Abstract
A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.
Highlights
An enormous amount of sensitive personal data is being collected and used by scientists, businesses, and governments
We propose a smart-contract-based dynamic consent management system architecture backed by blockchain technology for legal personal data usage based on general data protection regulation (GDPR)
This study is focused on the design and implementation of a dynamic consent management solution using smart contracts to achieve specific, informed, and engaged consent agreements for the legal use of personal data based on GDPR, wherein accountability, transparency, privacy, and security are guaranteed
Summary
An enormous amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to personal privacy rights and the security of personal data [1,2]. Data protection authorities are obliged to elucidate the requirements of lawful personal data uses. The European Union (EU) data protection board has published a bill on the need to safeguard personal information [4]. Protection Regulation (GDPR) mandates institutions, regardless of their location, to have a legal basis to collect and use personal data of EU members’ citizens and residents [5]. Consent is seen as one of the legal foundations for collecting and processing data under the GDPR. Individuals are given the right to change, withdraw, or revoke consent at any time
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
