Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Privacy in Digital Business

TrustBus 2019: Trust, Privacy and Security in Digital Business pp 33–45Cite as

I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11711))

Abstract

Privacy in online collection of personal data is currently a much debated topic considering, amongst other reasons, the incidents with well known digital organisations, such as social networks and, in Europe, the recent EU/GDPR regulation. Among other required practices, explicit and simply worded consent from individuals must be obtained before collecting and using personal information. Further, individuals must also be given detailed information about what, how and what for data is collected. Consent is typically obtained at the collection point and, at a single point in time (ignoring updates), associated with Privacy Policies or End-User Agreements. At any moment, both the user and the organization should be able to produce evidence of this consent. This proof should not be disputable which leads us to strong cryptographic properties.

The problem we discuss is how to robustly demonstrate such consent was given. We adapt fair-exchange protocols to this particular problem and, upon an exchange of personal data, we are able to produce a cryptographic receipt of acceptance that any party can use to prove consent and elicit non-repudiation. We discuss two broad strategies: a pure peer-to-peer scheme and the use of a Trusted Third Party.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    We are working with Privacy organisations towards piloting the ideas on this paper in a real-world scenario.

  2. 2.

    See https://tldrlegal.com/ for software licenses.

References

  1. Millett, L.I., Friedmann, B., Felten, E.: Cookies and web browser design: toward realizing informed consent online. In: Proceedings of the Conference on Human Factors in Computing Systems (2001)

    Google Scholar 

  2. Sandholm, T.W.: Unenforced E-commerce transactions. IEEE Internet Comput. 1(6), 47–54 (1997)

    Article  Google Scholar 

  3. Rajaretnam, T.: The problem to consent to the collection, use, and disclosure of personal information in cyberspace. In: International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (2012)

    Google Scholar 

  4. Maurer, U.: New approaches to digital evidence. Proc. IEEE 92(6), 933–947 (2004)

    Article  Google Scholar 

  5. Laurie, B., Bohm, N.: Signatures: an interface between law and technology, January 2003. http://www.apache-ssl.org/tech-legal.pdf

  6. Zhou, J., Gollmann, D.: A fair non-repudiation protocol. In: Proceedings of the 1996 IEEE Conference on Security and Privacy, SP 1996, Washington, DC, USA (1996)

    Google Scholar 

  7. Watrobski, J., Karczmarczyk, A.: Application of the fair secret exchange protocols in the distribution of electronic invoices. Proc. Comput. Sci. 112, 1819–1828 (2017)

    Article  Google Scholar 

  8. Paulin, A., Welzer, T.: A universal system for fair non-repudiable certified e-mail without a trusted third party. Comput. Secur. 32, 207–218 (2013)

    Article  Google Scholar 

  9. Neville, W., Horie, M.: Efficiently achieving full three-way non-repudiation in consumer-level ecommerce and M-Commerce transactions. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, Changsha (2011)

    Google Scholar 

  10. Garbinato, B., Rickebusch, I.: Secure multiparty computation vs. fair exchange: Bridging the gap, Technical Report DOP-20070123, University of Lausanne, DOP Lab (2007). http://www.hec.unil.ch/dop/Download/articles/DOP-20070123.pdf

  11. Onieva, J.A., Zhou, J., Lopez, J.: Multiparty nonrepudiation: a survey. ACM Comput. Surv. 41(1), 5:1–5:43 (2009). https://doi.org/10.1145/1456650.1456655. ISSN: 0360-0300

    Article  Google Scholar 

  12. McDonald, A., Cranor, L.F.: The cost of reading privacy policies. J. Law Policy Inf. Soc. 4(3), 543–568 (2008). Privacy Year in Review issue I/S

    Google Scholar 

  13. Markowitch, O., Kremer, S.: An optimistic non-repudiation protocol with transparent trusted third party. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 363–378. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45439-X_25

    Chapter  Google Scholar 

  14. Zhou, J., Deng, R., Bao, F.: Evolution of fair non-repudiation with TTP. In: Proceedings of the 4th Australasian Conference on Information Security and Privacy, ACISP 1999, London, UK (1999)

    Google Scholar 

  15. Garbinato, B., Rickebusch, I.: Impossibility results on fair exchange. In: Proceedings of the 6th International Workshop on Innovative Internet Community Systems, I2CS 2006, vol. LNI. German Societyof Informatics (2006)

    Google Scholar 

Download references

Acknowledgments

We would like to thank Professor Peter Sommer, of Birmingham City University, for his insights into the legal aspects.

Author information

Authors and Affiliations

  1. School of Computing and Digital Technology, Birmingham City University, Birmingham, UK

    Vitor Jesus & Shweta Mustare

Authors
  1. Vitor Jesus
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shweta Mustare
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vitor Jesus .

Editor information

Editors and Affiliations

  1. University of the Aegean, Mytilene, Greece

    Stefanos Gritzalis

  2. SBA Research, Vienna, Austria

    Edgar R. Weippl

  3. Norwegian University of Science and Technology, Trondheim, Norway

    Sokratis K. Katsikas

  4. Johannes Kepler University of Linz, Linz, Austria

    Gabriele Anderst-Kotsis

  5. Software Competence Center Hagenberg, Hagenberg im Mühlkreis, Austria

    A Min Tjoa

  6. Johannes Kepler University of Linz, Linz, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jesus, V., Mustare, S. (2019). I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data. In: Gritzalis, S., Weippl, E., Katsikas, S., Anderst-Kotsis, G., Tjoa, A., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2019. Lecture Notes in Computer Science(), vol 11711. Springer, Cham. https://doi.org/10.1007/978-3-030-27813-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-27813-7_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-27812-0

  • Online ISBN: 978-3-030-27813-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation