Smart Contract-Driven Consent Management for Personal Data Sharing
DOI:
https://doi.org/10.63282/3050-9262.IJAIDSML-V4I2P115Keywords:
Blockchain, Smart Contracts, Consent Management, Data Privacy, Gdpr, Access Control, Personal Data SharingAbstract
The rapid expansion of digital platforms, electronic health systems, IoT devices, and cross-organisational data-sharing environments have resulted in the exchanged amount and sensitivity of personal data growing. Conventional consent management models are centralised, non-transparent, and hard to audit, exposing threats of unauthorised distribution, poor interoperability, and substandard compliance with regulations. Traditional systems have a hard time delivering dynamic, fine-grained and verifiable user control over consent. They do not have transparent audit trails, do not support the use of multi-party authorization, and do not impose the use of data in a manner specific to purpose, particularly when regulated by laws like GDPR. The issue of scalability, the absence of automation, and immutable logging also contribute to the growth of trust and security concerns. The objective of the research is to assess in a critical manner the concept of blockchain-based and smart contract-based consent management models to determine the architectural designs, performance aspects, cryptographic techniques, and compliance measures that enhance personal data control within healthcare, fitness tracking, and wider data-sharing systems. Solution: This paper summarises the evidence regarding the benefits of hybrid on-chain/off-chain architectures, purpose-based access control, threshold cryptography, pseudonymization layers, and business-process-sensitive workflows in improving the transparency, auditability, and automation of consent management through the analytical review of nineteen blockchain-based consent systems. Smart contract systems give enforceability of rules, minimise risk of breach and enhance precision of consent revocation. The remaining issues are scalability, fluctuations in the cost of gas, GDPR-compatible deletion, and multidimensional approval. In general, consent systems based on smart contracts provide a technically plausible and legally consistent platform on which to build the systems of personal data-sharing in the future
References
[1] P. V. Kakarlapudi and Q. H. Mahmoud, “A systematic review of blockchain for consent management,” Healthcare, vol. 9, no. 2, p. 137, Feb. 2021.
[2] D. Tith, J. S. Lee, H. Suzuki, W. M. A. B. Wijesundara, N. Taira, T. Obi, and N. Ohyama, “Patient consent management by a purpose-based consent model for electronic health record based on blockchain technology,” Healthcare Informatics Research, vol. 26, no. 4, pp. 265–273, 2020.
[3] Zyskind, G., Nathan, O., & Pentland, A. (2015). Decentralizing privacy: Using blockchain to protect personal data. In 2015 IEEE Security and Privacy Workshops (pp. 180–184). IEEE. https://doi.org/10.1109/SPW.2015.27
[4] H. H. Jung and F. M. Pfister, “Blockchain-enabled clinical study consent management,” Technology Innovation Management Review, vol. 10, no. 2, 2020.
[5] C. Hu, C. Li, G. Zhang, Z. Lei, M. Shah, Y. Zhang, C. Xing, J. Jiang, and R. Bao, “CrowdMed-II: A blockchain-based framework for efficient consent management in health data sharing,” World Wide Web, vol. 25, no. 3, pp. 1489–1515, 2022.
[6] Zyskind, G., & Nathan, O. (2015). Decentralizing privacy: Using blockchain to protect personal data. In 2015 IEEE Security and Privacy Workshops (pp. 180–184). IEEE. https://doi.org/10.1109/SPW.2015.27
[7] V. Jaiman and V. Urovi, “A consent model for blockchain-based health data sharing platforms,” IEEE Access, vol. 8, pp. 143734–143745, 2020.
[8] Zhang, R., Xue, R., & Liu, L. (2019). Security and privacy on blockchain. ACM Computing Surveys, 52(3), Article 65. https://doi.org/10.1145/3327751
[9] Yu, W., Zhang, F., & Xu, X. (2019). A blockchain-based privacy-preserving data sharing scheme for electronic medical records. IEEE Access, 7, 107303–107313. https://doi.org/10.1109/ACCESS.2019.2932942
[10] M. Alhajri, C. Rudolph, and A. S. Shahraki, “A blockchain-based consent mechanism for access to fitness data in the healthcare context,” IEEE Access, vol. 10, pp. 22960–22979, 2022.
[11] Zyskind, G., Nathan, O., & Pentland, A. (2015). Decentralizing privacy: Using blockchain to protect personal data. In 2015 IEEE Security and Privacy Workshops (pp. 180–184). IEEE. https://doi.org/10.1109/SPW.2015.27
[12] A. Khatoon, “A blockchain-based smart contract system for healthcare management,” Electronics, vol. 9, no. 1, p. 94, 2020.
[13] P. V. Kakarlapudi and Q. H. Mahmoud, “Design and development of a blockchain-based system for private data management,” Electronics, vol. 10, no. 24, p. 3131, 2021.
[14] M. M. Madine, K. Salah, R. Jayaraman, I. Yaqoob, Y. Al-Hammadi, S. Ellahham, and P. Calyam, “Fully decentralized multi-party consent management for secure sharing of patient health records,” IEEE Access, vol. 8, pp. 225777–225791, 2020.
[15] B. Jacobs, C. Lal, and M. Conti, “Integrating consent management techniques into blockchain-based medical data sharing,” Delft University of Technology, 2021. [Online]. Available: http://resolver.tudelft.nl/uuid:b40c42e6-4369-46cf-a49a-4d50123ff505
[16] R. R. Agarwal, D. Kumar, L. Golab, and S. Keshav, “Consentio: Managing consent to data access using permissioned blockchains,” in Proc. IEEE Int. Conf. Blockchain and Cryptocurrency (ICBC), 2020, pp. 1–9.
[17] T. M. Kim, S. J. Lee, D. J. Chang, J. Koo, T. Kim, K. H. Yoon, and I. Y. Choi, “DynamiChain: Development of medical blockchain ecosystem based on dynamic consent system,” Applied Sciences, vol. 11, no. 4, p. 1612, 2021.
[18] S. P. Mann, J. Savulescu, P. Ravaud, and M. Benchoufi, “Blockchain, consent and prosent for medical research,” Journal of Medical Ethics, vol. 47, no. 4, pp. 244–250, 2021.
[19] M. M. Merlec, Y. K. Lee, S. P. Hong, and H. P. In, “A smart contract-based dynamic consent management system for personal data usage under GDPR,” Sensors, vol. 21, no. 23, p. 7994, 2021.
