Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smar...
Guardado en:
| Autores principales: | , , , , , , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
MDPI AG
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/e1c265fdf60f4ac7b070e6cd14233ffd |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:e1c265fdf60f4ac7b070e6cd14233ffd |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:e1c265fdf60f4ac7b070e6cd14233ffd2021-11-11T19:09:06ZData Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal10.3390/s212171541424-8220https://doaj.org/article/e1c265fdf60f4ac7b070e6cd14233ffd2021-10-01T00:00:00Zhttps://www.mdpi.com/1424-8220/21/21/7154https://doaj.org/toc/1424-8220The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR’s provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users’ consents, while ensuring selective and minimal disclosure of personal information as well as user’s unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.Said DaoudaghEda MarchettiVincenzo SavarinoJorge Bernal BernabeJesús García-RodríguezRafael Torres MorenoJuan Antonio MartinezAntonio F. SkarmetaMDPI AGarticleaccess controlconsent managerGDPRprivacy-by-designsmart citiesChemical technologyTP1-1185ENSensors, Vol 21, Iss 7154, p 7154 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
access control consent manager GDPR privacy-by-design smart cities Chemical technology TP1-1185 |
| spellingShingle |
access control consent manager GDPR privacy-by-design smart cities Chemical technology TP1-1185 Said Daoudagh Eda Marchetti Vincenzo Savarino Jorge Bernal Bernabe Jesús García-Rodríguez Rafael Torres Moreno Juan Antonio Martinez Antonio F. Skarmeta Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal |
| description |
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR’s provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users’ consents, while ensuring selective and minimal disclosure of personal information as well as user’s unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility. |
| format |
article |
| author |
Said Daoudagh Eda Marchetti Vincenzo Savarino Jorge Bernal Bernabe Jesús García-Rodríguez Rafael Torres Moreno Juan Antonio Martinez Antonio F. Skarmeta |
| author_facet |
Said Daoudagh Eda Marchetti Vincenzo Savarino Jorge Bernal Bernabe Jesús García-Rodríguez Rafael Torres Moreno Juan Antonio Martinez Antonio F. Skarmeta |
| author_sort |
Said Daoudagh |
| title |
Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal |
| title_short |
Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal |
| title_full |
Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal |
| title_fullStr |
Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal |
| title_full_unstemmed |
Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal |
| title_sort |
data protection by design in the context of smart cities: a consent and access control proposal |
| publisher |
MDPI AG |
| publishDate |
2021 |
| url |
https://doaj.org/article/e1c265fdf60f4ac7b070e6cd14233ffd |
| work_keys_str_mv |
AT saiddaoudagh dataprotectionbydesigninthecontextofsmartcitiesaconsentandaccesscontrolproposal AT edamarchetti dataprotectionbydesigninthecontextofsmartcitiesaconsentandaccesscontrolproposal AT vincenzosavarino dataprotectionbydesigninthecontextofsmartcitiesaconsentandaccesscontrolproposal AT jorgebernalbernabe dataprotectionbydesigninthecontextofsmartcitiesaconsentandaccesscontrolproposal AT jesusgarciarodriguez dataprotectionbydesigninthecontextofsmartcitiesaconsentandaccesscontrolproposal AT rafaeltorresmoreno dataprotectionbydesigninthecontextofsmartcitiesaconsentandaccesscontrolproposal AT juanantoniomartinez dataprotectionbydesigninthecontextofsmartcitiesaconsentandaccesscontrolproposal AT antoniofskarmeta dataprotectionbydesigninthecontextofsmartcitiesaconsentandaccesscontrolproposal |
| _version_ |
1718431616742719488 |