I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data

Jesus, Vitor and Mustare, Shweta (2019) I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data. In: 16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, August 26 - 29, 2019, Linz, Austria.

[img] Text (conference paper)
consent - camera.pdf - Accepted Version
Restricted to Repository staff only

Download (793kB)
consent - camera.pdf

Download (793kB)


Privacy in online collection of personal data is currently a much debated topic considering, amongst other reasons, the incidents with well known digital organisations, such as social networks and, in Europe, the recent EU/GDPR regulation. Among other required practices, explicit and simply worded consent from individuals must be obtained before collecting and using personal information. Further, individuals must also be given detailed information about what, how and what for data is collected. Consent is typically obtained at the collection point and, at a single point in time (ignoring updates), associated with Privacy Policies or End-User Agreements. At any moment, both the user and the organization should be able to produce evidence of this consent. This proof should not be disputable which leads us to strong cryptographic properties.

The problem we discuss is how to robustly demonstrate such consent was given. We adapt fair-exchange protocols to this particular problem and, upon an exchange of personal data, we are able to produce a cryptographic receipt of acceptance that any party can use to prove consent and elicit non-repudiation. We discuss two broad strategies: a pure peerto-peer scheme and the use of a Trusted Third Party.

Item Type: Conference or Workshop Item (Paper)
26 May 2019Accepted
2 August 2019Published Online
Uncontrolled Keywords: Privacy, fair exchange, consent
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
CAH11 - computing > CAH11-01 - computing > CAH11-01-03 - information systems
Divisions: Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Vitor Jesus
Date Deposited: 22 Jun 2019 05:36
Last Modified: 22 Mar 2023 12:01
URI: https://www.open-access.bcu.ac.uk/id/eprint/7619

Actions (login required)

View Item View Item


In this section...