Articles producció científica> Enginyeria Informàtica i Matemàtiques

Blockchain-based access control system for efficient and GDPR-compliant personal data management

  • Dades identificatives

    Identificador: imarina:9366526
    Autors:
    Daudén-Esmel, CCastellà-Roca, JViejo, A
    Resum:
    New digital technologies generate large amounts of information. This data is processed by Service Providers in order to improve and develop new services and products, but also to fund themselves. However, processing personal data may result in the extraction of sensitive information, which, in turn, may lead to jeopardizing the users' privacy. To mitigate this significant risk, the European Parliament and Council of the European Union elaborated the General Data Protection Regulation (GDPR). This regulation forces Service Providers to obtain Data Subjects' explicit consent prior to collecting and processing their personal data. Nevertheless, the GDPR's legislative text does not define how Service Providers must transparently demonstrate that they already have these consents. Moreover, most individuals do not know the rights they have over their personal data, neither does this regulation provide them with efficient methods to be aware of what third parties are doing with such data. In order to address this situation, we propose a lightweight blockchain-based GDPR-compliant personal data management platform. The new solution provides public access to immutable evidences that reflect the reached agreements between Data Subjects and Service Providers. In this way, Service Providers can effectively demonstrate that they are fulfilling the regulation, and Data Subjects are able to control and manage their personal data according to their legitimate rights. We have implemented the new system, and we have performed a detailed study which includes: GDPR-compliance, provided functionality, security and privacy issues, and the cost in terms of gas and US dollars of the different operations to be run on the blockchain.
  • Altres:

    Autor segons l'article: Daudén-Esmel, C; Castellà-Roca, J; Viejo, A
    Departament: Enginyeria Informàtica i Matemàtiques
    Autor/s de la URV: Castellà Roca, Jordi / Dauden Esmel, Cristofol / Viejo Galicia, Luis Alexandre
    Paraules clau: Smart contracts Privacy Personal data management General data protection regulation (gdpr)
    Resum: New digital technologies generate large amounts of information. This data is processed by Service Providers in order to improve and develop new services and products, but also to fund themselves. However, processing personal data may result in the extraction of sensitive information, which, in turn, may lead to jeopardizing the users' privacy. To mitigate this significant risk, the European Parliament and Council of the European Union elaborated the General Data Protection Regulation (GDPR). This regulation forces Service Providers to obtain Data Subjects' explicit consent prior to collecting and processing their personal data. Nevertheless, the GDPR's legislative text does not define how Service Providers must transparently demonstrate that they already have these consents. Moreover, most individuals do not know the rights they have over their personal data, neither does this regulation provide them with efficient methods to be aware of what third parties are doing with such data. In order to address this situation, we propose a lightweight blockchain-based GDPR-compliant personal data management platform. The new solution provides public access to immutable evidences that reflect the reached agreements between Data Subjects and Service Providers. In this way, Service Providers can effectively demonstrate that they are fulfilling the regulation, and Data Subjects are able to control and manage their personal data according to their legitimate rights. We have implemented the new system, and we have performed a detailed study which includes: GDPR-compliance, provided functionality, security and privacy issues, and the cost in terms of gas and US dollars of the different operations to be run on the blockchain.
    Àrees temàtiques: Telecommunications Interdisciplinar Engineering, electrical & electronic Engenharias iv Engenharias iii Computer science, software, graphics, programming Computer science, software engineering Computer science, information systems Computer science, hardware & architecture Computer networks and communications Ciências biológicas i Ciências ambientais Ciência da computação
    Accès a la llicència d'ús: https://creativecommons.org/licenses/by/3.0/es/
    Adreça de correu electrònic de l'autor: cristofol.dauden@urv.cat cristofol.dauden@urv.cat jordi.castella@urv.cat alexandre.viejo@urv.cat
    Identificador de l'autor: 0000-0002-0037-9888 0000-0003-2342-5100
    Data d'alta del registre: 2024-08-03
    Versió de l'article dipositat: info:eu-repo/semantics/publishedVersion
    Enllaç font original: https://www.sciencedirect.com/science/article/pii/S0140366423004140
    URL Document de llicència: https://repositori.urv.cat/ca/proteccio-de-dades/
    Referència a l'article segons font original: Computer Communications. 214 67-87
    Referència de l'ítem segons les normes APA: Daudén-Esmel, C; Castellà-Roca, J; Viejo, A (2024). Blockchain-based access control system for efficient and GDPR-compliant personal data management. Computer Communications, 214(), 67-87. DOI: 10.1016/j.comcom.2023.11.017
    DOI de l'article: 10.1016/j.comcom.2023.11.017
    Entitat: Universitat Rovira i Virgili
    Any de publicació de la revista: 2024
    Tipus de publicació: Journal Publications
  • Paraules clau:

    Computer Networks and Communications,Computer Science, Hardware & Architecture,Computer Science, Information Systems,Computer Science, Software Engineering,Computer Science, Software, Graphics, Programming,Engineering, Electrical & Electronic,Telecommunications
    Smart contracts
    Privacy
    Personal data management
    General data protection regulation (gdpr)
    Telecommunications
    Interdisciplinar
    Engineering, electrical & electronic
    Engenharias iv
    Engenharias iii
    Computer science, software, graphics, programming
    Computer science, software engineering
    Computer science, information systems
    Computer science, hardware & architecture
    Computer networks and communications
    Ciências biológicas i
    Ciências ambientais
    Ciência da computação
  • Documents:

  • Cerca a google

    Search to google scholar