Data Revocation on the Internet

Kieselmann, Olga

kassel university press, ISBN: 978-3-7376-0420-8, 2018, 160 Pages
(ITeG - Interdisciplinary Research on Information System Design 5)

URN: urn:nbn:de:0002-404218

DOI: 10.19211/KUP9783737604215

Zugl.: Kassel, Univ., Diss. 2017

| Price and available forms -->

Content: After publishing data on the Internet, the data publisher loses control over it. However, there are several situations where it is desirable to revoke published information. To support this, the European Commission has elaborated the General Data Protection Regulation (GDPR). In particular, this regulation requires that controllers must delete data on user's demand. However, the data might already have been copied by third parties. Therefore, Article 17 of the GDPR includes the regulation that a controller must also inform all affected third parties about revocation requests. Hence, the controllers would need to track every access, which is hard to achieve. This technical infeasibility is a gap between the legislation and the current technical possibilities. To close it, we provide a distributed and decentralized Internet-wide data revocation service (DRS), which is based on the combination of the technical mechanisms and the obligation to follow the legal regulations. With the DRS, the user can notify automatically and simultaneously all affected controllers about her revocation request. Thus, we implicitly provide the notification of third parties about the user's request.

Publication is available in following forms:

Full text (pdf-file, printable, Open Access - 4.43 MB)
view PDF