This article has been reviewed according to Science X’s editorial process
and policies.
Editors have highlighted the following attributes while ensuring the content’s credibility:
fact-checked
trusted source
proofread
× close
Entering a website and accepting cookies is a very common and oft-repeated gesture when navigating the Internet. But this small action, which is often done automatically and without thought, entails security risks: By consenting to cookies, you lose control over your sensitive information, as you cannot review the conditions you have just accepted.
In order to avoid this vulnerability, a research team from the Universitat Rovira i Virgili has developed an innovative environment based on blockchain technology that allows users to control what happens to their personal data and what it is used for at all times.
The work is published in the journal Computer Communications.
Accepting cookies gives permission for sensitive information to be shared, which puts at risk the privacy of users, who are uncertain how it will be used and for what purposes. To mitigate these risks, the European Union proposed the General Data Protection Regulation (GDPR), whereby service providers need to obtain explicit consent from data subjects to collect and process their personal data.
The response of many web providers to this requirement has been to present users with a form when they access a service: the cookie acceptance form. But the law does not define how these providers should transparently demonstrate that they have this consent and most users do not know what rights they have over their personal data or have efficient methods to be on the lookout for what third parties do with their data.
× close
The study led by the URV consists of creating a personal data management platform based on blockchain technology. It generates smart contracts that are published for life on the blockchain and cannot be amended; that is to say, the terms agreed cannot be modified and the binding nature of the contract cannot be denied.
In order to use this smart contract, the user must install a program in the browser that intercepts the request for consent and responds in accordance with their preferences.
“Taking this small step makes browsing more agile and secure and complies with the main requirements of the European data protection law,” says Jordi Castellà, a researcher at the URV’s Department of Computer Engineering and Mathematics, who took part in the research.
In addition, all the consents accepted can be controlled and managed from a mobile application to keep track of who has them, when they were granted, what they are being used for and how to modify the details at any time.
For web service providers, this environment enables them to demonstrate, in the event of an audit, that they have obtained consent from users. Information is accessed through a secure access control system.
This research makes the management of personal data more secure and gives users more and better control over their information.
More information:
Cristòfol Daudén-Esmel et al, Blockchain-based access control system for efficient and GDPR-compliant personal data management, Computer Communications (2023). DOI: 10.1016/j.comcom.2023.11.017
This article was originally published by a techxplore.com . Read the Original article here. .