Privacy-First Paradigm for Dynamic Consent Management Systems: Empowering Data Subjects through Decentralized Data Controllers and Privacy-Preserving Techniques

Abstract

This paper explicitly focuses on utilizing blockchain technology in dynamic consent management systems with privacy considerations. While blockchain offers improved security, the potential impact on entities’ privacy must be considered. Through a critical investigation of available contributions to the present state of the art of blockchain-based dynamic consent management systems, we highlight the limitations of plaintext storage and the processing of subject data/consent on the blockchain, which can compromise privacy. We stress the significance of keeping encrypted subject data/consent on the blockchain and sharing it in encrypted form with data controllers and requesters to guarantee privacy and security. Our proposed model demonstrates the usefulness of privacy-preserving techniques, underscoring the decentralization of the abstract entity data controller to enhance subject data/consent privacy. Additionally, we suggest the integration of privacy-enhancing technologies such as secure multi-party computation, homomorphic encryption, and differential privacy with blockchain to accomplish both security and privacy, aligning with the data sharing practices outlined in the General Data Protection Regulation (GDPR) in Europe.