Developing GDPR Compliant User Data Policies for Internet of Things

Barati, Masoud; Petri, Ioan; Rana, Omer

doi:10.1145/3344341.3368812

Cited by 18 publications

(18 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Third, we have analyzed and provided a very detailed overview of the research areas that have been taken into consideration until now. For example, healthcare, identity management, and IoT are the most explored domains for compliance issues [e.g., 48,[62][63][64][65][66]. Some areas, for example, cryptocurrency, smart grid, smart and wearable devices, industrial data are unexplored.…”

Section: Contributionsmentioning

confidence: 99%

GDPR Compliant Blockchains–A Systematic Literature Review

et al. 2021

View full text Add to dashboard Cite

Although blockchain-based digital services promise trust, accountability, and transparency, multiple paradoxes between blockchains and GDPR have been highlighted in the recent literature. Some of the recent literature also proposed possible solutions to these paradoxes. This article aims to conduct a systematic literature review on GDPR compliant blockchains and synthesize the findings. In particular, the goal was to identify 1) the GDPR articles that have been explored in prior literature; 2) the relevant research domains that have been explored, and 3) the research gaps. Our findings synthesized that the blockchains relevant GDPR articles can be categorized into six major groups, namely data deletion and modification (Article 16, 17, and 18), protection by design by default (Article 25), responsibilities of controllers and processors (Article 24, 26, and 28), consent management (Article 7), data processing principles and lawfulness (Article 5,6 and 12), and territorial scope (Article 3). We also found seven research domains where GDPR compliant blockchains have been discussed, which include IoT, financial data, healthcare, personal identity, online data, information governance, and smart city. From our analysis, we have identified a few key research gaps and present a future research direction.

show abstract

Section: Contributionsmentioning

confidence: 99%

GDPR Compliant Blockchains–A Systematic Literature Review

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The ability to track GDPR compliance in an automated manner is also missing from existing efforts -as many existing efforts require manual data analysis to be carried out to perform compliance verification. Generating an audit trail of interactions that take place on IoT devices, specifically focusing on the use of GDPR rules, was presented [2] through which several GDPR rules were translated as opcodes in smart contracts to automatically protect IoT user data. In [3], a Blockchain-based architecture together with business processes were designed to show how the integration of GDPR and Blockchain can appear as design patterns for IoT devices to enhance user privacy.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Furthermore, the implementation of a privacy policy based on operations that have been agreed by a data controller, in an easy to interpret manner for users, remains another challenge. In order to address this, we make use of a Blockchain network, to support the accountability of operations carried out on smart objects in a secure, transparent and automatic way [2]. Moreover, the verification of the aforementioned GDPR obligations over IoT devices along with the privacy policies associated with the use of these devices, can be implemented using smart contracts [33] executed over a Blockchain virtual machine.…”

Section: Gdpr Compliance Verification Via Smart Contractsmentioning

confidence: 99%

“…However, what is considered to be sensitive is often subjective -but may include political/religious views of the user, user addresses, banking and health information etc. In order to address this, the General Data Protection Regulation (GDPR) has recently been extended to also include IoT environments, to give users the right to control their data and restrict how such data is shared and processed [2], [3]. Some IoT applications also make use of Blockchain-based techniques to incorporate user privacy and security in the development of their applications [4], [5].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

GDPR Compliance Verification in Internet of Things

Barati¹,

Rana²,

Petri³

et al. 2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

Data privacy in Internet of Things (IoT) applications remains a major concern of regulation bodies. The introduction of the European General Data Protection Regulation (GDPR) enables users to control how their data is accessed and processed, requiring consent from users before any data manipulation is carried out on their (personal) data by smart devices or cloud-hosted services. Blockchains provide the benefits of a distributed and immutable ledger recording digital transactions across a global network of peer nodes. Blockchain support for tracking of operations carried out by an IoT-based system provides greater confidence to a user that the IoT device is not infringing user privacy (as the Blockchain can be audited to verify which operation was carried out, by which actor). A formal model (following the privacy-bydesign approach) is proposed for supporting GDPR compliance checking for smart devices. The privacy requirements of such applications are related to GDPR obligations of device (and software systems) operators (such as user consent, data protection, right to forget etc). Three smart contracts are proposed as a practical solution to support automated verification of operations carried out by devices on user data, in accordance with GDPR rules. We evaluate the performance and scalability costs of our approach using a Blockchain test network.INDEX TERMS Blockchain-based auditing, business processes, general data protection regulation, Internet of Things, user privacy.

show abstract

“…The verification of IoT-based applications under GDPR rules was presented in [7], where several GDPR rules were encoded in smart contracts to automatically protect IoT user data. In [8], a privacy-aware cloud architecture was proposed to enhance transparency, and enable the tracking of providers who accessed user data.…”

Section: Literature Reviewmentioning

confidence: 99%

Automating GDPR Compliance Verification for Cloud-hosted Services

Barati

Theodorakopoulos

Rana

2020

2020 International Symposium on Networks, Computers and Communications (ISNCC)

Self Cite

View full text Add to dashboard Cite

Cloud-hosted business processes require access to customer data to complete a transaction, to improve a customer's on-line experience or provide useful product recommendations. However, privacy concerns associated with the use of this data have led to legal regulations that impose restrictions on how such data is requested or processed by an on-line service, with large penalties for violating these restrictions, e.g. the European General Data Protection Regulation (GDPR). We propose a framework for helping cloud-hosted services automate GDPR compliance checking. The framework comprises three steps: represent data flow in business processes with an appropriate abstraction (timed transition systems), formalise GDPR rules and obligations and incorporate them into the same abstraction, and implement the abstraction in a model checking tool (Uppaal) in order to automatically verify compliance of business process activities with GDPR. We demonstrate the approach using a cloud-based purchase order system.

show abstract

Developing GDPR Compliant User Data Policies for Internet of Things

Cited by 18 publications

References 23 publications

GDPR Compliant Blockchains–A Systematic Literature Review

GDPR Compliant Blockchains–A Systematic Literature Review

GDPR Compliance Verification in Internet of Things

Automating GDPR Compliance Verification for Cloud-hosted Services

Contact Info

Product

Resources

About