Developing GDPR Compliant Apps for the Edge

Lodge, Tom; Crabtree, Andy; Brown, Anthony

doi:10.1007/978-3-030-00305-0_22

Cited by 9 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As previously explained in Section 2.2, access to resources in Solid depends on authentication and authorization protocols. Access can be granted by data subjects when they start using a new application, through an authorization dialogue, such as the example provided in Figure 2 20 , or can be pre-set in the Pod in advance, such as the example provided in Figure 3 21 . Both options can take various forms, depending on the technical access control mechanism that is implemented in the server where the Pod is hosted, as the servers are not obliged to implement both authorization protocols (WAC and ACP) promoted by Solid, as was previously discussed in Section 2.2, and on the interfaces used to interact and manage the data and the access grants on the Pod.…”

Section: Describing the Distinction Between Consent And Granting Acce...mentioning

confidence: 99%

See 1 more Smart Citation

`I Consent to These Terms’: A Legal and Technical Approach for Obtaining Valid Consent in Solid

Florea¹,

Esteves²

2023

Preprint

View full text Add to dashboard Cite

Personal Information Management Systems (PIMS) are acquiring a prominent role in the data economy by promoting products and services that help individuals to manage and control their online identity and thus have more control over the processing of their personal data, in line with the European strategy for data. One of the highlighted solutions in this area is Solid, a new protocol which is decentralising the storage of data, through the usage of interoperable Web standards and semantic vocabularies, to empower its users to have more control over the agents and applications that can access their data. However, to fulfil this vision and gather widespread adoption, Solid needs to be aligned with the law governing the processing of personal data in Europe, the General Data Protection Regulation (GDPR). To assist with this process, we analyse the current efforts to introduce a policy layer in the Solid ecosystem, in particular, related to the challenge of obtaining consent focusing on the GDPR. Furthermore, we investigate if, in the context of using personal data for biomedical research, consent can be expressed in advance, discuss the conditions for valid consent and how it can be obtained in this decentralised setting, namely through the matching of privacy preferences, set by the user, with requests for data and whether this can signify informed consent. Finally, we discuss the technical challenges of an implementation that caters to the previously identified legal requirements.

show abstract

Section: Describing the Distinction Between Consent And Granting Acce...mentioning

confidence: 99%

“…In what concerns the requirement that processing is lawful (Article 6 [1]), the usage of other lawful grounds for processing beyond consent [15,19] or dealing with access to special categories of personal data [20] remain up for discussion.…”

Section: Introductionmentioning

confidence: 99%

`I Consent to These Terms’: A Legal and Technical Approach for Obtaining Valid Consent in Solid

Florea¹,

Esteves²

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Lodge et al [145] provide an application environment or SDK to enable developing a GDPR [46] compliant trusted IoT application. First, they identify key challenges of building IoT applications as follows: the complexity of IoT devices with user requirements, and the collection and processing of user data according to the privacy regulations.…”

Section: F Architectural and Framework-based Approachesmentioning

confidence: 99%

Privacy in the Internet of Things: Where do We Stand? A Systematic Literature Review

Gupta¹,

Ghanavati²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…• Users having granular control over the data captured about them, and how that data is shared and used (Article 29 Data Protection Working Party 2014; Crabtree et al, 2018;Urquhart et al, 2019); • Better protecting personal data (including 'sensitive' personal data) from access by third parties, by way of the technical functionality provided (Crabtree et al, 2018;Lodge et al, 2018); • Better informed user consent, by giving more information about data processing. This may be through various means, including the device's monitoring functionality; the app's data usage specifications; platform features, such as app stores ranking and describing app data usage, requiring transparency best practices, etc.…”

Section: Purported User Benefitsmentioning

confidence: 99%

Personal information management systems: a user-centric privacy utopia?

Janssen¹,

Cobbe²,

Singh³

2020

Internet Policy Review

View full text Add to dashboard Cite

Personal information management systems (PIMS) aka personal data stores (PDSs) represent an emerging class of technology that seeks to empower individuals regarding their data. Presented as an alternative to current ' centralised' data processing approaches, whereby user data is (rather opaquely) collected and processed by organisations, PDSs provide users with technical mechanisms for aggregating and managing their own data, determining when and with whom their data is shared, and the computation that may occur over that data. Though arguments for decentralisation may be appealing, there are questions regarding the extent to which PDSs actually address data processing concerns. This paper explores these questions from the perspective of PDS users. Specifically, we focus on data protection, including how PDSs relate to rights and the legal bases for processing, as well as how PDSs affect the information asymmetries and surveillance practices inherent online. We show that, despite the purported benefits of PDSs, many of the systemic issues of online/data ecosystems remain.

show abstract

Developing GDPR Compliant Apps for the Edge

Cited by 9 publications

References 15 publications

`I Consent to These Terms’: A Legal and Technical Approach for Obtaining Valid Consent in Solid

`I Consent to These Terms’: A Legal and Technical Approach for Obtaining Valid Consent in Solid

Privacy in the Internet of Things: Where do We Stand? A Systematic Literature Review

Personal information management systems: a user-centric privacy utopia?

Contact Info

Product

Resources

About