Towards Building GDPR-Friendly Consent Management Systems on Top of Self-Sovereign Identity Ecosystems
| dc.contributor.author | Schramm, Julia | |
| dc.contributor.author | Eichinger, Tobias | |
| dc.contributor.editor | Roßnagel, Heiko | |
| dc.contributor.editor | Schunck, Christian H. | |
| dc.contributor.editor | Sousa, Filipe | |
| dc.date.accessioned | 2024-06-07T08:59:58Z | |
| dc.date.available | 2024-06-07T08:59:58Z | |
| dc.date.issued | 2024 | |
| dc.description.abstract | Consent is a legal basis that legitimizes the processing of personal data under the General Data Protection Regulation (GDPR). Implementing consent management systems in a GDPR-compliant fashion has proven difficult. A major pain point of current implementations is that users only have insufficient means to prove that they withdrew consent. Controllers can, therefore, plausibly deny having received a notification of consent withdrawal and it is thus at their discretion to continue the processing of personal data against the user’s will. As a remedy, it has been proposed to log consent withdrawal events in blockchains to make them non-repudiable by controllers. This approach is typically at odds with the GDPR’s fundamental principle of Storage Limitation. The issue is that a consent withdrawal event has to permit identification of the user who submitted it, yet only until the controller has received it. However, if they are logged in a blockchain, identification is possible indefinitely, as blockchains are append-only databases that do not facilitate deletion. In the paper at hand, we alleviate this issue and present work in progress on a consent management system in which users (i) give consent by issuing a verifiable credential to a controller and (ii) withdraw consent by revoking it. These two functions are natively provided in Self-Sovereign Identity (SSI) ecosystems. | en |
| dc.identifier.doi | 10.18420/OID2024_08 | |
| dc.identifier.isbn | 978-3-88579-744-9 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/44107 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Open Identity Summit 2024 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-350 | |
| dc.subject | Consent Management System | |
| dc.subject | User-centric | |
| dc.subject | Self-Sovereign Identity | |
| dc.subject | GDPR | |
| dc.subject | Identity Management System | |
| dc.subject | Storage Limitation | |
| dc.title | Towards Building GDPR-Friendly Consent Management Systems on Top of Self-Sovereign Identity Ecosystems | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 102 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 93 | |
| gi.conference.date | 20.-21. June 2024 | |
| gi.conference.location | Porto, Portugal | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1