Transparent Personal Data Processing: The Road Ahead

• Published in: Computer Safety, Reliability, and Security Vol. 10489; pp. 337 - 349
• Main Authors: Bonatti, Piero, Kirrane, Sabrina, Polleres, Axel, Wenning, Rigo
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2017; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Blockchain; General Data Protection Regulation (GDPR); Subject Data; Transparent Architecture; Trusted Third Party (TTP)
• ISBN: 331966283X; 9783319662831
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-66284-8_28

The European General Data Protection Regulation defines a set of obligations for personal data controllers and processors. Primary obligations include: obtaining explicit consent from the data subject for the processing of personal data, providing full transparency with respect to the processing, and enabling data rectification and erasure (albeit only in certain circumstances). At the core of any transparency architecture is the logging of events in relation to the processing and sharing of personal data. The logs should enable verification that data processors abide by the access and usage control policies that have been associated with the data based on the data subject’s consent and the applicable regulations. In this position paper, we: (i) identify the requirements that need to be satisfied by such a transparency architecture, (ii) examine the suitability of existing logging mechanisms in light of said requirements, and (iii) present a number of open challenges and opportunities.