The Privacy Protection Enforcement (PPE) component has been designed and developed by cyberSocial Lab  within the CyberNEMO project and publicly accessible on the Eclipse Research Labs repository,
Our tool acts as a privacy-aware authorization and enforcement mechanism supporting secure data sharing across the computing continuum. Operating in conjunction with the Computing Continuum Access Security Broker (CASB), the PPE is responsible for ensuring that access to personal and sensitive data is granted only when the applicable processing policies and user consents are satisfied.

The architecture of the PPE has been designed to support secure and trustworthy data exchanges across cloud, edge, and IoT environments, while promoting data sovereignty, privacy preservation, and regulatory compliance. By combining policy-based access control mechanisms with consent management capabilities, the component enables organizations to maintain control over how sensitive data is accessed and processed across distributed infrastructures.

PPE provides a structured framework for defining and enforcing privacy and data access requirements. Indicative controls and verification mechanisms supported by the component include:

• Validation of consent records before access to protected data is granted.
• Enforcement of data processing policies applicable to data consumers.
• Verification of consent validity and policy applicability during access requests.
• Auditing and traceability of authorization and access control decisions.
• Verification of cryptographic proofs associated with policies and consents.

The PPE has been designed in alignment with the principles of the General Data Protection Regulation (GDPR), supporting key requirements such as lawful processing, explicit consent management, accountability, transparency. It contributes to ensuring that sensitive data is accessed only when valid consent and an applicable processing policy exist.

Furthermore, the use of cryptographic proofs and immutable audit trails strengthens accountability by providing verifiable evidence of consent and authorization decisions throughout the data lifecycle. The adoption of blockchain-based evidence storage, rather than storing personal data directly on-chain, supports privacy-preserving processing practices while facilitating regulatory compliance across distributed cloud, edge, and IoT environments.

PPE integrates with the broader CyberNEMO security ecosystem through the CASB. When a data consumer requests access to protected data, the component evaluates the corresponding policies and consents before authorizing the request. Authorization outcomes can be propagated to other platform components, enabling coordinated security, governance, and compliance operations across the CyberNEMO architecture.

The component is currently under development and will contribute to the implementation of secure, privacy-preserving data sharing services compliant with applicable regulatory requirements across the CyberNEMO computing continuum. In line with the CyberNEMO open-source strategy, the PPE is released under the Apache License 2.0.