IEEE Access (Jan 2024)
A Blockchain-Based Hybrid Architecture for Auditable Consent Management
Abstract
Consent management has become an important issue with the increased usage of the Internet and also smart devices that collect personal data. Each country enacts its regulations and laws for consent management. These laws ensure that personal data is not collected without the individual’s consent and cannot be processed with a purpose other than the stated purpose. The General Data Protection Regulation (GDPR) has strict rules regarding collecting and processing personal data. This paper proposes a new approach for auditable hybrid consent management systems using blockchain technology and a purpose tree. The suggested approach includes (1) the implementation of a GDPR-compliant consent management system using blockchain and purpose tree; (2) the implementation of an audit mechanism that detects consent violations and corrects consents; and (3) the use of both on-chain and off-chain technologies. The audit mechanism proposed in this paper detects possible violations by performing inspections on every transaction in the system. Besides, it immediately informs the data subject and the competent authorities regarding the relevant violations. As part of this study, a prototype of the architecture is developed as a proof of concept to evaluate the performance of critical components. The obtained experimental results show that the proposed hybrid architecture that use purpose tree effectively supports consent sharing between the parties.
Keywords