A Decentralized Personal Data Store based on Ethereum: Towards GDPR Compliance

Sharing personal data with service providers is a fundamental resource for the times we live in. But data sharing represents an unavoidable issue, due to improper data treatment, lack of users' awareness to whom they are sharing with, wrong or excessive data sharing from end users who ignore they are exposing personal information. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided the General Data Protection Regulation (GDPR), in order to implement protection of sensitive data in each EU member, throughout certification mechanisms (according to Art. 42 GDPR). The certification assures compliance to the regulation, which represent a mandatory requirement for any service which may come in contact with sensitive data. Still the certification is an open process and not constrained by strict rule. In this paper we describe our decentralized approach in sharing personal data in the era of smart devices, being those considered sensitive data as well. Having in mind the centrality of users in the ownership of the data, we have proposed a decentralized Personal Data Store prototype, which stands as a unique data sharing endpoint for third party services. Even if blockchain technologies may seem fit to solve the issue of data protection, because of the absence of a central authority, they lay to additional concerns especially relating such technologies with specifications described in the regulation. The current work offers a contribution in the advancements of personal data sharing management systems in a distributed environment by presenting a real prototype and an architectural blueprint, which advances the state of the art in order to meet the GDPR regulation. Address those arisen issues, from a technological perspective, stands as an important challenge, in order to empower end users in owning their personal data for real.

Download Full-text

Smart-devices in Human Behavior Manipula-tion: Process diagram with exploratory assessment

International Journal of Engineering, Science and Information Technology ◽

10.52088/ijesty.v1i3.88 ◽

2021 ◽

Vol 1 (3) ◽

pp. 54-58

Author(s):

Md. Mojibur Rahman Redoy Akanda ◽

Md. Alamgir Hossain

Keyword(s):

Human Behavior ◽

Health Management ◽

Human Life ◽

Personal Data ◽

Third Party ◽

Smart Devices ◽

Smart Device ◽

Sensitive Data ◽

Care Health ◽

Using Data

Smart devices have become an essential part of human life with a bunch of modern features and facilities. Even in health care, health management, education, and the science sector use intelligent devices for their convenience. With the assertion of its wellness, people forget its downside and treating smart devices as their primary need. Whereas smart devices are tracking and collecting all user movements, including interest, boredom, and daily activity. As the data remain store in vendors' servers, and lightweight smart devices follow weak security, so data leakage also makes the data available to unauthorized parties. This sensitive data uses by vendors and third-party for business and various purposes to influence and manipulate human behavior by showing content mapping to the collected data. Because of the huge involvement of the user in smart-device, marketing strategy also changed a lot. Digital marketing has been introduced and become a key to success for many businesses where a particular content/advertisement can be mapped to particular leads. The next move of a user on the internet is shaping by applying numerous strategies based on previously collected data. In the era of smart devices, our personal life and personal data are not remaining personal anymore. This paper illustrates the systematic process of collecting and using data for manipulating human behavior. The raise of human behavior manipulation has been explained and an exploratory survey is imputed to strongly support the research statement.

Download Full-text

DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽

10.3390/network1020006 ◽

2021 ◽

Vol 1 (2) ◽

pp. 75-94

Author(s):

Ed Kamya Kiyemba Edris ◽

Mahdi Aiash ◽

Jonathan Loo

Keyword(s):

Mobile Networks ◽

Service Providers ◽

Security Analysis ◽

Mobile Network ◽

End Users ◽

Third Party ◽

Control Mechanisms ◽

Security Measures ◽

Data Caching ◽

Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Download Full-text

A Safe and Resilient Cryptographic System for Dynamic Cloud Groups with Secure Data Sharing and Efficient User Revocation

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i3.2144 ◽

2021 ◽

Vol 12 (3) ◽

pp. 5164-5175

Author(s):

Prerna Agarwal Et. al.

Keyword(s):

Data Sharing ◽

Service Providers ◽

Cloud Service ◽

Data File ◽

Third Party ◽

Outsourced Data ◽

User Revocation ◽

Cryptographic System ◽

Daunting Challenge ◽

Cloud Users

A comprehensive and functional approach is built in cloud computing, which can be used by cloud users to exchange information. Cloud service providers (CSPs) can transfer through server services through powerful data centres to cloud users. Data is protected through authentication of cloud users and CSPs can have outsourced data file sharing security assurance. The continuing change in cloud users, especially unauthenticated users or third parties poses a critical problem in ensuring privacy in data sharing. The multifunctional exchange of information while protecting information and personal protection from unauthorized or other third-party users remains a daunting challenge

Download Full-text

A Data Protection Framework for Learning Analytics

Journal of Learning Analytics ◽

10.18608/jla.2016.31.6 ◽

2016 ◽

Vol 3 (1) ◽

Cited By ~ 16

Author(s):

