Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal

Said Daoudagh, Eda Marchetti, Vincenzo Savarino, Jorge Bernal Bernabe, Jesús García-Rodríguez, Rafael Torres Moreno, Juan Antonio Martinez, Antonio F. Skarmeta
2021 Sensors  
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based
more » ... ess Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.
doi:10.3390/s21217154 pmid:34770462 pmcid:PMC8588184 fatcat:2pbapqwiunbtnogmnh6zp33eoq