Put Your Money Where Your Mouth Is – Towards Blockchain-based Consent Violation Detection

Faulty access control in API-based multi-service setups can lead to violations of consent declarations through unauthorized Third Parties. This threatens Service Providers to lose the trust of their Service Consumers and to be exposed to sensitive fines as defined by the GDPR.Addressing this problem, in this paper, we propose a novel, blockchain-based approach for enabling economically motivated and technically mediated detection of violations of consent declarations in multi-service setups and derive its legal viability from a thorough analysis of the GDPR. The herein introduced Violation Detection mechanism allows for a censorship-resistant and publicly verifiable detection of violations to registered Consent Policies based on off-chain computed violation claims utilizing non-interactive zero-knowledge proofs. The corresponding System Design specifies all required roles and artifacts to integrate the Violation Detection mechanism with standard procedures for consent-based access control. The integration of our system supports Service Providers to fulfill legal requirements and, therefore, paves the way towards automated policy violation detection within GDPR-compliant consent-based access control solutions.