A formal model for blockchain-based consent management in data sharing

Consent is one of six legal bases for personal data processing mentioned in the General Data Protection Regulation (GDPR). The GDPR is a privacy law giving European Union (EU) citizens authority over personal data. It enforces software systems to collect, analyze, and share only necessary informatio...

Full description

Saved in:
Bibliographic Details
Published inJournal of logical and algebraic methods in programming Vol. 134; p. 100886
Main Authors Peyrone, Neda, Wichadakul, Duangdao
Format Journal Article
LanguageEnglish
Published Elsevier Inc 01.08.2023
Subjects
Consent management
Data protection
Event-B
GDPR
Privacy by design
Smart contracts
Event-B
Privacy by design
Consent management
Smart contracts
Data protection
GDPR
Online AccessGet full text

Cover

More Information
Summary:Consent is one of six legal bases for personal data processing mentioned in the General Data Protection Regulation (GDPR). The GDPR is a privacy law giving European Union (EU) citizens authority over personal data. It enforces software systems to collect, analyze, and share only necessary information (‘data minimization’) following the specific purpose (‘consent’). The GDPR defines consent as permission of individuals (‘data subjects’) to give organizations (‘data controllers’) processing their personal data. Without a data subject's consent, the data controller processes personal data unlawfully. Therefore, consent management is an essential component of a software system to build data subjects' trust and engagement. However, sharing data can lead to a potential loss of control over personal data, as data are across boundaries between software services. One of the significant risks is caused by a lack of developers' experience in data protection practices. Hence, in this paper, we propose to use blockchain technology to manage data subjects' informed consent for data sharing to build trust, transparency, and traceability to share data across software services. We formalized the semantics of smart contracts to extend the blockchain features to validate the consent authorization and manage the request-response interaction between the services. Furthermore, we used the Event-B method to describe the dynamic behavior of the proposed model and prove its correctness. Finally, we provided a mapping from the formal model to a smart contract class diagram and a prototype called SmartDataTrust implemented with solidity and Python REST API that developers can easily utilize.
ISSN:2352-2208
DOI:10.1016/j.jlamp.2023.100886