4,855 research outputs found
A Scalable Consent, Transparency and Compliance Architecture
In this demo we present the SPECIAL consent, transparency and compliance system. The objective of the system is to afford data subjects more control over personal data processing and sharing, while at the same time enabling data controllers and processors to comply with consent and transparency obligations mandated by the European General Data Protection Regulation. A short promotional video can be found at https://purl.com/specialprivacy/demos/ESWC2018
Privacy CURE: Consent Comprehension Made Easy
Although the General Data Protection Regulation (GDPR) defines several potential legal bases for personal data processing, in many cases data controllers, even when they are located outside the European Union (EU), will need to obtain consent from EU citizens for the processing of their personal data. Unfortunately, existing approaches for obtaining consent, such as pages of text followed by an agreement/disagreement mechanism, are neither specific nor informed. In order to address this challenge, we introduce our Consent reqUest useR intErface (CURE) prototype, which is based on the GDPR requirements and the interpretation of those requirements by the Article 29 Working Party (i.e., the predecessor of the European Data Protection Board). The CURE prototype provides transparency regarding personal data processing, more control via a customization, and, based on the results of our usability evaluation, improves user comprehension with respect to what data subjects actually consent to. Although the CURE prototype is based on the GDPR requirements, it could potentially be used in other jurisdictions also
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Advanced Cloud Privacy Threat Modeling
Privacy-preservation for sensitive data has become a challenging issue in
cloud computing. Threat modeling as a part of requirements engineering in
secure software development provides a structured approach for identifying
attacks and proposing countermeasures against the exploitation of
vulnerabilities in a system . This paper describes an extension of Cloud
Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in
relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to
specify characteristics of a cloud privacy threat modeling methodology,
different steps in the proposed methodology and corresponding products. We
believe that the extended methodology facilitates the application of a
privacy-preserving cloud software development approach from requirements
engineering to design
A Blockchain-based Approach for Data Accountability and Provenance Tracking
The recent approval of the General Data Protection Regulation (GDPR) imposes
new data protection requirements on data controllers and processors with
respect to the processing of European Union (EU) residents' data. These
requirements consist of a single set of rules that have binding legal status
and should be enforced in all EU member states. In light of these requirements,
we propose in this paper the use of a blockchain-based approach to support data
accountability and provenance tracking. Our approach relies on the use of
publicly auditable contracts deployed in a blockchain that increase the
transparency with respect to the access and usage of data. We identify and
discuss three different models for our approach with different granularity and
scalability requirements where contracts can be used to encode data usage
policies and provenance tracking information in a privacy-friendly way. From
these three models we designed, implemented, and evaluated a model where
contracts are deployed by data subjects for each data controller, and a model
where subjects join contracts deployed by data controllers in case they accept
the data handling conditions. Our implementations show in practice the
feasibility and limitations of contracts for the purposes identified in this
paper
Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013
This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in todayâs online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such
Recommended from our members
LEVERAGING BLOCKCHAIN TECHNOLOGY FOR SLA ENFORCEMENT IN HEALTH CARE CLOUD PARTNERSHIPS
The healthcare industry is rapidly adopting cloud-based solutions to improve operational efficiency and patient outcomes. However, healthcare cloud partnerships often face challenges related to the lack of scalability, trust, and Service Level Agreement (SLA) enforcement, and has a notable impact on consumer care quality. To address this issue, the study proposed leveraging blockchain technology to enhance SLA enforcement by using smart contracts in health care cloud partnerships for small and medium-sized facilities. The research questions were: Q.1 What are the current challenges facing small to medium sized healthcare facilities in enforcing SLAs in cloud partnerships? Q.2 How can BC-based smart contracts helps enhance scalability in cloud computing systems in healthcare SMEs by enforcing Service Level Agreements (SLAs) in a safe and efficient manner? Q.3 What are the factors that affect the implementation of blockchain-based smart contracts for SLA enforcement in healthcare SMEs cloud partnerships? The project utilized case studies to demonstrate the effectiveness of using BC technology based smart contracts to enhance SLA enforcement and improve patient outcomes. The findings and conclusions were as follows: 1. Current challenges facing healthcare SMEs in enforcing SLAs in cloud partnerships: SMEs may lack bargaining power, resources, and technical expertise to effectively negotiate, monitor, and enforce SLAs in cloud partnerships, leading to service disruptions, compliance issues, and financial losses. 2. BC-based smart contracts can enhance the scalability of cloud computing systems in healthcare SMEs by automating SLA execution, ensuring real-time data integrity, transparency, and accountability, reducing fraud, error, and transaction costs, and enabling decentralized trust among stakeholders. 3. Factors affecting the implementation of BC-based smart contracts to better SLA enforcement in healthcare SMEs cloud partnerships: regulatory uncertainty, interoperability, standardization, privacy, security, cost, complexity, governance, and user adoption, and 4. Unique Trends and challenges in the healthcare industry for its data analysis: increasing demand for real-time, patient-centered, personalized, and evidence-based care, generating and integrating large volumes of diverse and complex data from multiple sources, ensuring data quality, privacy, and security, complying with regulations and standards, and fostering collaboration and innovation across stakeholders. MedRec, SimplyVital Health, and Medical Chain demonstrate how BC provides secure data sharing, encryption and access control mechanisms, and promotes interoperability through standard data formats and protocols. Results showed improved scalability, trust, and SLA enforcement with the use of BC technology. Further research in the other domains of this area is recommended. It is required to address broader aspects related to the topic. The areas for further study that emerged from the findings and conclusions of this project include: 1. interoperability,2. trusted monitoring solutions, 3.user experience, 4. privacy and security,5. med tokens, cost and 6. integration with existing BSS and OSS.
Keywords: Cloud computing, Blockchain technology, SLA enforcement, Smart Contracts, Healthcare cloud, Blockchain-based SLA enforcement, Smart Healthcare, e-healthcare, Scalability
- âŠ