Encoding of security properties for transparent consent data processing

Document Type

Conference Article

Publication Title

2023 IEEE Guwahati Subsection Conference, GCON 2023

Abstract

User consent is a pervasive challenge over the digital platform. After the introduction of the framework such as GDPR and the Indian Digital Personal Data Protection Bill (DPDPB-2022, Draft), consent becomes indispensable. As per DPDPB, it is the data fiduciary responsibility to obtain the user's consent before data collection and data processing. The existing techniques of consent processing are not transparent and adhere to data protection goals. Data fiduciaries may misuse the collected data for purposes other than specified in the consent. Therefore, a robust model is necessary to achieve the framework's consent processing objective. In this paper, we have described that encoding of requisite security and privacy properties will ascertain stronger consent compliance. We formalize these properties as Proofs of Consent (PoC) and categorized them into three layers. The acquisition of a higher layer will minimize adversarial risks and ascertain greater transparency. Based on this, we have proposed a model shielded consent manager (SCM) using blockchain state channel and other cryptographic primitives for retrieval of consent to grant permissions to access Android resources. SCM include parameters as per the framework, satisfies the security properties such as integrity of consent, non-deniability by users, auditability of logs in data processing, and provides finer visualization of user's consents. The simulation of the contract is done using solidity, truffle and ganache test network, and the feasibility of practical implementation is analyzed to show the efficacy of the model.

DOI

10.1109/GCON58516.2023.10183463

Publication Date

1-1-2023

This document is currently not available here.

Share

COinS