Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Open Computer Science

Editor-in-Chief: van den Broek, Egon

Covered by:
Web of Science - Emerging Sources Citation Index

CiteScore 2018: 0.63
Source Normalized Impact per Paper (SNIP) 2018: 0.604

ICV 2018: 97.86

Open Access
See all formats and pricing
More options …

Privacy-aware blockchain for personal data sharing and tracking

Md Mehedi Hassan Onik / Chul-Soo Kim / Nam-Yong Lee / Jinhong Yang
Published Online: 2019-04-15 | DOI: https://doi.org/10.1515/comp-2019-0005


Secure data distribution is critical for data accountability. Surveillance caused privacy breaching incidents have already questioned existing personal data collection techniques. Organizations assemble a huge amount of personally identifiable information (PII) for data-driven market analysis and prediction. However, the limitation of data tracking tools restricts the detection of exact data breaching points. Blockchain technology, an ‘immutable’ distributed ledger, can be leveraged to establish a transparent data auditing platform. However, Art. 42 and Art. 25 of general data protection regulation (GDPR) demands ‘right to forget’ and ‘right to erase’ of personal information, which goes against the immutability of blockchain technology. This paper proposes a GDPR complied decentralized and trusted PII sharing and tracking scheme. Proposed blockchain based personally identifiable information management system (BcPIIMS) demonstrates data movement among GDPR entities (user, controller and processor). Considering GDPR limitations, BcPIIMS used off-the-chain data storing architecture. A prototype was created to validate the proposed architecture using multichain. The use of off-the-chain storage reduces individual block size. Additionally, private blockchain also limits personal data leaking by collecting fast approval from restricted peers. This study presents personal data sharing, deleting, modifying and tracking features to verify the privacy of proposed blockchain based personally identifiable information management system.

Keywords: general data protection regulation; GDPR; personally identifiable information; PII; privacy policy; distributed ledger; off-chain data; identity management; personal information tracking


  • [1] Number of social media users worldwide 2010-2021, Statista, https://www.statista.com/statistics/278414/number-of-worldwide-social-network-users/ [Accessed: 06-Mar-2019]

  • [2] Cadwalladr C., Graham-Harrison E., Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach, The Guardian, 17 Mar 2018Google Scholar

  • [3] Zou Y., Mhaidli A. H., McCall A., Schaub F., “I’ve got nothing to lose”: Consumers’ risk perceptions and protective actions after the equifax data breach, In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), 2018, 197–216Google Scholar

  • [4] First Half 2017 Breach Level Index Report: Identity Theft and Poor Internal Security Practices Take a Toll, https://www.gemalto.com/press/pages/first-half-2017-breach-level-index-report-identity-theft-and-poor-internal-security-practices-take-a-toll.aspx [Accessed: 06-Mar-2019]

  • [5] Kumar V., Reinartz W., Customer privacy concerns and privacy protective responses, In: Customer Relationship Management: Concept, Strategy, and Tools, Third Edition, Springer Texts in Business and Economics, 2018, 285–309Google Scholar

  • [6] Sweeney L., k-anonymity: a model for protecting privacy, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 2002, 10(5), 557–570CrossrefGoogle Scholar

  • [7] Ahmed M., Ullah A. S. S. M. B., False data injection attacks in healthcare, In: Boo Y., Stirling D., Chi L., Liu L., Ong KL.,Williams G. (Eds.), Data Mining, AusDM 2017, Communications in Computer and Information Science, Springer, Singapore, 2017, 845, 192–202Google Scholar

  • [8] Miraz M. H., Ali M., Applications of Blockchain Technology beyond Cryptocurrency, Annals of Emerging Technologies in Computing (AETiC), 2018, 2(1), 1–6Google Scholar

  • [9] Miraz M. H., Donald D. C., Application of Blockchain in Booking and Registration Systems of Securities Exchanges, In: International Conference on Computing, Electronics & Communications Engineering (iCCECE), IEEE, 2018, 35–40Google Scholar

  • [10] Onik M. M. H., Miraz M. H., Kim C.-S., A Recruitment and Human ResourceManagement Technique using Blockchain Technology for Industry 4.0, In: Proceedings of the Smart Cities Symposium (SCS-2018), 2018, 11–16Google Scholar

  • [11] Onik M. M. H., Ahmed M., Blockchain in the Era of Industry 4.0, In: Ahmed M., Pathan A. S. K. (Eds.), Data Analytics, CRC Press, 2018, 259–298Google Scholar

