Information (Nov 2023)
Is Automated Consent in Solid GDPR-Compliant? An Approach for Obtaining Valid Consent with the Solid Protocol
Abstract
Personal Information Management Systems (PIMS) are acquiring a prominent role in the data economy by promoting services that help individuals to have more control over the processing of their personal data, in line with the European data protection laws. One of the highlighted solutions in this area is Solid, a new protocol that is decentralizing the storage of data, through the usage of interoperable web standards and semantic vocabularies, to empower its users to have more control over the processing of data by agents and applications. However, to fulfill this vision and gather widespread adoption, Solid needs to be aligned with the law governing the processing of personal data in Europe, the main piece of legislation being the General Data Protection Regulation (GDPR). To assist with this process, we analyze the current efforts to introduce a policy layer in the Solid ecosystem, in particular, related to the challenge of obtaining consent for processing personal data, focusing on the GDPR. Furthermore, we investigate if, in the context of using personal data for biomedical research, consent can be expressed in advance, and discuss the conditions for valid consent and how it can be obtained in this decentralized setting, namely through the matching of privacy preferences, set by the user, with requests for data and whether this can signify informed consent. Finally, we discuss the technical challenges of an implementation that caters to the previously identified legal requirements.
Keywords
