Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Secure Semi-Automated GDPR Compliance Service with Restrictive Fine-grained Access Control

Hashem Eiza, M, Thong Ta, V, Shi, Q and Cao, Y (2024) Secure Semi-Automated GDPR Compliance Service with Restrictive Fine-grained Access Control. Security and Privacy. ISSN 2475-6725

[img]
Preview
Text
Security and Privacy - 2024 - Hashem Eiza - Secure semi‐automated GDPR compliance service with restrictive fine‐grained.pdf - Published Version
Available under License Creative Commons Attribution.

Download (3MB) | Preview

Abstract

Sharing personal data with service providers is a contentious issue that led to the birth of data regulations such as the EU General Data Protection Regulation (GDPR) and similar laws in the US. Complying with these regulations is a must for service providers. For users, this compliance assures them that their data is handled the way the service provider says it will be via their privacy policy. Auditing service providers’ compliance is usually carried out by specific authorities when there is a need to do so (e.g., data breach). Nonetheless, these irregular compliance checks could lead to non-compliant actions being undetected for long periods. Users need an improved way to make sure their data is managed properly, giving them the ability to control and enforce detailed, restricted access to their data, in line with the policies set by the service provider. This work addresses these issues by providing a secure semi-automated GDPR compliance service for both users and service providers using smart contracts and attribute-based encryption with accountability. Privacy policies will be automatically checked for compliance before a service commences. Users can then upload their personal data with restrictive access controls extracted from the approved privacy policy. Operations’ logs on the personal data during its full lifecycle will be immutably recorded and regularly checked for compliance to ensure the privacy policy is adhered to at all times. Evaluation results, using a real-world organisation policy and example logs, show that the proposed service achieves these goals with low time overhead and high throughput.

Item Type: Article
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Computer Science & Mathematics
Publisher: Wiley
SWORD Depositor: A Symplectic
Date Deposited: 07 Aug 2024 15:23
Last Modified: 21 Aug 2024 09:30
DOI or ID number: 10.1002/spy2.451
URI: https://researchonline.ljmu.ac.uk/id/eprint/23888
View Item View Item