Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

`I Consent to These Terms’: A Legal and Technical Approach for Obtaining Valid Consent in Solid

Version 1 : Received: 19 July 2023 / Approved: 19 July 2023 / Online: 19 July 2023 (11:46:25 CEST)
Version 2 : Received: 22 October 2023 / Approved: 23 October 2023 / Online: 23 October 2023 (11:14:44 CEST)

A peer-reviewed article of this Preprint also exists.

Florea, M.; Esteves, B. Is Automated Consent in Solid GDPR-Compliant? An Approach for Obtaining Valid Consent with the Solid Protocol. Information 2023, 14, 631. Florea, M.; Esteves, B. Is Automated Consent in Solid GDPR-Compliant? An Approach for Obtaining Valid Consent with the Solid Protocol. Information 2023, 14, 631.

Abstract

Personal Information Management Systems (PIMS) are acquiring a prominent role in the data economy by promoting products and services that help individuals to manage and control their online identity and thus have more control over the processing of their personal data, in line with the European strategy for data. One of the highlighted solutions in this area is Solid, a new protocol which is decentralising the storage of data, through the usage of interoperable Web standards and semantic vocabularies, to empower its users to have more control over the agents and applications that can access their data. However, to fulfil this vision and gather widespread adoption, Solid needs to be aligned with the law governing the processing of personal data in Europe, the General Data Protection Regulation (GDPR). To assist with this process, we analyse the current efforts to introduce a policy layer in the Solid ecosystem, in particular, related to the challenge of obtaining consent focusing on the GDPR. Furthermore, we investigate if, in the context of using personal data for biomedical research, consent can be expressed in advance, discuss the conditions for valid consent and how it can be obtained in this decentralised setting, namely through the matching of privacy preferences, set by the user, with requests for data and whether this can signify informed consent. Finally, we discuss the technical challenges of an implementation that caters to the previously identified legal requirements.

Keywords

personal information management systems; solid; semantic web; data protection; consent

Subject

Computer Science and Mathematics, Information Systems

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.

Leave a public comment
Send a private comment to the author(s)
* All users must log in before leaving a comment
Views 0
Downloads 0
Comments 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.