Designing the GDPR Compliant Consent Procedure for Personal Information Collection in the IoT Environment

Lee, Goo Yeon; Jin, Kyung; Kim, Hwa Jong

doi:10.1109/iciot.2019.00025

Cited by 12 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The GDPR-based consent provides a legal basis for processing personal data. Both types of consent are based on the individual's fundamental right to privacy and autonomy as guaranteed in the European Convention of Human Rights (Article 8) (Breen et al, 2020;Lee et al, 2019).…”

Section: Different Types Of Consentmentioning

confidence: 99%

Older people and the smart city – Developing inclusive practices to protect and serve a vulnerable population

Tupasela¹,

Clavijo²,

Salokannel³

et al. 2023

Internet Policy Review

View full text Add to dashboard Cite

show abstract

Section: Different Types Of Consentmentioning

confidence: 99%

Older people and the smart city – Developing inclusive practices to protect and serve a vulnerable population

Tupasela¹,

Clavijo²,

Salokannel³

et al. 2023

Internet Policy Review

View full text Add to dashboard Cite

show abstract

“…Such control comprised of tracking data flow between IoT devices and other systems, and informing owners about accesses made to IoT devices for user data. In [27], the authors presented an efficient method to obtain user consent during collection of personal data from IoT devices. The method was GDPR compliant in terms of protection of personal data as well.…”

Section: Literature Reviewmentioning

confidence: 99%

GDPR Compliance Verification in Internet of Things

Barati¹,

Rana²,

Petri³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Data privacy in Internet of Things (IoT) applications remains a major concern of regulation bodies. The introduction of the European General Data Protection Regulation (GDPR) enables users to control how their data is accessed and processed, requiring consent from users before any data manipulation is carried out on their (personal) data by smart devices or cloud-hosted services. Blockchains provide the benefits of a distributed and immutable ledger recording digital transactions across a global network of peer nodes. Blockchain support for tracking of operations carried out by an IoT-based system provides greater confidence to a user that the IoT device is not infringing user privacy (as the Blockchain can be audited to verify which operation was carried out, by which actor). A formal model (following the privacy-bydesign approach) is proposed for supporting GDPR compliance checking for smart devices. The privacy requirements of such applications are related to GDPR obligations of device (and software systems) operators (such as user consent, data protection, right to forget etc). Three smart contracts are proposed as a practical solution to support automated verification of operations carried out by devices on user data, in accordance with GDPR rules. We evaluate the performance and scalability costs of our approach using a Blockchain test network.INDEX TERMS Blockchain-based auditing, business processes, general data protection regulation, Internet of Things, user privacy.

show abstract

“…Several solutions have been proposed aiming at empowering data owners while giving them -complete-control over their collected and processed personal data. These solutions mainly investigate the mechanisms that help setting-up an informed consent between the data owner and data controllers/processors, for the different provided applications/services (Laurent, 2019;Lee et al, 2019;Morel et al, 2019;Rantos et al, 2019). Morel et al (2019) proposed a framework for gathering data owners consents in IoT environments.…”

Section: Related Workmentioning

confidence: 99%

ID-Based User-Centric Data Usage Auditing Scheme for Distributed Environments

2020

View full text Add to dashboard Cite

Recent years have witnessed the trend of increasingly relying on remote and distributed infrastructures, mainly owned and managed by third parties. This increased the number of reported incidents of security breaches compromising users' personal data, where involved entities may massively collect and process massive amounts of such data. Toward these challenges, this paper combines hierarchical Identity Based Cryptographic (IBC) mechanisms with emerging blockchain technologies and introduces a blockchain-based data usage auditing architecture ensuring availability and accountability in a personal data-preserving fashion. The proposed approach relies on smart auditable contracts deployed in blockchain infrastructures. Thus, it offers transparent and controlled data access, sharing and processing, so that unauthorized entities cannot process data without data subjects' consent. Moreover, thanks to the usage of hierarchical ID-based encryption and signature schemes, the proposed solution protects and ensures the confidentiality of users' personal data shared with multiple data controllers and processors. It also provides auditing capacities with tamper-proof evidences for data usage compliance, supported by the intrinsic properties of the blockchain technology.

show abstract

Designing the GDPR Compliant Consent Procedure for Personal Information Collection in the IoT Environment

Cited by 12 publications

References 3 publications

Older people and the smart city – Developing inclusive practices to protect and serve a vulnerable population

Older people and the smart city – Developing inclusive practices to protect and serve a vulnerable population

GDPR Compliance Verification in Internet of Things

ID-Based User-Centric Data Usage Auditing Scheme for Distributed Environments

Contact Info

Product

Resources

About