I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data

Jesus, Vitor and Mustare, Shweta (2019) I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data. In: 16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, August 26 - 29, 2019, Linz, Austria.

[img] Text (conference paper)
consent - camera.pdf - Accepted Version
Restricted to Repository staff only

Download (793kB)
consent - camera.pdf

Download (793kB)


Privacy in online collection of personal data is currently a much debated topic considering, amongst other reasons, the incidents with well known digital organisations, such as social networks and, in Europe, the recent EU/GDPR regulation. Among other required practices, explicit and simply worded consent from individuals must be obtained before collecting and using personal information. Further, individuals must also be given detailed information about what, how and what for data is collected. Consent is typically obtained at the collection point and, at a single point in time (ignoring updates), associated with Privacy Policies or End-User Agreements. At any moment, both the user and the organization should be able to produce evidence of this consent. This proof should not be disputable which leads us to strong cryptographic properties.

The problem we discuss is how to robustly demonstrate such consent was given. We adapt fair-exchange protocols to this particular problem and, upon an exchange of personal data, we are able to produce a cryptographic receipt of acceptance that any party can use to prove consent and elicit non-repudiation. We discuss two broad strategies: a pure peerto-peer scheme and the use of a Trusted Third Party.

Item Type: Conference or Workshop Item (Paper)
Date: 2 August 2019
Uncontrolled Keywords: Privacy, fair exchange, consent
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-03 - information systems
CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology > Cyber Security
Depositing User: Vitor De Jesus da silva
Date Deposited: 22 Jun 2019 05:36
Last Modified: 10 Sep 2021 14:24
URI: http://bcu-test.eprints-hosting.org/id/eprint/7619

Actions (login required)

View Item View Item


In this section...