A Smart Contract-Based Dynamic Consent Management System for Personal Data Usage under GDPR

A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.

Download Full-text

DNS-IdM: A Blockchain Identity Management System to Secure Personal Data Sharing in a Network

Applied Sciences ◽

10.3390/app9152953 ◽

2019 ◽

Vol 9 (15) ◽

pp. 2953 ◽

Cited By ~ 7

Author(s):

Jamila Alsayed Kassem ◽

Sarwar Sayeed ◽

Hector Marco-Gisbert ◽

Zeeshan Pervez ◽

Keshav Dahal

Keyword(s):

Management System ◽

Identity Management ◽

Personal Information ◽

Single Point ◽

Personal Data ◽

Third Party ◽

Security And Privacy ◽

General Data Protection Regulation ◽

Main Challenge ◽

Identity Management System

Identity management (IdM) is a method used to determine user identities. The centralized aspect of IdM introduces a serious concern with the growing value of personal information, as well as with the General Data Protection Regulation (GDPR). The problem with currently-deployed systems and their dominating approach, with identity providers (IdP) and single-point services, is that a third party is in charge of maintaining and controlling the personal data. The main challenge to manage data securely lies in trusting humans and institutes who are responsible for controlling the entire activity. Identities are not owned by the rightful owners or the user him/herself, but by the mentioned providers. With the rise of blockchain technology, self-sovereign identities are in place utilizing decentralization; unfortunately, the flaws still exist. In this research, we propose DNS-IdM, a smart contract-based identity management system that enables users to maintain their identities associated with certain attributes, accomplishing the self-sovereign concept. DNS-IdM has promising outcomes in terms of security and privacy. Due to the decentralized nature, DNS-IdM is able to avoid not only the conventional security threats, but also the limitations of the current decentralized identity management systems.

Download Full-text

A Survey and a Case-Study Regarding Social Media Security and Privacy on Greek Future IT Professionals

International Journal of Human Capital and Information Technology Professionals ◽

10.4018/ijhcitp.2019010102 ◽

2019 ◽

Vol 10 (1) ◽

pp. 22-37 ◽

Cited By ~ 1

Author(s):

Venetis Kanakaris ◽

Georgios Lampropoulos ◽

Kerstin Siakas

Keyword(s):

Social Media ◽

Negative Impact ◽

Personal Information ◽

Personal Data ◽

Security And Privacy ◽

It Professionals ◽

Online Questionnaire ◽

Social Media Platforms ◽

Use Of Social Media

Nowadays, social media and social networks are increasingly used in business as they have drastically changed the way the community works, communicates, collaborates, socialises, creates content and shares knowledge and ideas. However, in particular, IT professionals and practitioners need to be aware of online security and privacy issues and the potential negative impact that they may cause on different aspects of business, such as online breaches or information theft. The use of social media inevitably leads to disclosure of personal information, with the use of open-source intelligence (OSINT) and other similar techniques. Hence, the aim of this article is twofold, namely first to show results of a survey towards future Greek IT practitioners regarding awareness and viewpoints of social media users concerning security and privacy on social media. More specifically the study was based on responses and viewpoints of 178 Greek electrical engineering and IT students to an online questionnaire. Secondly, the aim is also to show how easily a potential malicious user can anonymously track and retrieve sensitive personal information in an automated and undetectable way from popular social media platforms by using publicly available information, resources, and tools. The results of the survey show that most of the respondents are aware of the privacy settings of the social media platforms they use. However, they consider that they should be more careful concerning personal data and whom they add as friends or followers and they do not feel comfortable with the fact that a stranger might be able to access their personal information through their publications on social media platforms.The case study indicates that it is possible for malicious users to acquire sensitive personal data (e.g. user's location via tweets and instas from smartphones). In addition, the ability to map activity could allow malicious users to track the activities of unsuspected users and predict their future locations.

Download Full-text

Impact of Social Networking Sites on Human Basic Privacy Rights

Global Multimedia Review ◽

10.31703/gmmr.2020(iii-i).02 ◽

2020 ◽

Vol III (I) ◽

pp. 11-18

Author(s):

Javeria Nazeer ◽

Muhammad Farooq

Keyword(s):

