Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Extensible Consent Management Architectures for Data Trusts (2309.16789v1)

Published 28 Sep 2023 in cs.CY

Abstract: Sensitive personal information of individuals and non-personal information of organizations or communities often needs to be legitimately exchanged among different stakeholders, to provide services, maintain public health, law and order, and so on. While such exchanges are necessary, they also impose enormous privacy and security challenges. Data protection laws like GDPR for personal data and Indian Non-personal data protection draft specify conditions and the \textit{legal capacity} in which personal and non-personal information can be solicited and disseminated further. But there is a dearth of formalisms for specifying legal capacities and jurisdictional boundaries, so that open-ended exchange of such data can be implemented. This paper proposes an extensible framework for consent management in Data Trusts in which data can flow across a network through "role tunnels" established based on corresponding legal capacities.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (32)
  1. Digital personal data protection act, 2023. https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf.
  2. Integrity management in a trusted utilitarian data exchange platform. In OTM Confederated International Conferences" On the Move to Meaningful Internet Systems", pages 623–638. Springer, 2014.
  3. Dynamic consent management for clinical trials via private blockchain technology. Journal of ambient intelligence and humanized computing, 11(11):4909–4926, 2020.
  4. Trbac: A temporal role-based access control model. ACM Transactions on Information and System Security (TISSEC), 4(3):191–233, 2001.
  5. A method for verifiable and validatable business process modeling. In Advances in Software Engineering, pages 59–115. Springer, 2008.
  6. Dendro: collaborative research data management built on linked open data. In European Semantic Web Conference, pages 483–487. Springer, 2014.
  7. A decision model for data sharing. In International conference on electronic government, pages 253–264. Springer, 2014.
  8. European Parliament and Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council, 2018. https://data.europa.eu/eli/reg/2016/679/oj.
  9. Collaborative and secure sharing of healthcare data in multi-clouds. Information Systems, 48:132–150, 2015.
  10. Blockchain for consent management in the ehealth environment: A nugget for privacy and security challenges. Journal of the International Society for Telemedicine and eHealth, 5:GKR–e24, 2017.
  11. Kris Gopalakrishnan and Committee. Non personal data protection bill, 2020. https://ourgovdotin.files.wordpress.com/2020/07/kris-gopalakrishnan-committee-report-on-non-personal-data-governance-framework.pdf.
  12. Exploiting hierarchical identity-based encryption for access control to pervasive computing information. In First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM’05), pages 384–396. IEEE, 2005.
  13. Benefits, adoption barriers and myths of open data and open government. Information systems management, 29(4):258–268, 2012.
  14. Access control mechanisms for inter-organizational workflow. In Proceedings of the sixth ACM symposium on Access control models and technologies, pages 66–74, 2001.
  15. Charles A Kunzinger. Integrated system for network layer security and fine-grained identity-based access control, January 10 2006. US Patent 6,986,061.
  16. The disclosure of diagnosis codes can breach research participants’ privacy. Journal of the American Medical Informatics Association, 17(3):322–327, 2010.
  17. Bradley Malin. A computational model to protect patient data from location-based re-identification. Artificial intelligence in medicine, 40(3):223–239, 2007.
  18. Identifiability in biobanks: models, measures, and mitigation strategies. Human genetics, 130(3):383, 2011.
  19. Bridging the contradictions of open data. In Proceedings 13th European Conference on eGovernment, Como, Italy, pages 329–336, 2013.
  20. Reconciling contradictions of open data regarding transparency, privacy, security and trust. Journal of theoretical and applied electronic commerce research, 9(3):32–44, 2014.
  21. Joon S Park. Role-based access control to computing resources in an inter-organizational community, September 19 2017. US Patent 9,769,177.
  22. Advocate: a consent management platform for personal data processing in the iot using blockchain technology. In International Conference on Security for Information Technology and Communications, pages 300–313. Springer, 2019.
  23. Datagraft: One-stop-shop for open data management. Semantic Web, 9(4):393–411, 2018.
  24. Access control: Policies, models, and mechanisms. In International School on Foundations of Security Analysis and Design, pages 137–196. Springer, 2000.
  25. The nist model for role-based access control: towards a unified standard. In ACM workshop on Role-based access control, volume 10, 2000.
  26. Role-based access control models. Computer, 29(2):38–47, 1996.
  27. The crisis of consent: How stronger legal protection may lead to weaker consent in data protection. Ethics and Information Technology, 16(2):171–182, 2014.
  28. Conceptual modelling of web information systems. Data & knowledge engineering, 54(2):147–188, 2005.
  29. Swapnil Shrivastava and TK Srikanth. A comprehensive consent management system for electronic health records in the healthcare ecosystem. In Information Security and Privacy in Smart Devices: Tools, Methods, and Applications, pages 194–233. IGI Global, 2023.
  30. Characterizing utilitarian aggregation of open knowledge. In Proceedings of the 1st IKDD Conference on Data Sciences, pages 1–11, 2014.
  31. Roshan K Thomas. Team-based access control (tmac) a primitive for applying role-based access controls in collaborative environments. In Proceedings of the second ACM workshop on Role-based access control, pages 13–19, 1997.
  32. Ac2m: An automated consent management model for blockchain financial services platform. In 2021 IEEE International Conference on Smart Data Services (SMDS), pages 33–41. IEEE, 2021.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now