Abstract
Secure data distribution is critical for data accountability. Surveillance caused privacy breaching incidents have already questioned existing personal data collection techniques. Organizations assemble a huge amount of personally identifiable information (PII) for data-driven market analysis and prediction. However, the limitation of data tracking tools restricts the detection of exact data breaching points. Blockchain technology, an ‘immutable’ distributed ledger, can be leveraged to establish a transparent data auditing platform. However, Art. 42 and Art. 25 of general data protection regulation (GDPR) demands ‘right to forget’ and ‘right to erase’ of personal information, which goes against the immutability of blockchain technology. This paper proposes a GDPR complied decentralized and trusted PII sharing and tracking scheme. Proposed blockchain based personally identifiable information management system (BcPIIMS) demonstrates data movement among GDPR entities (user, controller and processor). Considering GDPR limitations, BcPIIMS used off-the-chain data storing architecture. A prototype was created to validate the proposed architecture using multichain. The use of off-the-chain storage reduces individual block size. Additionally, private blockchain also limits personal data leaking by collecting fast approval from restricted peers. This study presents personal data sharing, deleting, modifying and tracking features to verify the privacy of proposed blockchain based personally identifiable information management system.
References
[1] Number of social media users worldwide 2010-2021, Statista, https://www.statista.com/statistics/278414/number-of-worldwide-social-network-users/ [Accessed: 06-Mar-2019]Search in Google Scholar
[2] Cadwalladr C., Graham-Harrison E., Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach, The Guardian, 17 Mar 2018Search in Google Scholar
[3] Zou Y., Mhaidli A. H., McCall A., Schaub F., “I’ve got nothing to lose”: Consumers’ risk perceptions and protective actions after the equifax data breach, In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), 2018, 197–216Search in Google Scholar
[4] First Half 2017 Breach Level Index Report: Identity Theft and Poor Internal Security Practices Take a Toll, https://www.gemalto.com/press/pages/first-half-2017-breach-level-index-report-identity-theft-and-poor-internal-security-practices-take-a-toll.aspx [Accessed: 06-Mar-2019]Search in Google Scholar
[5] Kumar V., Reinartz W., Customer privacy concerns and privacy protective responses, In: Customer Relationship Management: Concept, Strategy, and Tools, Third Edition, Springer Texts in Business and Economics, 2018, 285–30910.1007/978-3-662-55381-7_14Search in Google Scholar
[6] Sweeney L., k-anonymity: a model for protecting privacy, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 2002, 10(5), 557–57010.1142/S0218488502001648Search in Google Scholar
[7] Ahmed M., Ullah A. S. S. M. B., False data injection attacks in healthcare, In: Boo Y., Stirling D., Chi L., Liu L., Ong KL.,Williams G. (Eds.), Data Mining, AusDM 2017, Communications in Computer and Information Science, Springer, Singapore, 2017, 845, 192–20210.1007/978-981-13-0292-3_12Search in Google Scholar
[8] Miraz M. H., Ali M., Applications of Blockchain Technology beyond Cryptocurrency, Annals of Emerging Technologies in Computing (AETiC), 2018, 2(1), 1–610.33166/AETiC.2018.01.001Search in Google Scholar
[9] Miraz M. H., Donald D. C., Application of Blockchain in Booking and Registration Systems of Securities Exchanges, In: International Conference on Computing, Electronics & Communications Engineering (iCCECE), IEEE, 2018, 35–4010.1109/iCCECOME.2018.8658726Search in Google Scholar
[10] Onik M. M. H., Miraz M. H., Kim C.-S., A Recruitment and Human ResourceManagement Technique using Blockchain Technology for Industry 4.0, In: Proceedings of the Smart Cities Symposium (SCS-2018), 2018, 11–1610.1049/cp.2018.1371Search in Google Scholar
[11] Onik M. M. H., Ahmed M., Blockchain in the Era of Industry 4.0, In: Ahmed M., Pathan A. S. K. (Eds.), Data Analytics, CRC Press, 2018, 259–298Search in Google Scholar
