Consent Management Architecture for Secure Data Transactions

Hyysalo, Jarkko; Hirvonsalo, Harri; Sauvola, J.; Tuoriniemi, Samuli

doi:10.5220/0005941301250132

Cited by 6 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A few studies (4 out of 23) implemented and tested their designs. Four studies piloted their eHealth technologies in different forms including in a real-world environment [18], a proof of concept [23], a field study [15], and an integration into an existing system [28].…”

Section: Operationalizationmentioning

confidence: 99%

See 1 more Smart Citation

GDPR and Systems for Health Behavior Change: A Systematic Review

Agyei

Oinas-Kukkonen

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

eHealth systems for behavior change need to cope with a wide variety of privacy requirements specified by governmental and other regulations. We conducted a systematic review of scientific articles. Analysis of the articles revealed General Data Protection Regulation (GDPR) compliant eHealth technologies, challenges posed by GDPR as well as early solutions for them. In addition, we highlight key GDPR issues to be considered when designing persuasive technologies.

show abstract

Section: Operationalizationmentioning

confidence: 99%

“…Evaluation of the eHealth technologies were based on the values specified [30]. Two studies assessed the impact on system stakeholders [23][18] , while another evaluated the accuracy of a deep learning model that underpinned their privacy policy extraction system [15].…”

Section: Summative Evaluationmentioning

confidence: 99%

GDPR and Systems for Health Behavior Change: A Systematic Review

Agyei

Oinas-Kukkonen

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Thus, it must be ensured that the patient's privacy is preserved according to the consent policy of the patient. For this purpose, design principles of an e-consent system in healthcare are presented in [29] and a consent-based authorization architecture for health services is proposed in [30]. In [31], an informed consent-based access model is proposed to share drug information that is stored in electronic health records in Norway.…”

mentioning

confidence: 99%

DICON: A Domain-Independent Consent Management for Personal Data Protection

Olca

Can

2022

IEEE Access

View full text Add to dashboard Cite

The development of technology accelerated the digital transformation of information systems. As a consequence of this digitization, data became available at any time and in any place. However, despite this ease of data accessibility, persons' privacy concerns and threats to data privacy have emerged. Thus, serious privacy problems arise while collecting, storing, accessing, sharing, and archiving personal data. Consent management aims to prevent these problems by preserving privacy and protecting personal data. Hence, there are international treaties and legal regulations for personal data protection which state that consent is required to collect, store, manage and share personal data. In this study, a Semantic Web-based personal consent management model is proposed to protect personal data privacy. The proposed model is domain-independent and aims to control and manage the consent of a person. In order to provide the privacy protection of personal data, the proposed model allows individuals to establish their privacy preferences by determining who can access their personal information, for what purposes, and under what circumstances. For this purpose, a group of ontology is created to ensure the informed consent process. The proposed consent management model is generic. As similar to general personal information, personal health information is also sensitive and must be protected from data leakage. Therefore, the proposed generic model is implemented with Semantic Web technologies and demonstrated for the healthcare domain. 16 17 users. In [2], consent management is stated as one of the most 50 important concepts in the Future Internet. Furthermore, it is 51 stated that the Future Internet is going to see a lot of lawsuits 52 that deal with what service a person has consented to, what 53 scope that consent had, and how the service has evolved after 54 the consent was given. Therefore, obtaining the consent of 55 the user and managing the process of this consent is very 56 important for the security and privacy of personal data.57 The consent information needs to be maintained and shared 58 by multiple parties such as the data subject, the data con-59 troller, data processor, and data protection authorities [3]. 60 Hence, the consent information needs to be represented 61 in a meaningful way to provide interoperability between 62 these parties. Also, users must be able to create, revoke 63 and update their consents. Consequently, an efficient consent 64 management system has inevitable importance to preserve 65 user privacy. For this purpose, a domain-independent consent 66 management model for preserving personal data privacy is 67 proposed in this study. The proposed consent management 68 model is based on the Semantic Web which is an extension 69 of the current web. In the Semantic Web, information is 70 given in a well-defined meaning to represent information 71 more meaningfully for both humans and computers [4]. Thus, 72 the Semantic Web provides interoperability which is the 73 ability to exchange informa...

show abstract

“…For other aspects of research consent management, Hyysalo et al [66] proposed Consent Management Architecture (CMA) which provides authorization context of different data sources for securing access to health services following the strategy and principles of MyData [67,68]. The CMA was designed to fill the gap in the following requirements: 1) data subjects own the right to control their personal data, 2) data should be easily accessible and usable, 3) there should be a means to transform business entities exposed to a useful resource as new services that are identified via URIs, 4) the infrastructure shall provide personal data sharing and guarantee that personal data can be shared safely between public and private organizations comply with the GDPR, and 5) data subjects can switch service providers.…”

Section: Formalizing Privacy Preferences Rulesmentioning

confidence: 99%

“…On the other hand, the rest of the studies focused on conceptual and architectural frameworks rather than logical ones, which makes it difficult to build software systems based on these frameworks; more than half of the studies considered GDPR as part of software design [63,64,66,70,72,74,83], but it is still unclear which GDPR articles they covered. Furthermore, studies have separated into two groups: centralized and distributed systems; most of the studies proposed frameworks based on distributed systems (e.g., microservices, blockchain).…”

Section: Intelligent Recommendation Mechanism (Ireme) Offers Suggestionsmentioning

confidence: 99%

Formal models for consent management in healthcare software system development

Peyrone

View full text Add to dashboard Cite

In the era of data-driven opportunities, many businesses are missing the data-privacy challenge, which leads to risks in safeguarding their customers' data. To empower individuals (data subjects) to control their data, the General Data Protection Regulation (GDPR) mandated businesses or organizations (data controllers) to protect individuals' data (personal data) within data protection law. Nevertheless, many businesses still struggle to enhance and develop their software systems to comply with the GDPR because it is difficult to interpret and apply to software development practices. Besides, the processing of personal data begins when the data subject provides explicit consent to the data controller, which makes consent management (CM) essential for conducting the personal data lifecycle. This thesis aims to fill this gap by proposing formal models and translating them into class diagrams for consent management in centralized systems and data sharing in distributed systems as guidelines for software engineers. Moreover, the proposed models have been verified and described behavior using the Event-B method.

show abstract

Consent Management Architecture for Secure Data Transactions

Cited by 6 publications

References 18 publications

GDPR and Systems for Health Behavior Change: A Systematic Review

GDPR and Systems for Health Behavior Change: A Systematic Review

DICON: A Domain-Independent Consent Management for Personal Data Protection

Formal models for consent management in healthcare software system development

Contact Info

Product

Resources

About