The last 20 years have seen increasingly wide spread of online services, including the advent of social media, and therefore increasingly massive sharing of personal data between users and companies, thus underscoring the importance of protecting the privacy of any involved personal data and avoid abuses. In 2018 the General Data Protection Regulation (GDPR) came into force, committing companies to comply with lawful rules that stress their role and responsibilities in protecting the privacy of the legal persons that share personal data with them. In this paper we address the crucial challenges that companies face to achieve compliance with GDPR, and specifically to i) let data owners full visibility and control on the consents related to their own personal data, and ii) design services that can cope with consents that may change or be revoked dynamically. We propose a solution that relies on the blockchain technology to let data owners grant, access and rectify their consents in a decentralized peer-to-peer fashion, while guaranteeing consensual agreement of data owners and companies on the status of the relevant consents at any time. Although blockchains let all users access all contents freely, our solution suitably exploits encryption to both guarantee the integrity of the consents, and avoid any disclosure to third parties. At the company side, our approach settles a compliance broker that works in a publish-subscribe style to assist services in controlling their compliance to GDPR while the status of consents evolves on the blockchain.

Calani, M., Denaro, G., Leporati, A. (2021). Exploiting the blockchain to guarantee GDPR compliance while consents evolve under data owners' control. In Proceedings of the Italian Conference on Cybersecurity (ITASEC 2021) (pp.331-343). CEUR-WS.

Exploiting the blockchain to guarantee GDPR compliance while consents evolve under data owners' control

Denaro, G;Leporati, A
2021

Abstract

The last 20 years have seen increasingly wide spread of online services, including the advent of social media, and therefore increasingly massive sharing of personal data between users and companies, thus underscoring the importance of protecting the privacy of any involved personal data and avoid abuses. In 2018 the General Data Protection Regulation (GDPR) came into force, committing companies to comply with lawful rules that stress their role and responsibilities in protecting the privacy of the legal persons that share personal data with them. In this paper we address the crucial challenges that companies face to achieve compliance with GDPR, and specifically to i) let data owners full visibility and control on the consents related to their own personal data, and ii) design services that can cope with consents that may change or be revoked dynamically. We propose a solution that relies on the blockchain technology to let data owners grant, access and rectify their consents in a decentralized peer-to-peer fashion, while guaranteeing consensual agreement of data owners and companies on the status of the relevant consents at any time. Although blockchains let all users access all contents freely, our solution suitably exploits encryption to both guarantee the integrity of the consents, and avoid any disclosure to third parties. At the company side, our approach settles a compliance broker that works in a publish-subscribe style to assist services in controlling their compliance to GDPR while the status of consents evolves on the blockchain.
No
paper
Scientifica
Blockchain; Consents; GDPR; Privacy;
English
5th Italian Conference on Cybersecurity, ITASEC 2021
Calani, M., Denaro, G., Leporati, A. (2021). Exploiting the blockchain to guarantee GDPR compliance while consents evolve under data owners' control. In Proceedings of the Italian Conference on Cybersecurity (ITASEC 2021) (pp.331-343). CEUR-WS.
Calani, M; Denaro, G; Leporati, A
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/10281/328337
Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
Social impact