Assessing the Solid Protocol in Relation to Security and Privacy Obligations

Abstract: The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analysing the relevant legislation, with an emphasis on GDPR and officially approved documents such as codes of conduct and relevant security ISO standards, we formulate the primary security and pr… Show more

“…Pandit analyzed this technology in terms of the actors involved, according to existing standards related to cloud technology, in order to identify GDPR issues that are still applicable in decentralized settings, such as the transparency of information, purpose limitation and exercising of data subject's rights [25]. Esposito et al also provide a theoretical analysis of security and privacy measures to comply with the GDPR's principles of confidentiality and data minimization and to safeguard the data subjects' rights of notification, to object and to not be subjected to automated decision-making [26]. Other researchers have been focused on adding a legally compatible policy layer to Solid as a tool to express consent and determine access [27,28] and usage control [29] to data stored in Pods and on using the Verifiable Credential model to have an attribute-based access control mechanism [30].…”

Is Automated Consent in Solid GDPR-Compliant? An Approach for Obtaining Valid Consent with the Solid Protocol

“…Pandit analyzed this technology in terms of the actors involved, according to existing standards related to cloud technology, in order to identify GDPR issues that are still applicable in decentralized settings, such as the transparency of information, purpose limitation and exercising of data subject's rights [25]. Esposito et al also provide a theoretical analysis of security and privacy measures to comply with the GDPR's principles of confidentiality and data minimization and to safeguard the data subjects' rights of notification, to object and to not be subjected to automated decision-making [26]. Other researchers have been focused on adding a legally compatible policy layer to Solid as a tool to express consent and determine access [27,28] and usage control [29] to data stored in Pods and on using the Verifiable Credential model to have an attribute-based access control mechanism [30].…”

Is Automated Consent in Solid GDPR-Compliant? An Approach for Obtaining Valid Consent with the Solid Protocol

Anonymous Credentials and Self-Sovereign Identity - An Initial Assessment

Biometrics Data Space: Ensuring Trustworthy and Secure Data Exchange for Suspect Identification