Technical Requirements and Approaches in Personal Data Control

Junsik Sim, Beomjoong Kim, Kiseok Jeon, Moonho Joo, Jihun Lim, Junghee Lee, Kim Kwang Raymond Choo

Research output: Contribution to journalReview articlepeer-review


There has been a trend of moving from simply de-identification to providing extended data control to their owner (e.g., data portability and right to be forgotten), partly due to the introduction of the General Data Protection Regulation (GDPR). Hence, in this paper, we survey the literature to provide an in-depth understanding of the existing approaches for personal data control (e.g., we observe that most existing approaches are generally designed to facilitate compliance), as well as the privacy regulations in Europe, United Kingdom, California, South Korea, and Japan. Based on the review, we identify the associated technical requirements, as well as a number of research gaps and potential future directions (e.g., the need for transparent processing of personal data and establishment of clear procedure in ensuring personal data control).

Original languageEnglish
Article number190
JournalACM Computing Surveys
Issue number9
Publication statusPublished - 2023 Jan 13

Bibliographical note

Funding Information:
This research was supported partly by Korea university grant, and by Institute of Information communications Technology Planning Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2021-0-00528, Development of Hardware-centric Trusted Computing Base and Standard Protocol for Distributed Secure Data Box, 40%) (No. 2021-0-00532, Blockchain scalability solutions supporting high performance/capacity transactions, 30%) (No. 2021-0-00518, High performance blockchain privacy preserving techniques based on commitment, encryption, and zero-knowledge proofs, 30%).

Publisher Copyright:
© 2023 Association for Computing Machinery.


  • Personal data
  • compliance
  • control rights

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Technical Requirements and Approaches in Personal Data Control'. Together they form a unique fingerprint.

Cite this