[12] Joshi K. P., Gupta A., Mittal S., Pearce C., Joshi A., Finin T., Semantic approach to automatingmanagement of big data privacy policies, In: 2016 IEEE International Conference on Big Data (Big Data), 2016, 482–49110.1109/BigData.2016.7840639Search in Google Scholar
[13] Benhamouda F., Halevi S., Halevi T., Supporting private data on Hyperledger Fabric with secure multiparty computation, In: 2018 IEEE International Conference on Cloud Engineering (IC2E), 2018, 357–36310.1109/IC2E.2018.00069Search in Google Scholar
[14] Bahri L., Carminati B., Ferrari E., Decentralized privacy preserving services for online social networks, Online Social Networks and Media, 2018, 6, 18–2510.1016/j.osnem.2018.02.001Search in Google Scholar
[15] Zyskind G., Nathan O., Decentralizing privacy: Using blockchain to protect personal data, In: Security and Privacy Workshops (SPW), IEEE, 2015, 180–18410.1109/SPW.2015.27Search in Google Scholar
[16] Chen L., Hoang D. B., Novel data protection model in healthcare cloud, In: 2011 IEEE 13th International Conference on High Performance Computing and Communications (HPCC), 2011, 550– 55510.1109/HPCC.2011.148Search in Google Scholar
[17] EUGDPR – Information Portal, https://eugdpr.org/ [Accessed: 06-Mar-2019]Search in Google Scholar
[18] Sucasas V., Mantas G., Althunibat S., Oliveira L., Antonopoulos A., Otung I., Rodriguez J., A privacy-enhanced OAuth 2.0 based protocol for Smart City mobile applications, Computers & Security, 74, 258–27410.1016/j.cose.2018.01.014Search in Google Scholar
[19] Weingärtner R., Westphall C. M., A design towards personally identifiable information control and awareness in openid connect identity providers, In: 2017 IEEE International Conference on Computer and Information Technology (CIT), 2017, 37–4610.1109/CIT.2017.30Search in Google Scholar
[20] Kshetri N., Big data’s impact on privacy, security and consumer welfar, Telecommunications Policy, 2014, 38(11), 1134–114510.1016/j.telpol.2014.10.002Search in Google Scholar
[21] Caron X., Bosua R., Maynard S. B., Ahmad A., The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective, Computer Law&Security Review, 2016, 32(1), 4–1510.1016/j.clsr.2015.12.001Search in Google Scholar
[22] Simpson J. J., The Supreme court of Canada rules on when lenders may share personal information without violating federal privacy legislation, Banking & Finance Law Review, 2017, 32(2), 417Search in Google Scholar
[23] Humphreys E., Implementing the ISO/IEC 27001 information security management system standard, Artech House, Inc., 2007Search in Google Scholar
[24] Pfitzmann A., Hansen M., Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management-a consolidated proposal for terminology, Version v0.31, Feb. 15, 2008Search in Google Scholar
[25] McCallister E., Guide to protecting the confidentiality of personally identifiable information, Diane Publishing, 201010.6028/NIST.SP.800-122Search in Google Scholar
[26] Murphy R. S., Property rights in personal information: An economic defense of privacy, In: Barendt E. (Eds.), Privacy, Routledge, 2017, 43–7910.4324/9781315246024-4Search in Google Scholar
[27] Schaar P., Privacy by design, Identity in the Information Society, 2010, 3(2), 267–27410.1007/s12394-010-0055-xSearch in Google Scholar
[28] Pose C., Raja U., Crossler R. E., Burns A. J., Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA, European Journal of Information Systems, 2017, 26(6), 585–60410.1057/s41303-017-0065-ySearch in Google Scholar
[29] Butler D. A., Rodrick S., Australian media law, Thomson Reuters (Professional) Australia Limited, 2015Search in Google Scholar
[30] Onik M. M. H., Al-Zaben N., Yang J., Kim C. S., Privacy of Things (PoT): personally identifiable information monitoring system for smart homes, In: Proceedings of Symposiumof the Korean Institute of Communications and Information Sciences (KICS), 2018, 256–257Search in Google Scholar
