privacyTracker: A Privacy-by-Design GDPR-Compliant Framework with Verifiable Data Traceability Controls

Breach or lack of online privacy has become almost a commonplace of today’s digital age, mainly due to the inability of either enforcing privacy requirements or imposing strict sanctions against violations. The current state of affairs in data privacy is at a turning point for companies operating in EU state members as the enforcement of the General Data Protection Regulation (GDPR) empowers users with control over their personal data, including regulating its disclosure, withdrawing disclosure consent at any given time and tracking their data trail. Compliance with the GDPR is mandatory and it requires signifiant amendments and/or restructuring of data processing routines undertaken by enterprises. Currently, there is no framework to support the GDPR principles. This paper proposes privacyTracker, a GDPR-compliant framework that supports basic GDPR principles including data traceability and allowing a user to get a cryptographically verifiable snapshot of his/her data trail.

[1]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[2]  Shouhuai Xu,et al.  A roadmap for privacy-enhanced secure data provenance , 2014, Journal of Intelligent Information Systems.

[3]  Haralambos Mouratidis,et al.  Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts , 2014, Comput. Stand. Interfaces.

[4]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[5]  K. Harald Gjermundrød,et al.  A conceptual framework for configurable privacy-awareness in a citizen-centric eGovernment , 2015, Electron. Gov. an Int. J..

[6]  John Leubsdorf,et al.  Privacy and Freedom , 1968 .

[7]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).