Input	Accuracy (%)	Expected Output	Actual Output
"Test Data 1"	95.0	True	True
"Test Data 2"	94.5	False	False
"Test Data 3"	96.0	True	True
"Test Data 4"	94.0	True	True
"Test Data 5"	95.5	False	False

Figure 6 shows the graphical representation of the accuracy of our model for various data.

5.3. Transfer Latency

The time it takes to start and complete a data transmission on a blockchain is known as transfer latency. This measure is essential for assessing how quickly and responsively the smart contract responds to requests for data transfers.

Table 3. Transfer Latency.

Table 3. Transfer Latency.

Data Input	Latency (ms)	Recipient Address
"Data Hash 1"	150	0xAddr1
"Data Hash 2"	160	0xAddr2
"Data Hash 3"	145	0xAddr3
"Data Hash 4"	155	0xAddr4
"Data Hash 5"	140	0xAddr5

Figure 7 represents the graphical representation of the latency of data transfer from source to destination.

5.4. Blockchain Transaction Throughput

The quantity of transactions that a blockchain network can handle in a specific amount of time is measured by blockchain transaction throughput. Increased throughput is a sign of a more effective network that can manage higher transaction volumes.

$$\mathrm{Throughput}={\displaystyle \frac{\mathrm{Number}\mathrm{of}\mathrm{Transactions}}{\mathrm{Total}\mathrm{Time}\left(\mathrm{s}\right)}}$$

Table 4. Blockchain Transaction Throughput.

Table 4. Blockchain Transaction Throughput.

Transaction Batch Size	Throughput (tx/s)	Total Transactions	Total Time (s)
Batch 1: 5 txs	10.5	5	0.48
Batch 2: 10 txs	11.0	10	0.91
Batch 3: 15 txs	10.2	15	1.47
Batch 4: 20 txs	10.8	20	1.85
Batch 5: 25 txs	11.2	25	2.23

Figure 8 represents the graphical representation of the scalability of the blockchain we have used. We have tested this by deploying the smart contract on polygon blockchain as it provides better scalability and less transaction fee which addresses many issues like latency and expense for out system.

5.5. Compliance Verification Time

The amount of time the NLP model needs to determine if the incoming data complies with the pertinent data policies is known as the compliance verification time. This statistic aids in evaluating how well the model processes and reacts to compliance checks.

Table 5. Compliance Verification Time.

Table 5. Compliance Verification Time.

Compliance Data Input	Verification Time (ms)	Verification Result
"Policy 1"	200	Compliant
"Policy 2"	210	Non-compliant
"Policy 3"	190	Compliant
"Policy 4"	205	Compliant
"Policy 5"	195	Non-compliant

Figure 9 represents the graphical representation of time take for the verification process for checking compliance of the global data protection policies.

Important information about the efficacy and efficiency of the data transfer and compliance verification system is revealed by the performance study carried out on the NLP model and blockchain smart contract. We have developed a thorough grasp of the system’s capabilities and limitations by analyzing parameters like compliance verification time, blockchain transaction throughput, transfer latency, and NLP model correctness. The investigation shows that the system operates well with precise compliance verification and effective data handling within the designated hardware and software environment. These results show that system performance can be further optimized, guaranteeing stable and dependable operations in practical applications.

