Abstract

A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.

Highlights

  • An enormous amount of sensitive personal data is being collected and used by scientists, businesses, and governments

  • We propose a smart-contract-based dynamic consent management system architecture backed by blockchain technology for legal personal data usage based on general data protection regulation (GDPR)

  • This study is focused on the design and implementation of a dynamic consent management solution using smart contracts to achieve specific, informed, and engaged consent agreements for the legal use of personal data based on GDPR, wherein accountability, transparency, privacy, and security are guaranteed

Read more

Summary

Introduction

An enormous amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to personal privacy rights and the security of personal data [1,2]. Data protection authorities are obliged to elucidate the requirements of lawful personal data uses. The European Union (EU) data protection board has published a bill on the need to safeguard personal information [4]. Protection Regulation (GDPR) mandates institutions, regardless of their location, to have a legal basis to collect and use personal data of EU members’ citizens and residents [5]. Consent is seen as one of the legal foundations for collecting and processing data under the GDPR. Individuals are given the right to change, withdraw, or revoke consent at any time

Dynamic Consent Management
Our Contributions
Blockchain and Smart Contract
Blockchain-Enabled Dynamic Consent Management
Evaluation
Proposed System Model
Key Stakeholders and Roles Identification
Consent Requirements and Model Definition
System Architecture
User Profile Creation and Role Approval
Personal Data Management
Consent Expression
Consent Request and Agreement
Consent Withdrawal
Consent Contract Generation
Implementation Details
Security and Privacy Analysis
Satisfying Design Requirements
Performance Evaluation
Txsucc
Limitations and Open
Conclusions and Future Work
Full Text

Published Version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Enhancing Data Protection in Dynamic Consent Management Systems: Formalizing Privacy and Security Definitions with Differential Privacy, Decentralization, and Zero-Knowledge Proofs.
Muhammad Irfan Khalid ... Jungsuk Kim
Sensors | VOL. 23
Muhammad Irfan Khalid, et. al.Muhammad Irfan Khalid ... Jungsuk Kim
01 Sep 2023
GDPR - General Data Protection Regulation on Sites Requiring Accessibility
Mirena Todorova-Ekmekci
Innovative STEM Education | VOL. 3
Mirena Todorova-EkmekciMirena Todorova-Ekmekci
29 Jun 2021
Information Provision for Informed Consent Procedures in Psychological Research Under the General Data Protection Regulation: A Practical Guide
Dara Hallinan ... Annika Külpmann
Advances in Methods and Practices in Psychological Science | VOL. 6
Dara Hallinan, et. al.Dara Hallinan ... Annika Külpmann
01 Jan 2023
Оценка степени влияния General Data Protection Regulation на безопасность предприятий в российской федерации
Ilya Livshitz
Voprosy kiberbezopasnosti | VOL. -
Ilya LivshitzIlya Livshitz
01 Jan 2020
View more papers

More From: Sensors

Paper Title
Journal
Date
Author
An Investigation into High-Accuracy and Energy-Efficient Novel Capacitive MEMS for Tire Pressure Sensor Application
Liang Luo ... Changde He
Sensors | VOL. 24
Liang Luo, et. al.Liang Luo ... Changde He
17 Dec 2024
MR Elastography Using the Gravitational Transducer
Omar Isam Darwish ... Ralph Sinkus
Sensors | VOL. 24
Omar Isam Darwish, et. al.Omar Isam Darwish ... Ralph Sinkus
17 Dec 2024
Mind the Step: An Artificial Intelligence-Based Monitoring Platform for Animal Welfare
Andrea Michielon ... Cesare Furlanello
Sensors | VOL. 24
Andrea Michielon, et. al.Andrea Michielon ... Cesare Furlanello
17 Dec 2024
Arrhythmia Detection by Data Fusion of ECG Scalograms and Phasograms
Michele Scarpiniti
Sensors | VOL. 24
Michele ScarpinitiMichele Scarpiniti
17 Dec 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.