Skip to main content
Book cover

International Conference on Computer Safety, Reliability, and Security

SAFECOMP 2017: Computer Safety, Reliability, and Security pp 337–349Cite as

Transparent Personal Data Processing: The Road Ahead

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 10489)

Abstract

The European General Data Protection Regulation defines a set of obligations for personal data controllers and processors. Primary obligations include: obtaining explicit consent from the data subject for the processing of personal data, providing full transparency with respect to the processing, and enabling data rectification and erasure (albeit only in certain circumstances). At the core of any transparency architecture is the logging of events in relation to the processing and sharing of personal data. The logs should enable verification that data processors abide by the access and usage control policies that have been associated with the data based on the data subject’s consent and the applicable regulations. In this position paper, we: (i) identify the requirements that need to be satisfied by such a transparency architecture, (ii) examine the suitability of existing logging mechanisms in light of said requirements, and (iii) present a number of open challenges and opportunities.

Keywords

  • General Data Protection Regulation (GDPR)
  • Transparent Architecture
  • Subject Data
  • Trusted Third Party (TTP)
  • Blockchain

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-66284-8_28
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   64.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-66284-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   84.99
Price excludes VAT (USA)
Learn about institutional subscriptions

Notes

  1. 1.

    PROV, https://www.w3.org/TR/prov-overview/.

  2. 2.

    OWL-Time, https://www.w3.org/TR/owl-time/.

  3. 3.

    Events, http://motools.sourceforge.net/event/event.html.

  4. 4.

    LODE, http://linkedevents.org/ontology/.

References

  1. Accorsi, R.: On the relationship of privacy and secure remote logging in dynamic systems. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds.) SEC 2006. IIFIP, vol. 201, pp. 329–339. Springer, Boston, MA (2006). doi:10.1007/0-387-33406-8_28

    CrossRef  Google Scholar 

  2. Bellare, M., Yee, B.: Forward integrity for secure audit logs. Technical report, Computer Science and Engineering Department, University of California at San Diego (1997)

    Google Scholar 

  3. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur. (TISSEC), 5(1) (2002)

    Google Scholar 

  4. Cachin, C., Haralambiev, K., Hsiao, H., Sorniotti, A.: Policy-based secure deletion. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 (2013)

    Google Scholar 

  5. Fernández Garcia, J.D., Umbrich, J., Knuth, M., Polleres, A.: Evaluating query and storage strategies for RDF archives. In: 12th International Conference on Semantic Systems (SEMANTICS), ACM International Conference Proceedings Series (2016)

    Google Scholar 

  6. Hedbom, H., Pulls, T., Hjärtquist, P., Lavén, A.: Adding secure transparency logging to the PRIME Core. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) Privacy and Identity 2009. IAICT, vol. 320, pp. 299–314. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14282-6_25

    CrossRef  Google Scholar 

  7. Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 2006 Australasian Workshops on Grid Computing and e-Research, vol. 54 (2006)

    Google Scholar 

  8. Hope-Bailie, A., Thomas, S.: Interledger: creating a standard for payments. In: Proceedings of the 25th International Conference Companion on World Wide Web (2016)

    Google Scholar 

  9. Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Comput. Commun. 25(17) (2002)

    Google Scholar 

  10. Ma, D., Tsudik, G.: A new approach to secure logging. ACM Trans. Storage (TOS) 5(1) (2009)

    Google Scholar 

  11. Peeters, R., Pulls, T., Wouters, K.: Enhancing transparency with distributed privacy-preserving logging. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2013 Securing Electronic Business Processes, pp. 61–71. Springer, Wiesbaden (2013). doi:10.1007/978-3-658-03371-2_6

    CrossRef  Google Scholar 

  12. Pulls, T., Peeters, R., Wouters, K.: Distributed privacy-preserving transparency logging. In: Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society (2013)

    Google Scholar 

  13. Rinne, M., Blomqvist, E., Keskisärkkä, R., Nuutila, E.: Event processing in RDF. In: Proceedings of the 4th International Conference on Ontology and Semantic Web Patterns, vol. 1188 (2013)

    Google Scholar 

  14. Sackmann, S., Strüker, J., Accorsi, R.: Personalization in privacy-aware highly dynamic systems. Commun. ACM, 49(9) (2006)

    Google Scholar 

  15. Schneier, B., Kelsey, J.: Cryptographic support for secure logs on untrusted machines. In: USENIX Security (1998)

    Google Scholar 

  16. Seneviratne, O., Kagal, L.: Enabling privacy through transparency. In: 2014 Twelfth Annual International Conference on Privacy, Security and Trust (PST) (2014)

    Google Scholar 

  17. Waizenegger, T.: Secure cryptographic deletion in the swift object store. In Datenbanksysteme für Business, Technologie und Web (BTW) (2017)

    Google Scholar 

  18. Waizenegger, T., Wagner, F., Mega, C.: SDOS: using trusted platform modules for secure cryptographic deletion in the swift object store. In: Proceedings of the 20th International Conference on Extending Database Technology, EDBT (2017)

    Google Scholar 

  19. Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6) (2008)

    Google Scholar 

  20. Wouters, K., Simoens, K., Lathouwers, D., Preneel, B.: Secure and privacy-friendly logging for egovernment services. In: Third International Conference on Availability, Reliability and Security, 2008, ARES 2008 (2008)

    Google Scholar 

  21. Zyskind, G., Nathan, O., et al.: Decentralizing privacy: using blockchain to protect personal data. In: Security and Privacy Workshops (SPW), 2015. IEEE (2015)

    Google Scholar 

Download references

Acknowledgments

Supported by the European Union’s Horizon 2020 research and innovation programme under grant 731601.

Author information

Authors and Affiliations

  1. Universita’ di Napoli Federico II, Naples, Italy

    Piero Bonatti

  2. Vienna University of Economics and Business, Vienna, Austria

    Sabrina Kirrane & Axel Polleres

  3. Complexity Science Hub Vienna, Vienna, Austria

    Axel Polleres

  4. W3C, Sophia-Antipolis, France

    Rigo Wenning

Authors
  1. Piero Bonatti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sabrina Kirrane
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Axel Polleres
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rigo Wenning
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sabrina Kirrane .

Editor information

Editors and Affiliations

  1. Fondazione Bruno Kessler, Trento, Italy

    Stefano Tonetta

  2. Austrian Institute of Technology GmbH, Vienna, Austria

    Erwin Schoitsch

  3. Thales Transportation Systems GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and Permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Bonatti, P., Kirrane, S., Polleres, A., Wenning, R. (2017). Transparent Personal Data Processing: The Road Ahead. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-66284-8_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-66283-1

  • Online ISBN: 978-3-319-66284-8

  • eBook Packages: Computer ScienceComputer Science (R0)