The last 20 years have seen increasingly wide spread of online services, including the advent of social media, and therefore increasingly massive sharing of personal data between users and companies, thus underscoring the importance of protecting the privacy of any involved personal data and avoid abuses. In 2018 the General Data Protection Regulation (GDPR) came into force, committing companies to comply with lawful rules that stress their role and responsibilities in protecting the privacy of the legal persons that share personal data with them. In this paper we address the crucial challenges that companies face to achieve compliance with GDPR, and specifically to i) let data owners full visibility and control on the consents related to their own personal data, and ii) design services that can cope with consents that may change or be revoked dynamically. We propose a solution that relies on the blockchain technology to let data owners grant, access and rectify their consents in a decentralized peer-to-peer fashion, while guaranteeing consensual agreement of data owners and companies on the status of the relevant consents at any time. Although blockchains let all users access all contents freely, our solution suitably exploits encryption to both guarantee the integrity of the consents, and avoid any disclosure to third parties. At the company side, our approach settles a compliance broker that works in a publish-subscribe style to assist services in controlling their compliance to GDPR while the status of consents evolves on the blockchain.
Calani, M., Denaro, G., Leporati, A. (2021). Exploiting the blockchain to guarantee GDPR compliance while consents evolve under data owners' control. In Proceedings of the Italian Conference on Cybersecurity (ITASEC 2021) (pp.331-343). CEUR-WS.
Exploiting the blockchain to guarantee GDPR compliance while consents evolve under data owners' control
Denaro, G;Leporati, A
2021
Abstract
The last 20 years have seen increasingly wide spread of online services, including the advent of social media, and therefore increasingly massive sharing of personal data between users and companies, thus underscoring the importance of protecting the privacy of any involved personal data and avoid abuses. In 2018 the General Data Protection Regulation (GDPR) came into force, committing companies to comply with lawful rules that stress their role and responsibilities in protecting the privacy of the legal persons that share personal data with them. In this paper we address the crucial challenges that companies face to achieve compliance with GDPR, and specifically to i) let data owners full visibility and control on the consents related to their own personal data, and ii) design services that can cope with consents that may change or be revoked dynamically. We propose a solution that relies on the blockchain technology to let data owners grant, access and rectify their consents in a decentralized peer-to-peer fashion, while guaranteeing consensual agreement of data owners and companies on the status of the relevant consents at any time. Although blockchains let all users access all contents freely, our solution suitably exploits encryption to both guarantee the integrity of the consents, and avoid any disclosure to third parties. At the company side, our approach settles a compliance broker that works in a publish-subscribe style to assist services in controlling their compliance to GDPR while the status of consents evolves on the blockchain.File | Dimensione | Formato | |
---|---|---|---|
Calani-2021-CEUR Workshop Proceedings-VoR.pdf
accesso aperto
Descrizione: CC BY 4.0 This volume and its papers are published under the Creative Commons License Attribution 4.0 International (CC BY 4.0).
Tipologia di allegato:
Publisher’s Version (Version of Record, VoR)
Licenza:
Creative Commons
Dimensione
724.53 kB
Formato
Adobe PDF
|
724.53 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.