Privacy by Design Enabled Dynamic Consent Management Systems: A Demonstration Perspective
摘要
Medical data sharing offers clinical organizations a more comprehensive view of patient medical histories, ultimately improving patient care. Integrating access control into healthcare systems further enhances data security and privacy by empowering individuals through a Dynamic Consent Management System (DCMS). However, issues such as unauthorized access and misuse of personal records often remain unaddressed by privacy legislation alone. Although regulations like the EU’s General Data Protection Regulation (GDPR) mandate informed consent, ambiguities in these rules can make compliance challenging. In response, this paper proposes a Privacy-by-Design (PbD) enabled DCMS aimed at granting data subjects (DS) greater control over their information. The proof-of-concept solution is a user-friendly, web-based platform that illustrates the interactions among key stakeholders (data subjects, data requesters, and data controllers), details consent policies, and demonstrates privacy-by-design principles. Users can customize their level of consent at any time, choosing to grant, revoke, enable, or disable permissions as needed. A brief case study, design results, and comparative analyses are presented to demonstrate the system’s efficacy. By leveraging PbD, this solution seeks to address critical gaps in data privacy and ensure regulatory compliance.