privacyTracker: A Privacy-by-Design GDPR-Compliant Framework with Verifiable Data Traceability Controls

  • Harald GjermundrødEmail author
  • Ioanna Dionysiou
  • Kyriakos Costa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9881)


Breach or lack of online privacy has become almost a commonplace of today’s digital age, mainly due to the inability of either enforcing privacy requirements or imposing strict sanctions against violations. The current state of affairs in data privacy is at a turning point for companies operating in EU state members as the enforcement of the General Data Protection Regulation (GDPR) empowers users with control over their personal data, including regulating its disclosure, withdrawing disclosure consent at any given time and tracking their data trail. Compliance with the GDPR is mandatory and it requires signifiant amendments and/or restructuring of data processing routines undertaken by enterprises. Currently, there is no framework to support the GDPR principles. This paper proposes privacyTracker, a GDPR-compliant framework that supports basic GDPR principles including data traceability and allowing a user to get a cryptographically verifiable snapshot of his/her data trail.


User privacy Data traceability General Data Protection Regulation (GDPR) 



The authors would like to thank the BeWiser consortium (funded under EU FP7, Grant No: 319907) for fruitful discussions on citizen security and privacy issues.


  1. 1.
    TRUSTe: 2015 truste us consumer confidence index (2015). Accessed 25 Sept 2015
  2. 2.
    Westin, A.: Privacy and Freedom. Atheneum, New York (1967)Google Scholar
  3. 3.
    Parliament, E.: Regulation of the European Parliament and of the Council on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation). Technical report (2015)Google Scholar
  4. 4.
    Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts. Comput. Stand. Interfaces 36(4), 759–775 (2014). Security in Information Systems: Advances and new ChallengesCrossRefGoogle Scholar
  6. 6.
    Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: 2006 IEEE Symposium on Security and Privacy Security and Privacy, pp. 184–198 (2006)Google Scholar
  7. 7.
    Bertino, E., Ghinita, G., Kantarcioglu, M., Nguyen, D., Park, J., Sandhu, R., Sultana, S., Thuraisingham, B., Xu, S.: A roadmap for privacy-enhanced secure data provenance. J. Intell. Inf. Syst. 43(3), 481–501 (2014)CrossRefGoogle Scholar
  8. 8.
    Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: sticky policies and enforceable tracing services. In: 2003 Proceedings of 14th International Workshop on Database and Expert Systems Applications, pp. 377–382 (2003)Google Scholar
  9. 9.
    Epic: Electronic privacy information center survey: 74% of presidential candidate’s websites fail on privacy. Accessed 25 Sept 2015 (2015)
  10. 10.
    Alsenoy, B.V., Verdoodt, V., Heyman, R., Ausloos, J.,Wauters, E.: From social media service to advertising network: a critical analysis of facebook’s revised policies and terms. Technicalreport, Interdisciplinary Centre for Law and ICT/Centre for Intellectual Property Rights of KU Leuven and the department of Studies on Media of the Vrije Universiteit Brussel (2015)Google Scholar
  11. 11.
    Gjermundrød, H., Dionysiou, I.: A conceptual framework for configurable privacy-awareness in a citizen-centric egovernment. Electron. Gov. 11(4), 258–282 (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Harald Gjermundrød
    • 1
    Email author
  • Ioanna Dionysiou
    • 1
  • Kyriakos Costa
    • 1
  1. 1.Department of Computer Science, School of Sciences and EngineeringUniversity of NicosiaNicosiaCyprus

Personalised recommendations