Social Networking ◽

Social Networking Sites ◽

Personal Information ◽

Personal Data ◽

Real Problem ◽

Survey Questionnaire ◽

Privacy Rights ◽

Private Data ◽

The Family ◽

Strongly Agree

In recent era, Social networking sites (SNSs) have become an important source of communication and also became a matter of interest for researchers in several disciplines such as communications, technology and sociology. These Social networking sites including Facebook, Twitter etc. often reveal private data through the enclosure of public profiles, photographs, videos and messages send to the family, friends and general public. As it was not possible to conduct a survey in complete population, therefore sample of 250 respondents (50% males & 50% females) was selected from different universities and colleges of Lahore, city of Pakistan. In the process of survey, questionnaire technique has been used to obtain the quantitative data. The findings revealed that Social Networking Sites significantly violate the human basic privacy rights. Majority of the respondents were of the view that privacy rights are harmed by SNSs. 10.4% respondents were strongly disagreeing about the statement that Facebook privacy is a real problem, 18.0% were disagree, 20.4% were neutral about the problem while 38.4% said they are agreed and 12.8% were strongly agree. The results also suggested that social networking sites leak personal data and also become a reason for disclosure of personal information.

Download Full-text

Impact of Social Networking Sites on Human Basic Privacy Rights

Global Digital & Print Media Review ◽

10.31703/gdpmr.2018(i-i).03 ◽

2018 ◽

Vol I (I) ◽

pp. 26-31

Author(s):

Javeria Nazeer ◽

Muhammad Farooq

Keyword(s):

Social Networking ◽

Social Networking Sites ◽

Personal Information ◽

Personal Data ◽

Social Networking Site ◽

Real Problem ◽

Privacy Rights ◽

Privacy And Security ◽

Strongly Agree ◽

The Impact

In recent era, Social networking sites (SNSs) have become an important source of communication and also became a matter of interest for researchers in several disciplines such as communications, technology and sociology. As SNSs are spreading rapidly, new issues regarding privacy and security are also raising. These Social networking sites including Facebook, Twitter etc. often reveal private data through the enclosure of public profiles, photographs, videos and messages send to the family, friends and general public. That is why the researcher is concerned to investigate the impact of Social networking sites (SNSs) on human basic privacy rights. As it was not possible to conduct a survey in complete population, therefore sample of 250 respondents (50% males & 50% females) was selected from different universities and colleges of Lahore, city of Pakistan. In the process of survey, questionnaire technique has been used to obtain the quantitative data. The findings revealed that Social Networking Sites significantly violate the human basic privacy rights. Majority of the respondents were of the view that privacy rights are harmed by SNSs. 10.4% respondents were strongly disagreeing about the statement that Facebook privacy is a real problem, 18.0% were disagree, 20.4% were neutral about the problem while 38.4% said they are agreed and 12.8% were strongly agree. The results also suggested that social networking sites leak personal data and also become a reason for disclosure of personal information. Hence, it is necessary when a user involves in the Social networking site he/she should be aware and vigilant of the privacy and security risks.

Download Full-text

Identity, Credibility, and Trust in Social Networking Sites

Social Network Engineering for Secure Web Data and Services ◽

10.4018/978-1-4666-3926-3.ch002 ◽

2013 ◽

pp. 5-31 ◽

Cited By ~ 2

Author(s):

Stefania Manca ◽

Maria Ranieri

Keyword(s):

Social Studies ◽

Social Networking ◽

Social Networking Sites ◽

Personal Information ◽

Personal Data ◽

Security And Privacy ◽

Privacy And Security ◽

Privacy Threats ◽

Digital Environments

Over recent years, the notions of identity, credibility and trust in digital contexts have been gaining renewed interest from scholars in different fields (from social studies to engineering and computer science), especially for their consequences for privacy and security. Emerging and urgent questions are: What does the management of online personal data entail? How much personal information are we entitled to share with others? What measures do people usually adopt to protect their identity and privacy? Are they always aware of the risks they may run? What consequences may emerge in the long term if cautions are ignored? These are some of the questions that should be addressed by users, experts and scholars engaged with digital environments, especially social networking sites. This chapter focuses on these issues trying to provide a wide overview of the current literature on identity, credibility and trust, and their implications for privacy and security, from the perspective of social and behavioral sciences. Some measures provided by experts on how to protect against the most common security and privacy threats are also outlined.

