Technical Requirements and Approaches in Personal Data Control

Junsik Sim; Beomjoong Kim; Kiseok Jeon; Moonho Joo; Jihun Lim; Junghee Lee; Kim Kwang Raymond Choo

doi:10.1145/3558766

Technical Requirements and Approaches in Personal Data Control

Junsik Sim, Beomjoong Kim, Kiseok Jeon, Moonho Joo, Jihun Lim, Junghee Lee, Kim Kwang Raymond Choo

Research output: Contribution to journal › Review article › peer-review

6 Citations (Scopus)

Abstract

There has been a trend of moving from simply de-identification to providing extended data control to their owner (e.g., data portability and right to be forgotten), partly due to the introduction of the General Data Protection Regulation (GDPR). Hence, in this paper, we survey the literature to provide an in-depth understanding of the existing approaches for personal data control (e.g., we observe that most existing approaches are generally designed to facilitate compliance), as well as the privacy regulations in Europe, United Kingdom, California, South Korea, and Japan. Based on the review, we identify the associated technical requirements, as well as a number of research gaps and potential future directions (e.g., the need for transparent processing of personal data and establishment of clear procedure in ensuring personal data control).

Original language	English
Article number	190
Journal	ACM Computing Surveys
Volume	55
Issue number	9
DOIs	https://doi.org/10.1145/3558766
Publication status	Published - 2023 Sept 30

Bibliographical note

Publisher Copyright:
© 2023 Association for Computing Machinery.

Keywords

Personal data
compliance
control rights

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1145/3558766

Cite this

@article{1586388f733c48cdad5b5da84d8c7b74,

title = "Technical Requirements and Approaches in Personal Data Control",

abstract = "There has been a trend of moving from simply de-identification to providing extended data control to their owner (e.g., data portability and right to be forgotten), partly due to the introduction of the General Data Protection Regulation (GDPR). Hence, in this paper, we survey the literature to provide an in-depth understanding of the existing approaches for personal data control (e.g., we observe that most existing approaches are generally designed to facilitate compliance), as well as the privacy regulations in Europe, United Kingdom, California, South Korea, and Japan. Based on the review, we identify the associated technical requirements, as well as a number of research gaps and potential future directions (e.g., the need for transparent processing of personal data and establishment of clear procedure in ensuring personal data control).",

keywords = "Personal data, compliance, control rights",

author = "Junsik Sim and Beomjoong Kim and Kiseok Jeon and Moonho Joo and Jihun Lim and Junghee Lee and Choo, {Kim Kwang Raymond}",

note = "Publisher Copyright: {\textcopyright} 2023 Association for Computing Machinery.",

year = "2023",

month = sep,

day = "30",

doi = "10.1145/3558766",

language = "English",

volume = "55",

journal = "ACM Computing Surveys",

issn = "0360-0300",

publisher = "Association for Computing Machinery (ACM)",

number = "9",

}

TY - JOUR

T1 - Technical Requirements and Approaches in Personal Data Control

AU - Sim, Junsik

AU - Kim, Beomjoong

AU - Jeon, Kiseok

AU - Joo, Moonho

AU - Lim, Jihun

AU - Lee, Junghee

AU - Choo, Kim Kwang Raymond

PY - 2023/9/30

Y1 - 2023/9/30

N2 - There has been a trend of moving from simply de-identification to providing extended data control to their owner (e.g., data portability and right to be forgotten), partly due to the introduction of the General Data Protection Regulation (GDPR). Hence, in this paper, we survey the literature to provide an in-depth understanding of the existing approaches for personal data control (e.g., we observe that most existing approaches are generally designed to facilitate compliance), as well as the privacy regulations in Europe, United Kingdom, California, South Korea, and Japan. Based on the review, we identify the associated technical requirements, as well as a number of research gaps and potential future directions (e.g., the need for transparent processing of personal data and establishment of clear procedure in ensuring personal data control).

AB - There has been a trend of moving from simply de-identification to providing extended data control to their owner (e.g., data portability and right to be forgotten), partly due to the introduction of the General Data Protection Regulation (GDPR). Hence, in this paper, we survey the literature to provide an in-depth understanding of the existing approaches for personal data control (e.g., we observe that most existing approaches are generally designed to facilitate compliance), as well as the privacy regulations in Europe, United Kingdom, California, South Korea, and Japan. Based on the review, we identify the associated technical requirements, as well as a number of research gaps and potential future directions (e.g., the need for transparent processing of personal data and establishment of clear procedure in ensuring personal data control).

KW - Personal data

KW - compliance

KW - control rights

UR - http://www.scopus.com/inward/record.url?scp=85147841338&partnerID=8YFLogxK

U2 - 10.1145/3558766

DO - 10.1145/3558766

M3 - Review article

AN - SCOPUS:85147841338

SN - 0360-0300

VL - 55

JO - ACM Computing Surveys

JF - ACM Computing Surveys

IS - 9

M1 - 190

ER -

Technical Requirements and Approaches in Personal Data Control

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this