I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data
Jesus, Vitor and Mustare, Shweta (2019) I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data. In: 16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, August 26 - 29, 2019, Linz, Austria.
![[thumbnail of conference paper]](https://www.open-access.bcu.ac.uk/style/images/fileicons/text.png "conference paper") |
Text (conference paper)
consent - camera.pdf - Accepted Version Restricted to Repository staff only Download (793kB) |
Preview |
Text
consent - camera.pdf Download (793kB) |
Abstract
Privacy in online collection of personal data is currently a much debated topic considering, amongst other reasons, the incidents with well known digital organisations, such as social networks and, in Europe, the recent EU/GDPR regulation. Among other required practices, explicit and simply worded consent from individuals must be obtained before collecting and using personal information. Further, individuals must also be given detailed information about what, how and what for data is collected. Consent is typically obtained at the collection point and, at a single point in time (ignoring updates), associated with Privacy Policies or End-User Agreements. At any moment, both the user and the organization should be able to produce evidence of this consent. This proof should not be disputable which leads us to strong cryptographic properties.
The problem we discuss is how to robustly demonstrate such consent was given. We adapt fair-exchange protocols to this particular problem and, upon an exchange of personal data, we are able to produce a cryptographic receipt of acceptance that any party can use to prove consent and elicit non-repudiation. We discuss two broad strategies: a pure peerto-peer scheme and the use of a Trusted Third Party.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Dates: | Date Event 26 May 2019 Accepted 2 August 2019 Published Online |
| Uncontrolled Keywords: | Privacy, fair exchange, consent |
| Subjects: | CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science CAH11 - computing > CAH11-01 - computing > CAH11-01-03 - information systems |
| Divisions: | Faculty of Computing, Engineering and the Built Environment > College of Computing |
| Depositing User: | Vitor Jesus |
| Date Deposited: | 22 Jun 2019 05:36 |
| Last Modified: | 22 Mar 2023 12:01 |
| URI: | https://www.open-access.bcu.ac.uk/id/eprint/7619 |
Actions (login required)
 |
View Item |
Tools
Tools
