Secure and Privacy-Preserving Authentication for Data Subject Rights Enforcement

arXiv:2404.15859v1 Announce Type: new
Abstract: In light of the GDPR, data controllers (DC) need to allow data subjects (DS) to exercise certain data subject rights. A key requirement here is that DCs can reliably authenticate a DS. Due to a lack of clear technical specifications, this has been realized in different ways, such as by requesting copies of ID documents or by email address verification. However, previous research has shown that this is associated with various security and privacy risks …

arxiv authenticate authentication can clear controllers cs.cr data dcs enforcement exercise gdpr key privacy rights technical