Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Proof of Erasure: Secure Personal Data Deletion with Public Verifiability

Organization

Queen’s University

Published

2022

Project Leader(s)

Jianbing Ni

Summary

The purpose of the research is to understand real needs of the general public on the right to be forgotten and design solutions to achieve secure data deletion. The researchers studied the right to be forgotten in different privacy acts, including GDPR, PIPEDA, CCPA, and PIPL, and found that the right to be forgotten is clearly defined in GDPR, CCPA, and PIPL, but PIPEDA does not grant Canadians this right. The researchers also found that technology and financial companies have deployed methods to comply with the right to be forgotten, but government departments do not have any implementation. However, according to the 2197 responses of an online survey, the general public strongly worry about the personal information to be used, copied, shared, or saved without consensus, and 78% believes the right to be forgotten is important and they used or will use this right to delete their personal data collected by companies. Moreover, 80% worry about that companies may keep their data after they delete their accounts, so they believe they should have the capability to verify whether their data are really deleted by companies under request. Therefore, the researchers designed a novel secure and verifiable data deletion scheme based on Intel SGX, which achieves the verification of data encryption operation and ensures secure deletion of the decryption keys. After the decryption keys are permanently deleted, the data can be no longer recovered. The new scheme is deployable on the existing cloud storage platforms to enable proof of erasure.

Project deliverables are available in the following language(s)

English

OPC Funded Project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact Information

Jianbing Ni
Assistant Professor
Department of Electrical and Computer Engineering
Queen’s University at Kingston
Walter Light Hall Room 403
19 Union St, Kingston, ON  K7L 3N9
613-533-6000 ext. 79428
E-mail: Jianbing Ni

Date modified: