Technical Requirements and Approaches in Personal Data Control

被引:4
作者
Sim, Junsik [1 ]
Kim, Beomjoong [1 ]
Jeon, Kiseok [1 ]
Joo, Moonho [1 ]
Lim, Jihun [1 ]
Lee, Junghee [1 ]
Choo, Kim-Kwang Raymond [2 ]
机构
[1] Korea Univ, 145 Anam Ro, Seoul 02841, South Korea
[2] Univ Texas San Antonio, San Antonio, TX 78249 USA
来源
ACM COMPUTING SURVEYS | 2023年 / 55卷 / 09期
关键词
Personal data; control rights; compliance; CONSENT MANAGEMENT; MOBILE HEALTH; DATA PRIVACY; GDPR; SYSTEM;
D O I
10.1145/3558766
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
There has been a trend of moving from simply de-identification to providing extended data control to their owner (e.g., data portability and right to be forgotten), partly due to the introduction of the General Data Protection Regulation (GDPR). Hence, in this paper, we survey the literature to provide an in-depth understanding of the existing approaches for personal data control (e.g., we observe that most existing approaches are generally designed to facilitate compliance), as well as the privacy regulations in Europe, United Kingdom, California, South Korea, and Japan. Based on the review, we identify the associated technical requirements, as well as a number of research gaps and potential future directions (e.g., the need for transparent processing of personal data and establishment of clear procedure in ensuring personal data control).
引用
收藏
页数:30
相关论文
共 127 条
[71]  
Maymounkov P, 2002, LECT NOTES COMPUT SC, V2429, P53
[72]   Personal Cloudlets: Implementing a User-Centric Datastore with Privacy Aware Access Control for Cloud-based Data Platforms [J].
McCarthy, Donal ;
Malone, Paul ;
Hange, Johannes ;
Doyle, Kenny ;
Robson, Eric ;
Conway, Dylan ;
Ivanov, Stepan ;
Radziwonowicz, Lukasz ;
Kleinfeld, Robert ;
Michalareas, Theodoros ;
Kastrinogiannis, Timotheos ;
Stasinos, Nikos ;
Lampathaki, Fenareti .
2015 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON TECHNICAL AND LEGAL ASPECTS OF DATA PRIVACY AND SECURITY TELERISE 2015, 2015, :38-43
[73]  
Meeco, 2021, MEEC INFR TRUST PERS
[74]   Are 'pseudonymised' data always personal data? Implications of the GDPR for administrative data research in the UK [J].
Mourby, Miranda ;
Mackey, Elaine ;
Elliot, Mark ;
Gowans, Heather ;
Wallace, Susan E. ;
Bell, Jessica ;
Smith, Hannah ;
Aidinlis, Stergios ;
Kaye, Jane .
COMPUTER LAW & SECURITY REVIEW, 2018, 34 (02) :222-233
[75]  
Mun Min, 2010, ACMCONFERENCE EMERGI, DOI [10.1145/1921168.1921191, DOI 10.1145/1921168.1921191]
[76]  
Mydex, 2021, MYD CIC HELPS IND SE
[77]  
Mypermissions, 2021, MYP HELPS YOU RECL C
[78]  
Nakagawa Y, 2013, INT CONF INTERNET, P107, DOI 10.1109/ICIST.2013.6747521
[79]   GDPR-Compliant Personal Data Management: A Blockchain-Based Solution [J].
Nguyen Binh Truong ;
Sun, Kai ;
Lee, Gyu Myoung ;
Guo, Yike .
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2020, 15 :1746-1761
[80]   To track or not to track? Employees' data privacy in the age of corporate wellness, mobile health, and GDPR [J].
Olsen, Celine Brassart .
INTERNATIONAL DATA PRIVACY LAW, 2020, 10 (03) :236-252
3456789101112