Design and Implementation of a Blockchain-based Consent Management System
This addresses consent management for end-users under regulations like GDPR, but it is incremental as it applies existing blockchain technology to a specific domain.
The paper tackles the problem of managing user consent for private information by designing and implementing a permissioned blockchain-based system, with a proof of concept using Hyperledger Fabric that aligns with GDPR principles and privacy by design.
A blockchain is a distributed ledger forming a distributed consensus on a history of transactions. It is the underlying technology for the Bitcoin cryptocurrency, but there are many applications beyond the financial sector. With built-in security and removal of the need for third party trust, blockchain has started to see some use within contract applications among other things. In this paper, we present the design and implementation of a permissioned-based blockchain third party consent management system, whose policy can be decided by a government agency. We have constructed a proof of concept implementation using Hyperledger Fabric to provide a service that allows end-users to control and consent to who manages their private information. We believe our solution meets the guiding principles of EU General Data Protection Regulation or GDPR. While our performance and usability evaluation are limited, our solution design and its implementation meet the 7 foundational principles of privacy by design.