Andrew Nicholas Cormack

Keyword(s):

Data Protection ◽

Learning Analytics ◽

Personal Data ◽

Informed Choice ◽

Ethical Framework ◽

Early Interventions ◽

Sensitive Data ◽

Analysis Pattern ◽

Open Questions ◽

Automated Processing

Most studies on the use of digital student data adopt an ethical framework derived from human-studies research, based on the informed consent of the experimental subject. However consent gives universities little guidance on the use of learning analytics as a routine part of educational provision: which purposes are legitimate and which analyses involve an unacceptable risk of harm. Obtaining consent when students join a course will not give them meaningful control over their personal data three or more years later. Relying on consent may exclude those most likely to benefit from early interventions. This paper proposes an alternative framework based on European Data Protection law. Separating the processes of analysis (pattern-finding) and intervention (pattern-matching) gives students and staff continuing protection from inadvertent harm during data analysis; students have a fully informed choice whether or not to accept individual interventions; organisations obtain clear guidance: how to conduct analysis, which analyses should not proceed, and when and how interventions should be offered. The framework provides formal support for practices that are already being adopted and helps with several open questions in learning analytics, including its application to small groups and alumni, automated processing and privacy-sensitive data.

Download Full-text

The Personal Data Protection of Internet Users in Indonesia

Journal of Southwest Jiaotong University ◽

10.35741/issn.0258-2724.56.1.23 ◽

2021 ◽

Vol 56 (1) ◽

Author(s):

Dewa Gede Sudika Mangku ◽

Ni Putu Rai Yuliartini ◽

I. Nengah Suastika ◽

I. Gusti Made Arya Suta Wirawan

Keyword(s):

Data Protection ◽

Online Community ◽

Service Providers ◽

Rapid Development ◽

Information Service ◽

Personal Data ◽

Literature Study ◽

Personal Data Protection ◽

Internet Users ◽

Specific Regulation

The emergence and rapid development of information and communication technology has brought about various opportunities and challenges. One of them is the active interaction between individuals and the digital-based information service providers. In modern economic development, related information including personal data or also known as digital dossier—the collection of large amounts of an individual’s information using digital technology—are valuable assets due to their high economic value since they are widely utilized by businesses. In this regard and due to the increasing number of cellphone and internet users, there is a need to study the issues on the importance of protecting one’s personal data. In Indonesia, there is no specific regulation regarding the protection of personal data. Therefore, it is essential to come up with specific and comprehensive legislation related to personal data protection as legal basis for better implementation of personal data protection in Indonesia in the future. The purpose of this research is to find out and analyze the current policies on protection of personal data of internet users in Indonesia. This study uses a normative juridical method with a statutory approach and utilizes literature study. The result shows that the concept of personal data protection implies that individuals have the right to determine whether one will join an online community, share or exchange personal data with another, and the conditions that must be met in order to do so. The study likewise found that the threat of personal data leakage is increasingly occurring because of the development of the e-commerce sector in Indonesia.

Download Full-text

Information sharing and privacy as a socio-technical phenomenon

TATuP Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis ◽

10.14512/tatup.28.3.68 ◽

2019 ◽

Vol 28 (3) ◽

pp. 68-71

Author(s):

Bernadette Kamleitner ◽

Mahshid Sotoudeh

Keyword(s):

Information Sharing ◽

Data Protection ◽

Personal Data ◽

Smart Devices ◽

Personal Data Protection ◽

Social Challenge ◽

The Social ◽

Wide Range ◽

Assistant Systems ◽

Share Information

The present proliferation of portable smart devices and stationary home assistant systems changes the ways in which people share information with each other. Such devices regularly have permission to switch on at any time and can collect a wide range of data in their environment. In consequence, the social challenge of personal data protection is growing and necessitates a better understanding of privacy as an interdependent phenomenon. Interview by Mahshid Sotoudeh (ITA-ÖAW).

Download Full-text

Addressing Anticompetitive Data Aggregation: a Comment to Bundeskartellamt Decision B6-22/16

Yearbook of Antitrust and Regulatory Studies ◽

10.7172/1689-9024.yars.2019.12.19.7 ◽

2019 ◽

Vol 12 (19) ◽

pp. 139-171

Author(s):

Laura Skopowska

Keyword(s):

