Making sense of solid for data governance and GDPR
Pandit, Harshvardhan J.ORCID: 0000-0002-5068-3714
(2023)
Making sense of solid for data governance and GDPR.
Information, 14
(2).
p. 114.
ISSN 2078-2489
Solid is a new radical paradigm based on decentralising control of data from central organisations to individuals that seeks to empower individuals to have active control of who and how their data is being used. In order to realise this vision, the use-cases and implementations of Solid also require us to be consistent with the relevant privacy and data protection regulations such as the GDPR. However, to do so first requires a prior understanding of all actors, roles, and processes involved in a use-case, which then need to be aligned with GDPR's concepts to identify relevant obligations, and then investigate their compliance. To assist with this process, we describe Solid as a variation of `cloud technology' and adapt the existing standardised terminologies and paradigms from ISO/IEC standards. We then investigate the applicability of GDPR's requirements to Solid-based implementations, along with an exploration of how existing issues arising from GDPR enforcement also apply to Solid. Finally, we outline the path forward through specific extensions to Solid's specifications that mitigate known issues and enable the realisation of its benefits.
Item Type:
Article (Published)
Refereed:
Yes
Additional Information:
Article number: 114
Uncontrolled Keywords:
personal data stores; personal information management systems; security; privacy; data protection; ISO; semantic web