SSI is Here to Support the Rights of Data Subjects

The General Data Protection Regulation (GDPR) provides data subjects with several rights ranging from data access to the erasure of personal data. Data subjects who want to use their rights must pose subject access requests (SARs) to the controllers. The practice has shown that controllers often do...

Full description

Saved in:
Bibliographic Details
Published inProceedings of the International Conference on Business Intelligence and Financial Engineering pp. 133 - 138
Main Author Petrlic, Ronald
Format Conference Proceeding
LanguageEnglish
Published IEEE 11.10.2024
Subjects
Distance measurement
General Data Protection Regulation
Process control
Security
Self-Sovereign Identity
Subject Access Requests
Online AccessGet full text

Cover

More Information
Summary:The General Data Protection Regulation (GDPR) provides data subjects with several rights ranging from data access to the erasure of personal data. Data subjects who want to use their rights must pose subject access requests (SARs) to the controllers. The practice has shown that controllers often do not properly authenticate subjects during requests, leading to potential disclosures of personal data to the wrong people. We propose an approach that provides strong security for SAR processes to prevent unwanted data leaks. The approach is also user-friendly, minimizing the hassles for users when posing SARs. We are the first to propose to use the Self-Sovereign Identity (SSI) paradigm for SARs.
ISSN:2472-8527
DOI:10.1109/ICEBE62490.2024.00029