SmaC - Smart Consent
We have designed a software for the management and control of personal data consent through smart contracts, blockchain technology and graphic icons. All functionalities necessary for the complete management of informed consent (Grant, Revoke, and View) are developed and included in the software. It provides smart contracts written in Solidity language and developed using the Truffle framework. The invocation of smart contracts is managed via the Web3 package in JavaScript. The software provides an innovative way of managing informed consent, through the combination of new technologies (blockchain and smart contracts) and an advanced user experience implemented with informed consent icons, because the consent can be difficult for users to understand. With this tool, the entire process is simplified and made more transparent. The set of illustrative icons is meaningful and user-friendly; through the icons, the user is enabled to more easily and quickly understand the type of personal data that will be involved and shared. The icons do not replace the traditional informed consent policy, but align with it and complement it for a comprehensive view of the user.
ReD - Compliant-Regulatory Data Exchange
ReD is a software component belonging to the class of Privacy-Enhancing Technologies (PETs), i.e. technologies that embody fundamental data protection principles by adopting countermeasures in compliance with regulation.
ReD provides three main features:
- Consent-based Exchange authorises data exchange between parties (i.e. data controller and data processor) based on consent provided by data owner (i.e. data subject) and agreed with data controller through smart contracts. This ensures data subjects to have full control of their own (personal) data;
- Notification notifies specific events impacting data control (e.g. data access request or data breaches) to interested parties (e.g. data subject). This ensures data subjects’ rights (i.e. to be informed);
- Data Access Tracking constantly monitors and logs data access, building evidence of activities on data.
ReD is based on three building blocks: i) blockchain and
smart contracts technology to register and rectify consents to access data (
built on GoQuorum); message queue mechanisms for
notification of events (
built on RabbitMQ); and an
orchestration logic to enable and manage activities in response to specific message events (
built on Python).
With these building blocks and features, ReD ensures at the same time
i) trust between parties;
ii) data integrity and immutability;
iii) confidentiality and privacy.