Transparent Personal Data Processing: The Road Ahead

@inproceedings{Bonatti2017TransparentPD,
  title={Transparent Personal Data Processing: The Road Ahead},
  author={Piero A. Bonatti and S. Kirrane and Axel Polleres and Rigo Wenning},
  booktitle={SAFECOMP Workshops},
  year={2017}
}
The European General Data Protection Regulation defines a set of obligations for personal data controllers and processors. Primary obligations include: obtaining explicit consent from the data subject for the processing of personal data, providing full transparency with respect to the processing, and enabling data rectification and erasure (albeit only in certain circumstances). At the core of any transparency architecture is the logging of events in relation to the processing and sharing of… 
The SPECIAL-K Personal Data Processing Transparency and Compliance Platform
TLDR
The Linked Data ontologies and vocabularies developed within the SPECIAL EU H2020 project are presented, which can be used to represent data usage policies and data processing and sharing events, including the consent provided by the data subject and subsequent changes to or revocation of said consent.
Greater Control and Transparency in Personal Data Processing
TLDR
This position paper assesses the level of control, transparency and compliance offered by three different approaches (i.e., defacto standard, SPECIAL, Solid), and proposes a layered decentralised architecture based on combining SPECIAL and Solid.
ePubWU Institutional Repository
TLDR
How the SPECIAL consent and compliance framework can be integrated into Linked Widgets, a mashup platform, in order to support privacy-aware ad-hoc integration of personal data and show the potential of the approach for ex-ante usage policy compliance checking within the Linkedwidgets Platforms and beyond.
Semantic Technology based Usage Control for Decentralized Systems
TLDR
This research proposal addresses the challenges related to the specification of usage control policies, the enforcement of the respective policies, and the usability of the tools that are used to administer them.
User consent modeling for ensuring transparency and compliance in smart cities
TLDR
An extension of SPECIAL is created in terms of a core CPSS vocabulary that lowers the semantic gap between the domain agnostic terms of SPECIAL and the vocabulary of the use case, and a workflow is proposed that supports defining domain-specific vocabularies for complex CPSSs.
TR-Model. A Metadata Profile Application for Personal Data Transparency
TLDR
The results indicate that the TR-Model was effective in supporting the production of friendly, understandable and relevant Transparency for data subjects, in compliance with regulations like GDPR.
Transparent Logging with Hyperledger Fabric
TLDR
This work employs blockchains as a basic building block to increase transparency with respect to personal data handling and by giving the customer access to the private blockchain the customer’s trust in the enterprise is increased.
A Scalable Consent, Transparency and Compliance Architecture
TLDR
The SPECIAL consent, transparency and compliance system is presented, to afford data subjects more control over personal data processing and sharing, while at the same time enabling data controllers and processors to comply with consent and transparency obligations mandated by the European General Data Protection Regulation.
D 4 . 2 Report on Encryption-Based Techniques and Policy Enforcement
TLDR
The advanced encryption-based techniques developed in MOSAICrOWN are described, in particular, the application of an All-Or-Nothing Transform encryption mode, combined with fragmentation and slicing, for protecting data in storage, while ensuring resilience to failures, and strong protection even in case of key leakage.
A Provenance Model for the European Union General Data Protection Regulation
TLDR
This paper analyzes the GDPR text to explicitly identify a set of central challenges for GDPR compliance for which data provenance is applicable; aData provenance model is introduced for representing GDPR workflows; and design patterns are presented that demonstrate how dataprovenance can be used realistically to help in verifyingGDPR compliance.
...
...

References

SHOWING 1-10 OF 20 REFERENCES
Enhancing Transparency with Distributed Privacy-Preserving Logging
TLDR
Transparency of data processing is often a requirement for compliance to legislation and/or business requirements, but should be limited to the users involved in order to minimise the leakage of sensitive business information and privacy of the employees performing the data processing.
Enabling privacy through transparency
TLDR
A user study is conducted on a healthcare data application built using PETS to see if transparency on access and usage data satisfies expectations of user privacy.
Distributed privacy-preserving transparency logging
TLDR
This work presents a transparency-enhancing tool in the form of a cryptographic scheme that enables data processors to inform users about the actual data processing that takes place on their personal data, and is the first to formalise the required security and privacy properties in this setting in a general manner.
Secure and Privacy-Friendly Logging for eGovernment Services
TLDR
This paper presents a scheme for building a logging- trail for processes related to eGovernment services, which is privacy-friendly in the sense that only the authorised subject, i.e. the citizen, can link the different log entries related to one specific process.
Decentralizing Privacy: Using Blockchain to Protect Personal Data
TLDR
A decentralized personal data management system that ensures users own and control their data is described, and a protocol that turns a block chain into an automated access-control manager that does not require trust in a third party is implemented.
On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems
TLDR
This work develops protocols to address inner privacy based on secure logging that accounts for the capacity limitations of resource-poor devices in dynamic systems, as it allows for the remote storage of log data, while fulfilling its security guarantees.
Policy-based secure deletion
TLDR
A general cryptographic model for policy-based secure deletion of data in storage systems, whose security relies on the proper erasure of cryptographic keys, and a prototype implementation of a Linux filesystem with policy- based secure deletion is described.
Interledger: Creating a Standard for Payments
TLDR
This presentation presents a browser polyfill of one of the prosed payment APIs and will walk the audience through the goals of the WG and vision of how payments will work on the Web in the future, and introduces the Interledger Protocol (ILP), a new neutral payments protocol being incubated in the interledger Payments Community Group.
An algebra for composing access control policies
TLDR
An algebra of security policies together with its formal semantics is proposed and how to formulate complex policies in the algebra is illustrated, which provides the basis for the implementation of the algebra.
SDOS: Using Trusted Platform Modules for Secure Cryptographic Deletion in the Swift Object Store
TLDR
This Demo presents a working prototype for a cloud storage service that offers cryptographic deletion with the following two main contributions: A key-management mechanism that enables cryptographic deletion an on large volume of data, and integration with Trusted Platform Modules (TPM) for securing master keys.
...
...