Sharing personal data with service providers is a fundamental resource for the times we live in. But data sharing represents an unavoidable issue, due to improper data treatment, lack of users' awareness to whom they are sharing with, wrong or excessive data sharing from end users who ignore they are exposing personal information. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided the General Data Protection Regulation (GDPR), in order to implement protection of sensitive data in each EU member, throughout certification mechanisms (according to Art. 42 GDPR). The certification assures compliance to the regulation, which represent a mandatory requirement for any service which may come in contact with sensitive data. Still the certification is an open process and not constrained by strict rule. In this paper we describe our decentralized approach in sharing personal data in the era of smart devices, being those considered sensitive data as well. Having in mind the centrality of users in the ownership of the data, we have proposed a decentralized Personal Data Store prototype, which stands as a unique data sharing endpoint for third party services. Even if blockchain technologies may seem fit to solve the issue of data protection, because of the absence of a central authority, they lay to additional concerns especially relating such technologies with specifications described in the regulation. The current work offers a contribution in the advancements of personal data sharing management systems in a distributed environment by presenting a real prototype and an architectural blueprint, which advances the state of the art in order to meet the GDPR regulation. Address those arisen issues, from a technological perspective, stands as an important challenge, in order to empower end users in owning their personal data for real.
[1]
Moni Naor,et al.
Post-Quantum Cryptography
,
2017,
Lecture Notes in Computer Science.
[2]
Christian Wirth,et al.
Privacy by BlockChain Design: A BlockChain-enabled GDPR-compliant Approach for Handling Personal Data
,
2018
.
[3]
Ravikiran Vatrapu,et al.
Blockchain-based Personal Health Data Sharing System Using Cloud Storage
,
2018,
2018 IEEE 20th International Conference on e-Health Networking, Applications and Services (Healthcom).
[4]
Aiko Pras,et al.
Inside dropbox: understanding personal cloud storage services
,
2012,
Internet Measurement Conference.
[5]
George Kousiouris,et al.
Smart Contracts and Smart Disclosure: Coding a GDPR Compliance Framework
,
2019,
Legal Tech, Smart Contracts and Blockchain.
[6]
Tom Kirkham,et al.
A personal data store for an Internet of Subjects
,
2011,
International Conference on Information Society (i-Society 2011).
[7]
Jacques Bus,et al.
Personal Data Management - A Structured Discussion
,
2013
.
[8]
Deborah Estrin,et al.
Personal data vaults: a locus of control for personal data streams
,
2010,
CoNEXT.
[9]
E. Giangreco,et al.
Make Users Own Their Data: A Decentralized Personal Data Store Prototype Based on Ethereum and IPFS
,
2018,
2018 3rd International Conference on Smart and Sustainable Technologies (SpliTech).