Affiliation:
1. Security, Technology and ePrivacy Group (STeP), University of Groningen, 9712 GH Groningen, The Netherlands
2. Ontology Engineering Group (OEG), Universidad Politécnica de Madrid, 28040 Madrid, Spain
Abstract
Personal Information Management Systems (PIMS) are acquiring a prominent role in the data economy by promoting services that help individuals to have more control over the processing of their personal data, in line with the European data protection laws. One of the highlighted solutions in this area is Solid, a new protocol that is decentralizing the storage of data, through the usage of interoperable web standards and semantic vocabularies, to empower its users to have more control over the processing of data by agents and applications. However, to fulfill this vision and gather widespread adoption, Solid needs to be aligned with the law governing the processing of personal data in Europe, the main piece of legislation being the General Data Protection Regulation (GDPR). To assist with this process, we analyze the current efforts to introduce a policy layer in the Solid ecosystem, in particular, related to the challenge of obtaining consent for processing personal data, focusing on the GDPR. Furthermore, we investigate if, in the context of using personal data for biomedical research, consent can be expressed in advance, and discuss the conditions for valid consent and how it can be obtained in this decentralized setting, namely through the matching of privacy preferences, set by the user, with requests for data and whether this can signify informed consent. Finally, we discuss the technical challenges of an implementation that caters to the previously identified legal requirements.
Funder
European Cooperation in Science and Technology
European Union’s Horizon 2020
Reference86 articles.
1. (2023, October 25). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). Available online: https://eur-lex.europa.eu/eli/reg/2016/679/oj.
2. Bradford, A. (2019). How the EU Became a Global Regulatory Power. The Brussels Effect: How the European Union Rules the World, Oxford University Press.
3. European Commission (2020). Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions-A European Strategy for Data, European Commission.
4. (2023, October 25). Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European Data Governance and Amending Regulation (EU) 2018/1724 (Data Governance Act) (Text with EEA Relevance). Legislative Body: CONSIL, EP. Available online: https://eur-lex.europa.eu/eli/reg/2022/868/oj.
5. Explaining the intention to use digital personal data stores: An empirical study;Mariani;Technol. Forecast. Soc. Chang.,2021