Blockchain-based Consents Management for Personal Data Processing in the IoT Ecosystem

Abstract

In the Internet of Things (IoT) ecosystem the volume of data generated by devices in the user’s environment is constantly increasing and becoming of particular value. In such an environment the average user is bound to face considerable difficulties in understanding the size and scope of his/her collected data. However, the provisions of the European General Data Protection Regulation (GDPR) require data subjects to be able to control their personal data, be informed and consent to its processing in an intelligible manner. This paper proposes ADVOCATE, a framework that facilitates GDPR-compliant processing of personal data in IoT environments. The present work aims to assist stakeholders, i.e. Data Controllers and Processors, satisfy GDPR requirements, such as informing data subjects in a transparent and unambiguous manner about the data they will manage, the processing purposes and periods. Respectively, data subjects will be promptly and comprehensively informed about any processing requests addressed to them, create and edit processing policies, exercise their rights in access, correction, deletion, restriction and opposition to data processing. Simultaneously, a notary service using blockchain infrastructures will ensure consents’ security and an intelligent service will inform data subjects about the quality of their consents.