Data Protection ◽

Mobile Applications ◽

Data Aggregation ◽

Personal Data ◽

Third Party ◽

Competition Authority ◽

German Market ◽

Dominant Position ◽

Combining Data ◽

Barrier To Entry

Data aggregation, understood as the process of gathering and combining data in order to prepare datasets that might be useful for specific business or other purposes, is not per se forbidden. However, some forms of it can be considered anticompetitive. In the Decision B6-22/16 of the German Federal Cartel Office (Bundeskartellamt) data aggregation, which included the collection of data from sources outside of Facebook’s social network (from Facebook-owned services such as WhatsApp and Instagram and from third party websites or mobile applications) and their combination with the information connected with a particular Facebook user account without that user’s consent, constituted an abuse of Facebook’s dominant position on the German market for social networks. The Bundeskartellamt found that the processing of user’s personal data by Facebook has, to some extent, been carried out in a way which infringed GDPR provisions. In the same decision, the Bundeskartellamt also identified the exclusionary nature of Facebook’s anticompetitive behaviour. According to the Bundeskartellamt, the illegal data aggregation formed a barrier to entry for Facebook’s competitors which, through compliance with data protection standards, found themselves in a worst position. Facebook, through its inappropriate data aggregation gained a competitive advantage. The Bundeskartellamt’s decision is, therefore, reflecting the anticompetitive dangers that data aggregation might pose. Nevertheless, it is debated whether the Bundeskartellamt, as a competition authority, is competent to determine the compliance or lack of compliance of business terms with the provisions of the GDPR. This paper analyzes the Bundeskartellamt’s decision as to where an anticompetitive nature of data processing has been identified, and tries to answer the question why it is problematic that it was the Bundeskartellamt and not a data protection supervisory authority that has issued such a decision.

Download Full-text

Secure Cloud Storage using Secret Key Sharing and Proxy Re-Encryption Based Third Party Auditing Service

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f7925.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 1927-1931

Keyword(s):

Research Work ◽

Personal Data ◽

Cloud Service ◽

Third Party ◽

Secret Key ◽

Sensitive Data ◽

Cloud Service Provider ◽

Security Issues ◽

Secure Cloud Storage ◽

Third Party Auditing

Cloud Computing (CC) provides an easy way to access and store the information by vast remote servers, instead of using personal computer. There is no physical control over personal data by user, hence some security issues may arise for users and organization to secure the data in cloud. The sensitive data can be hacked by attackers, so the integrity of data stored in cloud is a major concern for users. In this research work, the data integrity can be ensured by using Third Party Storage Auditing Service (TPSAS), where it satisfies all the requirements of users in cloud. The ultimate aim of this research is to avoid the unauthorized access of user’s data stored in the cloud. In this paper, two major problems are considered for attaining the integrity of data in the cloud. The first one is, the unauthorized user tries to modify the data, which is solved by the proposed TPSAS. The second problem considered in this research is, since the Cloud Service Provider (CSP) is semi trustable it can be malfunctioned at any time, which can be solved based on the secure secret key sharing algorithm and proxy re-encryption methodology. The secure secret key sharing is implemented based on the Shamir key sharing algorithm and the proxy re-encryption process is implemented based on the bear and lion proxy re-encryption methodology.

Download Full-text

Autonomia informacyjna jednostki a zgoda na przetwarzanie przez pracodawcę danych osobowych

Przegląd Sejmowy ◽

10.31268/ps.2020.80 ◽

2020 ◽

Vol 6(161) ◽

pp. 47-67

Author(s):

Karol Grzybowski

Keyword(s):

Data Protection ◽

Personal Data ◽

Self Determination ◽

Sensitive Data ◽

Personal Data Protection

By adapting the provisions of the Labour Code to EU regulations on personal data protection, the legislator has explicitly allowed employers to process personal data of employees and applicants for employment on the basis of their consent. However, the new provisions exclude the processing of data on convictions on this basis and limit the possibility of giving effective consent to the processing of sensitive data. The article attempts to analyze the solutions adopted in the context of the constitutional guarantee of informational self-determination. The author defends the thesis that the provisions of Article 221a § 1 and Article 221b § 1 of the Labour Code disproportionately interfere with an individual’s right to dispose of data concerning him or her. These provisions do not meet the criterion of the intervention’s necessity. The protective goal of the regulation, as established by the legislator, may be achieved by means of the legal instruments indicated in the article, which do not undermine the freedom aspect of the informational self-determination.

Download Full-text

5. The data protection principles

10.1093/he/9780198787556.003.0005 ◽

2017 ◽

Author(s):

Ian J. Lloyd

Keyword(s):

Data Protection ◽

Data Use ◽

Personal Data ◽

Third Party ◽

Security Measures ◽

Data Controller

This chapter focuses on the data protection principles under the Data Protection Act 1998. It considers to what extent and under what conditions a data controller may lawfully process personal data. Use may take a variety of forms and will include disclosure of data to a third party. It also looks at the operation of the principle requiring users to adopt appropriate security measures.

Download Full-text