A Design- by- Privacy Framework for End- User Data Controls

Abstract: Our internet makes data storage and sharing more convenient. An increasing amount of privacy data is being stored on different application platforms, so the security of these data has become a public concern. The European Council General Data Protection Regulation (GDPR) put forward clear requirements for application platforms to give back end- users data control, and the regulations came into force in May 2018. However, there is still a lack of low- cost, easy- to-manage user data control framework in the application platform, especially for startups. To address the problem, I apply Amazon Cognito to provide user account management and monitor. Therefore, I store the user information (e.g., username, email) registered on the web application in Cognito to achieve user authentication. I also associate the web application with Amazon Web Services (AWS) Application Programming Interface (API) Gateway to implement the data control operations on the web application to the AWS DynamoDB database. The final result proves that the framework can successfully implement data control operations on the end- user data under the requirements of GDPR. Meanwhile, all data operation results can be displayed in real- time on the web application and can be used in the corresponding AWS service to monitor.