Design and Implementation of a Smart Contract-Based Consent Management Model for Secure Personal Data Sharing
Abstract
Emerging data-sharing paradigms demand robust mechanisms to ensure user consent is dynamically managed while preserving data sovereignty. This paper proposes a blockchain-driven consent management model that leverages smart contracts, offline storage, and a JavaScript/JSON front end to empower data owners in healthcare, finance, and identity management. The framework decentralizes consent logging, automates access enforcement, and integrates GDPR-compliant "right to revoke" functionalities, addressing critical gaps in existing systems such as offline accessibility, cross-industry interoperability, and regulatory compliance. A mixed-methods approach—combining a systematic literature review (SLR) of 150 studies (2018–2023) and three case studies—validates the model's efficacy. Performance benchmarks reveal sub-second consent updates, 99.98% audit accuracy, and 40% reduced breach risks compared to centralized systems. The hybrid architecture employs a two-tiered design, with an on-chain layer for immutable consent logging and an offline layer for local data storage, ensuring enforceability even during network outages. The front end, built using React.js and Ethers.js, provides a user-friendly interface for non-technical users to define and manage consent terms. Security protocols, including FIDO2 authentication and AES-256-GCM encryption, ensure robust protection against unauthorized access. Challenges include gas cost volatility in public blockchains and latency in multi-chain consent synchronization. The study contributes a novel hybrid architecture, open-source front-end tools, and a regulatory alignment roadmap for decentralized consent ecosystems. Case studies in healthcare, finance, and identity management demonstrate the model's practical applicability, with unauthorized access reduced by 40% and user satisfaction scores exceeding 4.7/5. Future work will explore AI-driven consent drafting, interoperability standards, and quantum-resistant cryptography to further enhance the model's scalability and security. This research advances the state of the art in blockchain-based consent management, offering a scalable, secure, and user-centric solution for data sovereignty in the digital age.
References
Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf.
Buterin, V. (2014). Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform. https://ethereum.org/en/whitepaper/.
Androulaki, E., et al. (2018). Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains. Proceedings of the Thirteenth EuroSys Conference.
Brown, R. G. (2016). Corda: An Introduction. R3 CEV.
Zhang, Y., et al. (2019). Access Control in Blockchain Systems: Challenges and Opportunities. IEEE Transactions on Dependable and Secure Computing.
Wang, H., et al. (2020). Attribute-Based Encryption for Fine-Grained Access Control in Blockchain Systems. Journal of Network and Computer Applications.
Li, J., et al. (2021). Hybrid Access Control Models for Blockchain: A Survey. IEEE Access.
Zheng, Z., et al. (2020). Blockchain Applications in Healthcare: A Systematic Review. Journal of Medical Systems.
Atzei, N., et al. (2017). A Survey of Attacks on Ethereum Smart Contracts. International Conference on Principles of Security and Trust.
Sandhu, R. S., et al. (1996). Role-Based Access Control Models. IEEE Computer.
Hu, V. C., et al. (2013). Guide to Attribute-Based Access Control (ABAC) Definition and Considerations. NIST Special Publication.
Goyal, V., et al. (2006). Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. Proceedings of the 13th ACM Conference on Computer and Communications Security.
Lewko, A., & Waters, B. (2011). Decentralizing Attribute-Based Encryption. Advances in Cryptology – EUROCRYPT 2011.
Gavin Wood. (2025). Ethereum: A Secure Decentralised Generalised Transaction Ledger
Georgia Weidman. (2014). "Penetration Testing: A Hands-On Introduction to Hacking"
Carbon Trust, 2020. “The Carbon Footprint of Cloud Computing"
Copyright (c) 2025 Godwin Mandinyenya, Vusumuzi Malele
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
