The University of Southampton
University of Southampton Institutional Repository

Enabling personal consent in databases

Enabling personal consent in databases
Enabling personal consent in databases
Users have the right to consent to the use of their data, but current methods are limited to very coarse-grained expressions of consent, as "opt-in/opt-out" choices for certain uses. In this paper we identify the need for fine-grained consent management and formalize how to express and manage user consent and personal contracts of data usage in relational databases. Unlike privacy approaches, our focus is not on preserving confidentiality against an adversary, but rather cooperate with a trusted service provider to abide by user preferences in an algorithmic way. Our approach enables data owners to express the intended data usage in formal specifications, that we call consent constraints, and enables a service provider that wants to honor these constraints, to automatically do so by filtering query results that violate consent; rather than both sides relying on "terms of use" agreements written in natural language. We provide formal foundations (based on provenance), algorithms (based on unification and query rewriting), connections to data privacy, and complexity results for supporting consent in databases. We implement our framework in an open source RDBMS, and provide an evaluation against the most relevant privacy approach using the TPC-H benchmark, and on a real dataset of ICU data.
375–387
Konstantinidis, Georgios
f174fb99-8434-4485-a7e4-bee0fef39b42
Holt, Jet
8bfcf1d8-2fb6-4d1d-bdef-f9171d3b5aeb
Chapman, Age
721b7321-8904-4be2-9b01-876c430743f1
Konstantinidis, Georgios
f174fb99-8434-4485-a7e4-bee0fef39b42
Holt, Jet
8bfcf1d8-2fb6-4d1d-bdef-f9171d3b5aeb
Chapman, Age
721b7321-8904-4be2-9b01-876c430743f1

Konstantinidis, Georgios, Holt, Jet and Chapman, Age (2021) Enabling personal consent in databases. Proceedings of the VLDB Endowment, 15 (2), 375–387. (doi:10.14778/3489496.3489516).

Record type: Article

Abstract

Users have the right to consent to the use of their data, but current methods are limited to very coarse-grained expressions of consent, as "opt-in/opt-out" choices for certain uses. In this paper we identify the need for fine-grained consent management and formalize how to express and manage user consent and personal contracts of data usage in relational databases. Unlike privacy approaches, our focus is not on preserving confidentiality against an adversary, but rather cooperate with a trusted service provider to abide by user preferences in an algorithmic way. Our approach enables data owners to express the intended data usage in formal specifications, that we call consent constraints, and enables a service provider that wants to honor these constraints, to automatically do so by filtering query results that violate consent; rather than both sides relying on "terms of use" agreements written in natural language. We provide formal foundations (based on provenance), algorithms (based on unification and query rewriting), connections to data privacy, and complexity results for supporting consent in databases. We implement our framework in an open source RDBMS, and provide an evaluation against the most relevant privacy approach using the TPC-H benchmark, and on a real dataset of ICU data.

Text
3489496.3489516 - Version of Record
Download (3MB)

More information

Published date: October 2021
Additional Information: Funding Information: George Konstantinidis was supported by the Alan Turing Institute through a Fellowship and an Enhancement Project. Adriane Chapman was partially supported by EPSRC (EP/SO28366/1). We deeply thank Paolo Pareti and Muhammed Qaid for helping with some of the experiments. Publisher Copyright: © 2021, VLDB Endowment. All rights reserved.

Identifiers

Local EPrints ID: 467954
URI: http://eprints.soton.ac.uk/id/eprint/467954
PURE UUID: d3cd5820-5a39-4677-912f-333501d8717c
ORCID for Age Chapman: ORCID iD orcid.org/0000-0002-3814-2587

Catalogue record

Date deposited: 26 Jul 2022 16:53
Last modified: 06 Jun 2024 01:59

Export record

Altmetrics

Contributors

Author: Georgios Konstantinidis
Author: Jet Holt
Author: Age Chapman ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×