Decentralized data processing: personal data stores and the GDPR

Janssen, Heleen; Cobbe, Jennifer; Norval, Chris; Singh, Jatinder

doi:10.1093/idpl/ipaa016

Cited by 22 publications

(30 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, blockchain technology in general might have trouble complying with new disclosure laws (i.e., GDPR and CCPA) and something like 'privacy by design' could be necessary. Making use of UX and interface design theories (as outlined in the Users' section) could also aid firms in this task [41].…”

Section: Interpretation Of Resultsmentioning

confidence: 99%

“…Since the decentralization of the blockchain ledger offers protection for Users, it is difficult to negotiate this protection with the necessary information needed to keep the Firms accountable. One possible way forward is to create personal data stores for consumers that could be accessed in an investigation [41]. There are still issues with this idea such as the inability to access this data due to multiple entities being involved, yet it could be studied as a model to prompt the sorting out of what information needs to be on the blockchain and who is responsible for its retention.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Betraying Blockchain: Accountability, Transparency and Document Standards for Non-Fungible Tokens (NFTs)

Cornelius

2021

Information

View full text Add to dashboard Cite

Transparency and accountability are important aspects to any technological endeavor and are popular topics of research as many everyday items have become ‘smart’ and interact with user data on a regular basis. Recent technologies such as blockchain tout these traits through the design of their infrastructure and their ability as recordkeeping mechanisms. This project analyzes and compares records produced by non-fungible tokens (NFTs), an increasingly popular blockchain application for recording and trading digital assets, and compares them to ‘document standards,’ an interdisciplinary method of contract law, diplomatics, document/interface theory, and evidentiary proof, to see if they live up to the bar that has been set by a body of literature concerned with authentic documents. Through a close reading of the current policies on transparency (i.e., CCPA, GDPR), compliance and recordkeeping (i.e., FCPA, SOX, UETA), and the consideration of blockchain records as user-facing interfaces, this study draws the conclusion that without an effort to design these records with these various concerns in mind and from the perspectives of all three stakeholders (Users, Firms, and Regulators), any transparency will only be illusory and could serve the opposite purpose for bad actors if not resolved.

show abstract

Section: Interpretation Of Resultsmentioning

confidence: 99%

mentioning

confidence: 99%

Betraying Blockchain: Accountability, Transparency and Document Standards for Non-Fungible Tokens (NFTs)

Cornelius

2021

Information

View full text Add to dashboard Cite

show abstract

“…Their purported goal is to empower individuals with regards to their personal data (Abiteboul et al, 2015;EDPS, 2016;IAPP, 2019;Royal Society, 2019;Janssen et al, 2020a). Given the discourse around how data is currently being extracted and used, the concept is growing in prominence in the research and commercial space (Janssen et al, 2020b), as well as gaining policy attention (European Commission, 2020).…”

Section: Definitionmentioning

confidence: 99%

“…where user data are transferred to the third party). Instead, such mechanisms enable the third-party's desired computation, analytics, or other processing to be brought to the user's data (typically residing within a physical or virtual user-centric PIMS device), with only the results of that processing returned to the third-party (Janssen et al, 2020a). This (as with other forms of processing) occurs in line with a user's agreement, and only over certain data, as determined by the user.…”

Section: Key Functionalitymentioning

confidence: 99%

Personal Information Management Systems

Janssen¹,

Singh²

2022

Internet Policy Review

Self Cite

View full text Add to dashboard Cite

show abstract

“…The legal consequence of this phenomenon, in the light of the European Court of Justice's jurisprudence, is that end-users and IoT vendors (including manufacturers and service providers) are likely to be held jointly responsible for the processing of personal data by smart devices. Yet, it is unclear how the responsibilities should be allocated in practice to duly reflect their respective control, calling into question whether and how domestic data controllers should be treated differently from commercial controllers, given their weaker position in the market and their lack of necessary skills and resources to manage cybersecurity effectively (Urquhart and Chen, 2020;Janssen et al, 2020). This also raises the question as to how IoT businesses can support end-users to fulfil their data protection duties and to prevent cybersecurity threats, which may arguably form part of those businesses' accountability duty.…”

Section: The Role Of Iot Vendors and The Barriers They Are Facingmentioning

confidence: 99%