Decentralized GDPR consent manager

GDPR Overview

1. When a user visits a website its needed to request consent for data access
2. User observes the requests and grants consent
3. Generally data processors or vendors on behalf of data controllers or companies/business are required to honor compliance

Problem area

• Each business has its own process for capturing user consent on user data and is not consistent
• Each business has its own procedure for capturing alteration/change to user consent
• This may involve user to email or alter preference in website or contact respective representative
• The act of user altering consent or type of data which is accessible varies from business to business
• Due to lack of a common ledger highlighting the type of data captured and/or used , the user will have to recollect the consent provided for different website or business which the user has had relationship with
• There may be delay in user submitting the request and business adhering to the data usage consent alteration, this delay may be unintentional owing to sluggish process workflow adopted by the business or it could be intentional

Solution

Account

The solution intends to provide an account for the user to allow the user to save the data consent preferences which can be autofilled when the user visits affiliated websites which entertain preference injection of the user.

Website widget

Websites are provided with widget which can acquire consent information from visiting users

1. User is registered and has an account with data consent preferences set; The user also uses a browser extension which can inject the preferences to these websites
2. For unregistered users, the widget acquires the information, optionally the user can also register an account here, to save preferences.
3. The user consent is also persisted in blockchain, thus acting as a proof of user consent to a certain business.

Consent alteration and management

User can view all the permissions provided to diverse business in a single view and can at any time alter the permissions.

The permission altered is notified to the concerned business and also the information is persisted in blockchain this will record the timestamp at which the business was notified.

Thus allowing a proof of consent alterations , which can be used to question the business if user unconsented data is still used .

Business deals

Business can have the benefit of enlisting deals in the platform which the users are notified to based on their preference or which the user can observe in their account.

The deals provide the user with rebate or benefits and in return the business expects certain data from the user. The user can grant access to the data for a duration of time (facebook asking user to use click stream data for 1 year) and avail benefits.