Download Full-text

Privacy-aware blockchain for personal data sharing and tracking

Open Computer Science ◽

10.1515/comp-2019-0005 ◽

2019 ◽

Vol 9 (1) ◽

pp. 80-91 ◽

Cited By ~ 5

Author(s):

Md Mehedi Hassan Onik ◽

Chul-Soo Kim ◽

Nam-Yong Lee ◽

Jinhong Yang

Keyword(s):

Information Management ◽

Data Sharing ◽

Management System ◽

Personal Information ◽

Personal Data ◽

Information Management System ◽

Data Movement ◽

General Data Protection Regulation ◽

Blockchain Technology ◽

Personally Identifiable Information

AbstractSecure data distribution is critical for data accountability. Surveillance caused privacy breaching incidents have already questioned existing personal data collection techniques. Organizations assemble a huge amount of personally identifiable information (PII) for data-driven market analysis and prediction. However, the limitation of data tracking tools restricts the detection of exact data breaching points. Blockchain technology, an ‘immutable’ distributed ledger, can be leveraged to establish a transparent data auditing platform. However, Art. 42 and Art. 25 of general data protection regulation (GDPR) demands ‘right to forget’ and ‘right to erase’ of personal information, which goes against the immutability of blockchain technology. This paper proposes a GDPR complied decentralized and trusted PII sharing and tracking scheme. Proposed blockchain based personally identifiable information management system (BcPIIMS) demonstrates data movement among GDPR entities (user, controller and processor). Considering GDPR limitations, BcPIIMS used off-the-chain data storing architecture. A prototype was created to validate the proposed architecture using multichain. The use of off-the-chain storage reduces individual block size. Additionally, private blockchain also limits personal data leaking by collecting fast approval from restricted peers. This study presents personal data sharing, deleting, modifying and tracking features to verify the privacy of proposed blockchain based personally identifiable information management system.

Download Full-text

Architecture of Combined E-Learning Environment and Investigation of Secure Access and Privacy Protection

Censorship, Surveillance, and Privacy ◽

10.4018/978-1-5225-7113-1.ch065 ◽

2019 ◽

pp. 1347-1365

Author(s):

Radi Petrov Romansky ◽

Irina Stancheva Noninska

Keyword(s):

Information Security ◽

Learning Environment ◽

Privacy Protection ◽

Personal Information ◽

Personal Data ◽

Security And Privacy ◽

Digital World ◽

Secure Access ◽

E Learning ◽

Network Communications

The contemporary digital world based on network communications, globalization and information sharing outlines new important targets in the area of privacy and personal data protection which reflect to applied principles of secure access to proposed information structures. In this reason the aim of secure access to all resources of an e-learning environment is very important and adequate technological and organizational measures for authentication, authorization and protection of personal data must be applied. Strong security procedures should be proposed to protect user's profiles, designed after successful registration and all personal information collected by educational processes. The goal of this article is to present an idea to combine traditional e-learning technologies with new opportunities that give mobile applications, cloud services and social computing. These technologies can endanger data security since they make possible remote access to resources, sharing information between participants by network communications. In order to avoid data vulnerabilities users must be identified and authenticated before, i.e. to be allowed to access information resources otherwise integrity and confidentiality of e-learning system could be destroyed. In order to propose solution basic principles of information security and privacy protection in e-learning processes are discussed in this article. As a result, an organizational scheme of a system for information security and privacy is proposed. Based on these principles a graph formalization of access to the system resources is made and architecture for combined (heterogenic) e-learning architecture with secure access to the resources is designed. Analytical investigation based on designed Markov chain has been carried out and several statistical assessments delivered by Develve software are discussed.

Download Full-text

Data Breaches - Staying safe online in 21st Century

International Journal for Modern Trends in Science and Technology - RTT2020 ◽

10.46501/ijmtst0702023 ◽

2021 ◽

pp. 133-139

Keyword(s):

Data Privacy ◽

Personal Information ◽

Personal Data ◽

Cyber Attacks ◽

Security And Privacy ◽

Personal Health ◽

Online Data ◽

Health Records ◽

Travel Information ◽

Data Breaches

A breach of data is a reported occurrence where private, sensitive, or covered records have been compromised and/or released unlawfully mostly due to cyber attacks or theft. Breach of data can include personal health records, personal information, travel information, trade secrets, intellectual property, or information you provided to or is stored on a platform. Data revealed to breaches pose a security and privacy risk to Users around the world. Despite these, guidelines on how organizations can react to breaches, or how to manage information securely once it has leaked, still haveto be established. More than 3 billion people suffered and became victims of data breaches and cyber attacks in the last two decades leading to loss of personal data as well as monetary loss. This research paper conducts real time research about awareness of data privacy, kind of data/information that needs to be protected, basic protocols for staying safe online, and some of the biggest corporate data breaches that happened in this century. We bring people from different cities of India in this study through a survey and use the data provided by these 150 participants to examine their understanding of data privacy, their concern regarding their online data and the practices they follow in their daily life to keep their online data safe in this age of computers and internet.

Download Full-text