ADvoCATE: A Consent Management Platform for Personal Data Processing in the IoT Using Blockchain Technology

Rantos, Konstantinos; Drosatos, George; Demertzis, Konstantinos; Ilioudis, Christos; Παπανικολάου, Αλέξανδρος; Kritsas, Antonios

doi:10.1007/978-3-030-12942-2_23

Cited by 40 publications

(45 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This legislation, among others, requires informed consent of the user toward data collection and guarantees access to information about what data was gathered and what was the purpose of data processing. However, the realization of these requirements is often problematic due to the lack of transparency ( Kröger, 2018 ; Rantos et al, 2018 ) and because people want to benefit from the promising technology.…”

Section: Introductionmentioning

confidence: 99%

Out of Control – Privacy Calculus and the Effect of Perceived Control and Moral Considerations on the Usage of IoT Healthcare Devices

Princi

Krämer

2020

Front. Psychol.

View full text Add to dashboard Cite

People are increasingly applying Internet of Things (IoT) devices that help them improve their fitness and provide information about their state of health. Although the acceptance of healthcare devices is increasing throughout the general population, IoT gadgets are reliant on sensitive user data in order to provide full functioning and customized operation. More than in other areas of IoT, healthcare applications pose a challenge to individual privacy. In this study, we examine whether actual and perceived control of collected data affects the willingness to use an IoT healthcare device. We further measure actual behavior as a result of a risk-benefit trade-off within the framework of privacy calculus theory. Our experiment with N = 209 participants demonstrates that while actual control does not affect the willingness to use IoT in healthcare, people have a higher intention to use an IoT healthcare device when they perceive to be in control of their data. Furthermore, we found that, prior to their decision, individuals weigh perceived risks and anticipated benefits of information disclosure, which demonstrates the potential to apply the privacy calculus in the context of IoT healthcare technology. Finally, users’ moral considerations of IoT in healthcare are discussed.

show abstract

Section: Introductionmentioning

confidence: 99%

Out of Control – Privacy Calculus and the Effect of Perceived Control and Moral Considerations on the Usage of IoT Healthcare Devices

Princi

Krämer

2020

Front. Psychol.

View full text Add to dashboard Cite

show abstract

“…PIA shall be embedded in the early phases of software design and development. PIA adoption in most industry sectors is considered at an early stage [14], while state of the art methodologies and tools to implement PIA are very few (e.g., [5]. The DEFeND DSM service advances the current state of the art in PIA by providing an in-depth processing analysis based on a recognized methodology and international standards.…”

Section: Research Noveltymentioning

confidence: 99%

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Piras

Al-Obeidallah

Pavlidis

et al. 2020

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

show abstract

“…Consentio [49] uses a blockchain to support their Consent architecture albeit with the requirement of a permissioned blockchain which can, arguably, reduce the strength of the accountability requirements. Blockchains to manage consent in IoT is also a promising direction as seen in the ADvoCATE architecture [50]. It is able to consolidate multiple distributed points of consent over a blockchain similarly to CoMaFeds [30].…”

Section: Related Workmentioning

confidence: 99%

Towards an Accountable Web of Personal Information: The Web-of-Receipts

Jesus

2020

IEEE Access

View full text Add to dashboard Cite

Consent is a corner stone in any Privacy practice or public policy. Much beyond a simple ''accept'' button, we show in this paper that obtaining and demonstrating valid Consent can be a complex matter since it is a multifaceted problem. This is important for both Organisations and Users. As shown in recent cases, not only cannot an individual prove what they accepted at any point in time, but also organisations are struggling with proving such consent was obtained leading to inefficiencies and noncompliance. To a large extent, this problem has not obtained sufficient visibility and research effort. In this paper, we review the current state of Consent and tie it to a problem of Accountability. We argue for a different approach to how the Web of Personal Information operates: the need of an accountable Web in the form of Personal Data Receipts which are able to protect both individuals and organisation. We call this evolution the Web-of-Receipts: online actions, from registration to real-time usage, is preceded by valid consent and is auditable (for Users) and demonstrable (for Organisations) at any moment by using secure protocols and locally stored artefacts such as Receipts. The key contribution of this paper is to elaborate on this unique perspective, present proof-of-concept results and lay out a research agenda. INDEX TERMS Privacy, consent, accountability, web-of-receipts, personal data receipts.

show abstract

ADvoCATE: A Consent Management Platform for Personal Data Processing in the IoT Using Blockchain Technology

Cited by 40 publications

References 18 publications

Out of Control – Privacy Calculus and the Effect of Perceived Control and Moral Considerations on the Usage of IoT Healthcare Devices

Out of Control – Privacy Calculus and the Effect of Perceived Control and Moral Considerations on the Usage of IoT Healthcare Devices

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Towards an Accountable Web of Personal Information: The Web-of-Receipts

Contact Info

Product

Resources

About