🇬🇧

Data Revocation on the Internet

After publishing data on the Internet, the data publisher loses control over it. However, there are several situations where it is desirable to revoke published information. To support this, the European Commission has elaborated the General Data Protection Regulation (GDPR). In particular, this regulation requires that controllers must delete data on user's demand. However, the data might already have been copied by third parties. Therefore, Article 17 of the GDPR includes the regulation that a controller must also inform all affected third parties about revocation requests. Hence, the controllers would need to track every access, which is hard to achieve. This technical infeasibility is a gap between the legislation and the current technical possibilities. To close it, we provide a distributed and decentralized Internet-wide data revocation service (DRS), which is based on the combination of the technical mechanisms and the obligation to follow the legal regulations. With the DRS, the user can notify automatically and simultaneously all affected controllers about her revocation request. Thus, we implicitly provide the notification of third parties about the user's request.

Imprint
@book{doi:10.19211/KUP9783737604215,
urn:nbn:de:0002-404218,
  author    ={Kieselmann, Olga},
  title    ={Data Revocation on the Internet},
  keywords ={004 and 340 and Europäische Union: Datenschutz-Grundverordnung and Internetdienst and Datenschutz and Personenbezogene Daten and Zugriffskontrolle and Verteilte Hash-Tabelle and Löschen },
  copyright  ={https://rightsstatements.org/page/InC/1.0/},
  language ={en},
  year   ={2018}
}