DICON: A Domain-Independent Consent Management for Personal Data Protection

Abstract

The development of technology accelerated the digital transformation of information systems. As a consequence of this digitization, data became available at any time and in any place. However, despite this ease of data accessibility, persons’ privacy concerns and threats to data privacy have emerged. Thus, serious privacy problems arise while collecting, storing, accessing, sharing, and archiving personal data. Consent management aims to prevent these problems by preserving privacy and protecting personal data. Hence, there are international treaties and legal regulations for personal data protection which state that consent is required to collect, store, manage and share personal data. In this study, a Semantic Web-based personal consent management model is proposed to protect personal data privacy. The proposed model is domain-independent and aims to control and manage the consent of a person. In order to provide the privacy protection of personal data, the proposed model allows individuals to establish their privacy preferences by determining who can access their personal information, for what purposes, and under what circumstances. For this purpose, a group of ontology is created to ensure the informed consent process. The proposed consent management model is generic. As similar to general personal information, personal health information is also sensitive and must be protected from data leakage. Therefore, the proposed generic model is implemented with Semantic Web technologies and demonstrated for the healthcare domain.