[31] Razaghpanah A., Nithyanand R., Vallina-Rodriguez N., Sundaresan S., Allman M., Kreibich C., Gill P., Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem, In: Procedings of the Network and Distributed Systems Security (NDSS) Symposium 2018, 18-21 February 2018, San Diego, CA, USA10.14722/ndss.2018.23353Search in Google Scholar
[32] Sui P., Li X., Bai Y., A study of enhancing privacy for intelligent transportation systems: k-correlation privacy model against moving preference attacks for location trajectory data, IEEE Access, 2017, 5, 24555–2456710.1109/ACCESS.2017.2767641Search in Google Scholar
[33] Karegar F., Lindegren D., Pettersson J. S., Fischer-Hübner S., User evaluations of an app interface for cloud-based identity management, In: Paspallis N., Raspopoulos M., Barry C., Lang M., Linger H., Schneider C. (Eds.), Advances in Information Systems Development, Lecture Notes in Information Systems and Organisation, Springer, 2018, 26, 205–22310.1007/978-3-319-74817-7_13Search in Google Scholar
[34] Murmann P., Fischer-Hübner S., Tools for achieving usable ex post transparency: a survey, IEEE Access, 2017, 5, 22965–2299110.1109/ACCESS.2017.2765539Search in Google Scholar
[35] Murmann P., Usable transparency for enhancing privacy in mobile health apps, In: MobileHCI 2018, 2018, 440–44210.1145/3236112.3236184Search in Google Scholar
[36] Onik M. M. H., Al-Zaben N., Phan Hoo H., Kim C. S., MUXER – A new equipment for energy saving in Ethernet, Technologies, 2017, 5(4), 7410.3390/technologies5040074Search in Google Scholar
[37] Nakamoto S., Bitcoin: A peer-to-peer electronic cash system, http://bitcoin.org/bitcoin.pdf. [Accessed: 06-Mar-2019]Search in Google Scholar
[38] Zheng Z., Xie S., Dai H., Chen X., Wang H., An overview of blockchain technology: Architecture, consensus, and future trends, In: 2017 IEEE International Congress on Big Data (Big-Data Congress), 2017, 557–56410.1109/BigDataCongress.2017.85Search in Google Scholar
[39] Liang X., Shetty S., Tosh D., Kamhoua C., Kwiat K., Njilla L., Provchain: A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability, In: Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, 2017, 468–47710.1109/CCGRID.2017.8Search in Google Scholar
[40] Zhu L.,Wu Y., Gai K., Choo K. K. R., Controllable and trustworthy blockchain-based cloud data management, Future Generation Computer Systems, 2019, 91, 527–53510.1016/j.future.2018.09.019Search in Google Scholar
[41] Yin S., Bao J., Zhang Y., Huang X., M2M security technology of CPS based on blockchains, Symmetry, 2017, 9(9), 19310.3390/sym9090193Search in Google Scholar
[42] Carey P., Data protection: a practical guide to UK and EU law, Oxford University Press, Inc., 2018Search in Google Scholar
[43] Voss W. G., European Union data privacy law reform: General data protection regulation, privacy shield, and the right to delisting, Business Lawyer, 2017, 72(1), 221–233Search in Google Scholar
[44] EUGDPR – Information Portal, https://gdpr-info.eu/art-4-gdpr/ [Accessed: 06-Mar-2019]Search in Google Scholar
[45] Wirth C., Kolain M., Privacy by blockchain design: a blockchainenabled GDPR-compliant approach for handling personal data, Reports of the European Society for Socially Embedded Technologies, 2018, 2(6), (https://hdl.handle.net/20.500.12015/3159)Search in Google Scholar
[46] Ferrari V., EU blockchain observatory and forum workshop on GDPR, data policy and compliance, Institute for Information Law, Research Paper No. 2018-04, Available at SSRN: https://ssrn.com/abstract=3247494 or http://dx.doi.org/10.2139/ssrn.324749410.2139/ssrn.3247494Search in Google Scholar
[47] De Filippi P. D. F., Blockchain and the Law: The Rule of Code, Harvard University Press, 201810.2307/j.ctv2867spSearch in Google Scholar
[48] Yermack D., Corporate governance and blockchains, Review of Finance, 2017, 21(1), 7–3110.1093/rof/rfw074Search in Google Scholar
[49] Off-chain (Alpha 3) Multichain 2.0, https://www.multichain.com/blog/2018/06/scaling-blockchains-off-chain-data/ [Accessed: 06-Mar-2019]Search in Google Scholar
© 2019 Md Mehedi Hassan Onik et al., published by De Gruyter Open
This work is licensed under the Creative Commons Attribution 4.0 Public License.
