A Smart Contract-Based Dynamic Consent Management System for Personal Data Usage under GDPR

Merlec, Mpyana Mwamba; Lee, Youn Kyu; Hong, Seng-Phil; In, Hoh Peter

doi:10.3390/s21237994

Cited by 22 publications

(5 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Semantics and blockchain are also used by Merlec et al [ 7 ], who present a dynamic consent management system for personal data usage in compliance with GDPR. The system supports functionalities such as data provisioning, user management, and authentication.…”

Section: Related Workmentioning

confidence: 99%

“…The system supports functionalities such as data provisioning, user management, and authentication. Some of the known limitations, as mentioned by the authors in [ 7 ], include the complexity of the presented solution, immutability of blockchain, and the automation of security and privacy policies verification and GDPR compliance checking, which is planned as future work.…”

Section: Related Workmentioning

confidence: 99%

“…However, these requirements have also posed significant challenges to companies regarding the automation of compliance verification. Several software tools for GDPR compliance have already been developed that cover some steps required for automated compliance verification (e.g., [ 3 , 4 , 5 , 6 , 7 ]). In most cases, these tools address only a specific subset of the GDPR regulations, such as audit (or auditability) [ 8 ] or only consent management.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

Chhetri

Kurteva

DeLong

et al. 2022

Sensors

View full text Add to dashboard Cite

The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR’s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

Chhetri

Kurteva

DeLong

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…It comprises the following modules: (a) The security manager provides user credentials and e-portfolio data security-related features such as authentication, authorization, confidentiality, and accountability. (b) The access control manager authorizes or denies access to e-portfolio data depending on the access control policies and rules embedded in the consent agreement contracts [ 47 ]. (c) The privacy manager helps users define and manage their privacy preferences, and (d) the audit manager enables users to audit their e-portfolio history in terms of when it was requested and accessed and by whom for verification.…”

Section: Proposed Schemementioning

confidence: 99%

A Consortium Blockchain-Based Secure and Trusted Electronic Portfolio Management Scheme

Merlec

Islam

Lee

et al. 2022

Sensors

Self Cite

View full text Add to dashboard Cite

In recent times, electronic portfolios (e-portfolios) are being increasingly used by students and lifelong learners as digital online multimedia résumés that showcase their skill sets and achievements. E-portfolios require secure, reliable, and privacy-preserving credential issuance and verification mechanisms to prove learning achievements. However, existing systems provide private institution-wide centralized solutions that primarily rely on trusted third parties to issue and verify credentials. Furthermore, they do not enable learners to own, control, and share their e-portfolio information across organizations, which increases the risk of forged and fraudulent credentials. Therefore, we propose a consortium blockchain-based e-portfolio management scheme that is decentralized, secure, and trustworthy. Smart contracts are leveraged to enable learners to completely own, publish, and manage their e-portfolios, and also enable potential employers to verify e-portfolio credentials and artifacts without relying on trusted third parties. Blockchain is used as an immutable distributed ledger that records all transactions and logs for tamper-proof trusted data provenance, accountability, and traceability. This system guarantees the authenticity and integrity of user credentials and e-portfolio data. Decentralized identifiers and verifiable credentials are used for user profile identification, authentication, and authorization, whereas verifiable claims are used for e-portfolio credential proof authentication and verification. We have designed and implemented a prototype of the proposed scheme using a Quorum consortium blockchain network. Based on the evaluations, our solution is feasible, secure, and privacy-preserving. It offers excellent performance.

show abstract

“…In the healthcare domain, several approaches solve consent management through blockchain, a technology trend in this field [3]. For instance, a general-purpose blockchain platform that adopts an ontology-based consent model has been developed for managing data subject consents [4]. In [5], Rantos et al present a blockchain platform that facilitates data controller interaction with the data subject under GDPR.…”

Section: Introductionmentioning

confidence: 99%

Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing

et al. 2023

View full text Add to dashboard Cite

Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual's will. Nevertheless, few solutions focus on guaranteeing the proper execution of consents. We propose a serviceoriented architecture, backed by blockchain technology, that enables: (1) tamper-proof and immutable storage of subject of care consents; (2) a fine-grained access control for protecting health data according to consents; and (3) auditing tasks for supervisory authorities (or subjects of care themselves) to assess that healthcare organizations comply with GDPR and granted consents. Standards for health information exchange and access control are adopted to guarantee interoperability. Access control events and the subject of care consents are maintained on a blockchain, providing a trusted collaboration between organizations, supervisory authorities, and individuals. A prototype of the architecture has been implemented as a proof of concept to evaluate the performance of critical components. The application of subject of care consent to control the treatment of personal health data in federated and distributed environments is a pressing concern. The experimental results show that blockchain can effectively support sharing consent and audit events among healthcare organizations, supervisory authorities, and individuals.INDEX TERMS Blockchain, consent management, fast healthcare information resources (FHIR), general data protection regulation (GDPR), service-oriented architecture (SOA), business process management (BPM).

show abstract

A Smart Contract-Based Dynamic Consent Management System for Personal Data Usage under GDPR

Cited by 22 publications

References 30 publications

Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

A Consortium Blockchain-Based Secure and Trusted Electronic Portfolio Management Scheme

Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing

Contact Info

Product

Resources

About