ADvoCATE: A consent management platform for personal data processing in the IoT using blockchain technology

Abstract

The value of personal data generated and managed by smart devices which comprise the Internet of Things (IoT) is unquestionable. The EU General Data Protection Regulation (GDPR) that has been recently put in force, sets the cornerstones regarding the collection and processing of personal data, for the benefit of Data Subjects and Controllers. However, applying this regulation to the IoT ecosystem is not a trivial task. This paper proposes ADvoCATE, a user-centric solution that allows data subjects to easily control consents regarding access to their personal data in the IoT ecosystem and exercise their rights defined by GDPR. It also assists Data Controllers and Processors to meet GDPR requirements. A blockchain infrastructure ensures the integrity of personal data processing consents, while the quality thereof is evaluated by an intelligence service. Finally, we present some preliminary details of a partial implementation of the proposed framework.