6. Conclusions

References

1. Radhakrishnan Venkatakrishnan, Emrah Tanyildizi, and M. Abdullah Canbaz, "Semantic interlinking of Immigration Data using LLMs for Knowledge Graph Construction,". In Companion Proceedings of the ACM on Web Conference 2024 (WWW ’24), 2024. [CrossRef]
2. Jesu Narkarunai Arasu Malaiyappan, Sanjeev Prakash, Samir Vinayak Bayani and Munivel Devan, "Enhancing Cloud Compliance: A Machine Learning Approach,". Advanced International Journal of Multidisciplinary Research, 2024, vol. 2, no. 2. [CrossRef]
3. Padmanaban, "Revolutionizing Regulatory Reporting through AI/ML: Approaches for Enhanced Compliance and Efficiency,". In Journal of Artificial Intelligence General Science (JAIGS), 2024, vol. 2, No. 1, pp. 71–90. [CrossRef]
4. Shabnam Hassani, Mehrdad Sabetzadeh, Daniel Amyot and Jain Liao, "Rethinking Legal Compliance Automation: Opportunities with Large Language Models,". In arxiv, 2024. [CrossRef]
5. Prajakta Sudhir Samant, "LEVERAGING AI FOR ENHANCED COMPLIANCE WITH GLOBAL DATA PROTECTION REGULATIONS IN CLOUD COMPUTING ENVIRONMENTS ". In International Research Journal of Modernization in Engineering Technology and Science, 2024, vol.6, no. 4, pdf-link: https://www.irjmets.com/uploadedfiles/paper//issue_4_april_2024/53514/final/fin_irjmets1715711864.pdf.
6. Sanjeev Prakash, Jesu Narkarunai Arasu Malaiyappan, Kumaran Thirunavukkarasu and Munivel Devan, "Achieving Regulatory Compliance in Cloud Computing through ML". In Advanced International Journal of Multidisciplinary Research, 2024,vol.2, no. 2. [CrossRef]
7. Lillian Tsang "Transferring personal data out of the UK: The IDTA and UK addendum explained". Artical, 2024, link: https://academic.oup.com/book/39321/chapter-abstract/350584629?redirectedFrom=fulltext.
8. Cristòfol Daudén-Esmel, Jordi Castellà -Roca, Alexandre Viejo, "Blockchain-based access control system for efficient and GDPR-compliant personal data management,". In Computer Communications, 2024, vol. 214, pp. 67-87. [CrossRef]
9. Konstantinos Demertzis, Konstantinos Rantos, Lykourgos Magafas, Charalabos Skianis and Lazaros Iliadis, "A Secure and Privacy-Preserving Blockchain-Based XAI-Justice System". In MDPI Information, 2023, vol.14, no. 9. [CrossRef]
10. Richmond Y. Wong, Andrew Chong, R. Cooper AspegrenAuthors Info and Claims, "Privacy Legislation as Business Risks: How GDPR and CCPA are Represented in Technology Companies’ Investment Risk Disclosures,". In Accosiation for computing machinery, 2023, vol. 82. [CrossRef]
11. O. A. Cejas, M. I. Azeem, S. Abualhaija and L. C. Briand, "NLP-Based Automated Compliance Checking of Data Processing Agreements Against GDPR,". IEEE Transactions on Software Engineering, 2023, vol. 49, no. 9, pp. 4282-4303. [CrossRef]
12. Tom, J., Adigwe , W., Anebo, N., and Bukola, "Automated Model for Data Protection Regulation Compliance Monitoring and Enforcement,". In International Journal of Computing, Intelligence and Security Research, 2023, vol. 2, no. 1, http://ijcsir.fmsisndajournal.org.ng/index.php/new-ijcsir/article/view/25.
13. Filippo Lorè, Pierpaolo Basile, Annalisa Appice, Marco de Gemmis, Donato Malerba and Giovanni Semeraro , "An AI framework to support decisions on GDPR compliance,". In Springer Link, 2023, vol. 61, pp 541–568. [CrossRef]
14. Song, J., Fu, H., Jiao, T. et al, "AI-enabled legacy data integration with privacy protection: A case study on regional cloud arbitration court,". In Springer link, J Cloud Comp, 2023, vol. 12, no. 145. [CrossRef]
15. Haris Ahmad, Gagangeet Singh Aujla, "GDPR compliance verification through a user-centric blockchain approach in multi-cloud environment,". In Computers and Electrical Engineering, 2023, vol. 109. [CrossRef]
16. Bayani, S. V, Tillu, R and Jeyaraman, J, "Streamlining Compliance: Orchestrating Automated Checks for Cloud-based AI/ML Workflows,". In Journal of Knowledge Learning and Science Technology, 2023, vol. 2, no. 3. [CrossRef]
17. L. Wang, Z. Guan, Z. Chen and M. Hu, "Enabling Integrity and Compliance Auditing in Blockchain-Based GDPR-Compliant Data Management,". In IEEE Internet of Things Journal, 2023, vol. 10, no. 23, pp. 20955-20968. [CrossRef]
18. Masoud Barati, Kwabena Adu-Duodu, Omer Rana, Gagangeet Singh Aujla and Rajiv Ranjan, "Compliance Checking of Cloud Providers: Design and Implementation,". In Distributed Ledger Technologies: Research and Practice, 2023, vol. 2, no. 13, pp. 1-10. [CrossRef]
19. Yunusa Simpa Abdulsalam and Mustapha Hedabou, "Security and Privacy in Cloud Computing: Technical Review,". In MDPI, future internet, 2022, vol. 14, no. 1. [CrossRef]
20. Xu Ziyi, "International Law Protection of Cross-Border Transmission of Personal Information Based on Cloud Computing and Big Data". In Wiley, Mobile Information System, 2022. [CrossRef]
21. Yilun Zhou, Jianjun She, Yixuan Huang, Lingzhi Li, Lei Zhang andJiashu Zhang, "A Design for Safety (DFS) Semantic Framework Development Based on Natural Language Processing (NLP) for Automated Compliance Checking Using BIM: The Case of China". In MDPI buildings, 2022,vol. 12, no. 6. [CrossRef]
22. A. -J. Aberkane, G. Poels and S. V. Broucke, "Exploring Automated GDPR-Compliance in Requirements Engineering: A Systematic Mapping Study,". In IEEE Access, 2021, vol. 9, pp. 66542-66559. [CrossRef]
23. Dara Hallinan, Alexander Bernier, Anne Cambon-Thomsen, Francis P. Crawley, Diana Dimitrova, Claudia Bauzer Medeiros, Gustav Nilsonne, Simon Parker, Brian Pickering and Stéphanie Rennes, "International transfers of personal data for health research following Schrems II: A problem in need of a solution,". In European Journal of Humar Genetics, 2021, pp 1502–1509. [CrossRef]
24. Mpyana Mwamba Merlec, Youn Kyu Lee, Seng-Phil Hong and Hoh Peter, "A Smart Contract-Based Dynamic Consent Management System for Personal Data Usage under GDPR,". In MDPI sensors, 2021, vol. 21, no. 23. [CrossRef]
25. K. P. Joshi, L. Elluri and A. Nagar, "An Integrated Knowledge Graph to Automate Cloud Data Compliance,". In IEEE Access, 2020,vol. 8, pp. 148541-148555. [CrossRef]