Location Privacy and Inference in Online Social Networks

Data protection is about protecting information about per-sons, which is currently flowing without much control \u2013individuals can-not easily exercise the rights granted by the EU General Data Protection Regulation (GDPR). Individuals benefit from \u201cfree\u201d services offered by companies in exchange of their data, but these companies keep their users\u2019 data in \u201csilos\u201d that impede transparency on their use and possibilities of easy interactions. The introduction of the GDPR warrants control rights to individuals and the free portability of personal data from one entity to another. However it is still beyond the individual\u2019s capability to perceive whether their data is managed in compliance with GDPR. To this regard, in this work the proposed approach consists in using decentralized mechanisms to provide transparency through distributed ledgers, data flow governance by using smart contracts and interoperability relying on semantic web technologies

Tell the Smart House to Mind its Own Business!: Maintaining Privacy and Security in the Era of Smart Devices

Consumers want convenience. That convenience often comes in the form of everyday smart devices that connect to the internet and assist with daily tasks. With the advancement of technology and the “Internet of Things” in recent years, convenience is at our fingertips more than ever before. Not only do consumers want convenience, they want to trust that their product is performing the task that they purchased it for and not exposing them to danger or risk. However, due to the increasing capabilities and capacities of smart devices, consumers are less likely to realize the implications of what they are agreeing to when they purchase and begin using these products. This Note will focus on the risks associated with smart devices, using smart home devices as an illustration. These devices have the ability to collect intimate details about the layout of the home and about those who live within it. The mere collection of this personal data opens consumers up to the risk of having their private information shared with unintended recipients whether the information is being sold to a third party or accessible to a hacker. Thus, to adequately protect consumers, it is imperative that they can fully consent to their data being collected, retained, and potentially distributed. This Note examines the law that is currently in place to protect consumers who use smart devices and argues that a void ultimately leaves consumers vulnerable. Current data privacy protection in the United States centers on the self-regulatory regime of “notice and choice.” This Note highlights how the self-regulatory notice-and-choice model fails to ensure sufficient protection for consumers who use smart devices and discusses the need for greater privacy protection in the era of the emerging Internet of Things. Ultimately, this Note proposes a state-level resolution and calls upon an exemplar state to experiment with privacy protection laws to determine the best way to regulate the Internet of Things

A critical literature review of security and privacy in smart home healthcare schemes adopting IoT & blockchain: problems, challenges and solutions

Protecting private data in smart homes, a popular Internet-of-Things (IoT) application, remains a significant data security and privacy challenge due to the large-scale development and distributed nature of IoT networks. Recently, smart healthcare has leveraged smart home systems, thereby compounding security concerns in terms of the confidentiality of sensitive and private data and by extension the privacy of the data owner. However, PoA-based Blockchain DLT has emerged as a promising solution for protecting private data from indiscriminate use and thereby preserving the privacy of individuals residing in IoT-enabled smart homes. This review elicits some concerns, issues, and problems that have hindered the adoption of blockchain and IoT (BCoT) in some domains and suggests requisite solutions using the aging-in-place scenario. Implementation issues with BCoT were examined as well as the combined challenges BCoT can pose when utilised for security gains. The study discusses recent findings, opportunities, and barriers, and provide recommendations that could facilitate the continuous growth of blockchain application in healthcare. Lastly, the study then explored the potential of using a PoA-based permission blockchain with an applicable consent-based privacy model for decision-making in the information disclosure process, including the use of publisher-subscriber contracts for fine-grained access control to ensure secure data processing and sharing, as well as ethical trust in personal information disclosure, as a solution direction. The proposed authorisation framework could guarantee data ownership, conditional access management, scalable and tamper-proof data storage, and a more resilient system against threat models such as interception and insider attacks

Dwarna : a blockchain solution for dynamic consent in biobanking

Dynamic consent aims to empower research partners and facilitate active participation in the research process. Used within the context of biobanking, it gives individuals access to information and control to determine how and where their biospecimens and data should be used. We present Dwarna—a web portal for ‘dynamic consent’ that acts as a hub connecting the different stakeholders of the Malta Biobank: biobank managers, researchers, research partners, and the general public. The portal stores research partners’ consent in a blockchain to create an immutable audit trail of research partners’ consent changes. Dwarna’s structure also presents a solution to the European Union’s General Data Protection Regulation’s right to erasure—a right that is seemingly incompatible with the blockchain model. Dwarna’s transparent structure increases trustworthiness in the biobanking process by giving research partners more control over which research studies they participate in, by facilitating the withdrawal of consent and by making it possible to request that the biospecimen and associated data are destroyed.peer-reviewe