In many application domains, there is a need to ensure that users satisfy some requirements to use a service: for example, there is a minimum age to buy alcoholic beverages or to watch some videos on YouTube. In these situations, organizations typically collect more personal information than necessary to provide a better service. The consequence is a personal data leakage that violates the data minimization principle stated by the General Data Protection Regulation 2016/679. This article proposes a new approach for allowing individuals to maintain control over the disclosure of their data, deciding which information to disclose and for how long. Our approach is based on the use of social networks, and implementation on Facebook is presented to show that the proposed solution is effective, cheap, friendly, and simple to adopt.

A Lightweight Scheme Exploiting Social Networks for Data Minimization According to the GDPR / Lax, G.; Russo, A.. - In: IEEE TRANSACTIONS ON COMPUTATIONAL SOCIAL SYSTEMS. - ISSN 2329-924X. - 8:2(2021), pp. 388-397. [10.1109/TCSS.2020.3049009]

A Lightweight Scheme Exploiting Social Networks for Data Minimization According to the GDPR

Lax G.
;
Russo A.
2021-01-01

Abstract

In many application domains, there is a need to ensure that users satisfy some requirements to use a service: for example, there is a minimum age to buy alcoholic beverages or to watch some videos on YouTube. In these situations, organizations typically collect more personal information than necessary to provide a better service. The consequence is a personal data leakage that violates the data minimization principle stated by the General Data Protection Regulation 2016/679. This article proposes a new approach for allowing individuals to maintain control over the disclosure of their data, deciding which information to disclose and for how long. Our approach is based on the use of social networks, and implementation on Facebook is presented to show that the proposed solution is effective, cheap, friendly, and simple to adopt.
2021
Access control
Authentication
authentication
Cryptographic hash function
eIDAS Regulation
General Data Protection Regulation
general data protection regulation (GDPR)
Generators
Minimization
privacy.
Proposals
Social networking (online)
File in questo prodotto:
File Dimensione Formato  
Lax_2021_TCSS_Lightweight_Post.pdf

accesso aperto

Descrizione: post-print
Tipologia: Documento in Post-print
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 2.45 MB
Formato Adobe PDF
2.45 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12318/94896
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? 4
social impact