Abstract
The value of personal data generated and managed by smart devices which comprise the Internet of Things (IoT) is unquestionable. The EU General Data Protection Regulation (GDPR) that has been recently put in force, sets the cornerstones regarding the collection and processing of personal data, for the benefit of Data Subjects and Controllers. However, applying this regulation to the IoT ecosystem is not a trivial task. This paper proposes ADvoCATE, a user-centric solution that allows data subjects to easily control consents regarding access to their personal data in the IoT ecosystem and exercise their rights defined by GDPR. It also assists Data Controllers and Processors to meet GDPR requirements. A blockchain infrastructure ensures the integrity of personal data processing consents, while the quality thereof is evaluated by an intelligence service. Finally, we present some preliminary details of a partial implementation of the proposed framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The regulation defines additional lawful bases for personal data processing that do not require users’ consents, such as for the protection of data subjects’ vital interests. These are out of the scope of ADvoCATE as they do not require user interaction.
- 2.
- 3.
- 4.
References
Bartolini, C., Muthuri, R., Santos, C.: Using ontologies to model data protection requirements in workflows. In: Otake, M., Kurahashi, S., Ota, Y., Satoh, K., Bekki, D. (eds.) New Frontiers in Artificial Intelligence, vol. 10091, pp. 233–248. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-50953-2_17
Buterin, V.: A next-generation smart contract and decentralized application platform (n.d.). https://github.com/ethereum/wiki/wiki/White-Paper. Accessed 02 Oct 2018
Cha, S.C., Chen, J.F., Su, C., Yeh, K.H.: A blockchain connected gateway for BLE-based devices in the Internet of Things. IEEE Access PP(99), 1–1 (2018). https://doi.org/10.1109/ACCESS.2018.2799942
Cha, S.C., Tsai, T.Y., Peng, W.C., Huang, T.C., Hsu, T.Y.: Privacy-aware and blockchain connected gateways for users to access legacy IoT devices. In: 2017 IEEE 6th Global Conference on Consumer Electronics (GCCE), pp. 1–3, October 2017. https://doi.org/10.1109/GCCE.2017.8229327
Conoscenti, M., Vetrò, A., Martin, J.C.D.: Blockchain for the Internet of Things: a systematic literature review. In: 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), pp. 1–6, November 2016. https://doi.org/10.1109/AICCSA.2016.7945805
Copigneaux, B.: Semi-autonomous, context-aware, agent using behaviour modelling and reputation systems to authorize data operation in the Internet of Things. In: 2014 IEEE World Forum on Internet of Things (WF-IoT), pp. 411–416, March 2014. https://doi.org/10.1109/WF-IoT.2014.6803201
Demertzis, K., Iliadis, L.S., Anezakis, V.D.: An innovative soft computing system for smart energy grids cybersecurity. Adv. Build. Energy Res. 12(1), 3–24 (2018). https://doi.org/10.1080/17512549.2017.1325401
Eckert, K., Meilicke, C., Stuckenschmidt, H.: Improving ontology matching using meta-level learning. In: Aroyo, L., et al. (eds.) ESWC 2009. LNCS, vol. 5554, pp. 158–172. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02121-3_15
EnCoRe Project: Ensuring consent and revocation (2010). www.hpl.hp.com/breweb/encoreproject/. Accessed 02 Oct 2018
European Parliament and Council: Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union (Apr 2016), http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679
Fortinet Inc.: Fortinet reveals “Internet of Things: connected home” survey results (2014). https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2014/internet-of-things.html. Accessed 02 Oct 2018
IERC: European Research Cluster on the Internet of Things, Internet of Things: IoT governance, privacy and security issues (2015). http://www.internet-of-things-research.eu/pdf/IERC_Position_Paper_IoT_Governance_Privacy_Security_Final.pdf. Accessed 02 Oct 2018
Kleinaki, A.S., Mytis-Gkometh, P., Drosatos, G., Efraimidis, P.S., Kaldoudi, E.: A blockchain-based notarization service for biomedical knowledge retrieval. Comput. Struct. Biotechnol. J. 16, 288–297 (2018). https://doi.org/10.1016/j.csbj.2018.08.002
Musolesi, M.: UPRISE-IoT: User-centric PRIvacy & Security in IoT (2017). http://gtr.rcuk.ac.uk/projects?ref=EP%2FP016278%2F1. Accessed 02 Oct 2018
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf. Accessed 02 Oct 2018
Nugent, T., Upton, D., Cimpoesu, M.: Improving data transparency in clinical trials using blockchain smart contracts. F1000Research 5, 2541 (2016). https://doi.org/10.12688/f1000research.9756.1
O’Connor, Y., Rowan, W., Lynch, L., Heavin, C.: Privacy by design: informed consent and internet of things for smart health. Procedia Comput. Sci. 113, 653–658 (2017). https://doi.org/10.1016/j.procs.2017.08.329
Otero-Cerdeira, L., Rodríguez-Martínez, F.J., Gómez-Rodríguez, A.: Ontology matching. Expert Syst. Appl. 42(2), 949–971 (2015). https://doi.org/10.1016/j.eswa.2014.08.032
Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A.: Blockchain-based consents management for personal data processing in the IoT ecosystem. In: 15th International Conference on Security and Cryptography (SECRYPT 2018), part of ICETE, pp. 572–577. SciTePress, Porto (2018). https://doi.org/10.5220/0006911005720577
Russell, B., Garlat, C., Lingenfelter, D.: Security guidance for early adopters of the Internet of Things (IoT). White paper, Cloud Security Alliance, April 2015
Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015). https://doi.org/10.1016/j.comnet.2014.11.008
Stankovic, J.A.: Research directions for the Internet of Things. IEEE Internet Things J. 1(1), 3–9 (2014). https://doi.org/10.1109/JIOT.2014.2312291
Shih, Y.-Y., Liu, D.-R.: Hybrid recommendation approaches: collaborative filtering via valuable content information, p. 217b. IEEE (2005). https://doi.org/10.1109/HICSS.2005.302
Yang, Z., Wu, B., Zheng, K., Wang, X., Lei, L.: A survey of collaborative filtering-based recommender systems for mobile internet applications. IEEE Access 4, 3273–3287 (2016). https://doi.org/10.1109/ACCESS.2016.2573314
Yli-Huumo, J., Ko, D., Choi, S., Park, S., Smolander, K.: Where is current research on blockchain technology?—A systematic review. PLoS ONE 11(10), e0163477 (2016). https://doi.org/10.1371/journal.pone.0163477
Zhang, Z.K., Cho, M.C.Y., Wang, C.W., Hsu, C.W., Chen, C.K., Shieh, S.: IoT security: ongoing challenges and research opportunities. In: 7th International Conference on Service-Oriented Computing and Applications, pp. 230–234. IEEE, November 2014. https://doi.org/10.1109/SOCA.2014.58
Zhu, X., Ghahramani, Z., Lafferty, J.: Semi-supervised learning using Gaussian fields and harmonic functions. In: IN ICML, pp. 912–919 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., Kritsas, A. (2019). ADvoCATE: A Consent Management Platform for Personal Data Processing in the IoT Using Blockchain Technology. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)