  • [12] Joshi K. P., Gupta A., Mittal S., Pearce C., Joshi A., Finin T., Semantic approach to automatingmanagement of big data privacy policies, In: 2016 IEEE International Conference on Big Data (Big Data), 2016, 482–491Google Scholar

  • [13] Benhamouda F., Halevi S., Halevi T., Supporting private data on Hyperledger Fabric with secure multiparty computation, In: 2018 IEEE International Conference on Cloud Engineering (IC2E), 2018, 357–363Google Scholar

  • [14] Bahri L., Carminati B., Ferrari E., Decentralized privacy preserving services for online social networks, Online Social Networks and Media, 2018, 6, 18–25Google Scholar

  • [15] Zyskind G., Nathan O., Decentralizing privacy: Using blockchain to protect personal data, In: Security and Privacy Workshops (SPW), IEEE, 2015, 180–184Google Scholar

  • [16] Chen L., Hoang D. B., Novel data protection model in healthcare cloud, In: 2011 IEEE 13th International Conference on High Performance Computing and Communications (HPCC), 2011, 550– 555Google Scholar

  • [17] EUGDPR – Information Portal, https://eugdpr.org/ [Accessed: 06-Mar-2019]

  • [18] Sucasas V., Mantas G., Althunibat S., Oliveira L., Antonopoulos A., Otung I., Rodriguez J., A privacy-enhanced OAuth 2.0 based protocol for Smart City mobile applications, Computers & Security, 74, 258–274Google Scholar

  • [19] Weingärtner R., Westphall C. M., A design towards personally identifiable information control and awareness in openid connect identity providers, In: 2017 IEEE International Conference on Computer and Information Technology (CIT), 2017, 37–46Google Scholar

  • [20] Kshetri N., Big data’s impact on privacy, security and consumer welfar, Telecommunications Policy, 2014, 38(11), 1134–1145Google Scholar

  • [21] Caron X., Bosua R., Maynard S. B., Ahmad A., The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective, Computer Law&Security Review, 2016, 32(1), 4–15CrossrefWeb of ScienceGoogle Scholar

  • [22] Simpson J. J., The Supreme court of Canada rules on when lenders may share personal information without violating federal privacy legislation, Banking & Finance Law Review, 2017, 32(2), 417Google Scholar

  • [23] Humphreys E., Implementing the ISO/IEC 27001 information security management system standard, Artech House, Inc., 2007Google Scholar

  • [24] Pfitzmann A., Hansen M., Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management-a consolidated proposal for terminology, Version v0.31, Feb. 15, 2008Google Scholar

  • [25] McCallister E., Guide to protecting the confidentiality of personally identifiable information, Diane Publishing, 2010Google Scholar

  • [26] Murphy R. S., Property rights in personal information: An economic defense of privacy, In: Barendt E. (Eds.), Privacy, Routledge, 2017, 43–79Google Scholar

  • [27] Schaar P., Privacy by design, Identity in the Information Society, 2010, 3(2), 267–274Google Scholar

  • [28] Pose C., Raja U., Crossler R. E., Burns A. J., Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA, European Journal of Information Systems, 2017, 26(6), 585–604Google Scholar

  • [29] Butler D. A., Rodrick S., Australian media law, Thomson Reuters (Professional) Australia Limited, 2015Google Scholar

  • [30] Onik M. M. H., Al-Zaben N., Yang J., Kim C. S., Privacy of Things (PoT): personally identifiable information monitoring system for smart homes, In: Proceedings of Symposiumof the Korean Institute of Communications and Information Sciences (KICS), 2018, 256–257Google Scholar

  • [31] Razaghpanah A., Nithyanand R., Vallina-Rodriguez N., Sundaresan S., Allman M., Kreibich C., Gill P., Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem, In: Procedings of the Network and Distributed Systems Security (NDSS) Symposium 2018, 18-21 February 2018, San Diego, CA, USAGoogle Scholar

  • [32] Sui P., Li X., Bai Y., A study of enhancing privacy for intelligent transportation systems: k-correlation privacy model against moving preference attacks for location trajectory data, IEEE Access, 2017, 5, 24555–24567Google Scholar

  • [33] Karegar F., Lindegren D., Pettersson J. S., Fischer-Hübner S., User evaluations of an app interface for cloud-based identity management, In: Paspallis N., Raspopoulos M., Barry C., Lang M., Linger H., Schneider C. (Eds.), Advances in Information Systems Development, Lecture Notes in Information Systems and Organisation, Springer, 2018, 26, 205–223Google Scholar

  • [34] Murmann P., Fischer-Hübner S., Tools for achieving usable ex post transparency: a survey, IEEE Access, 2017, 5, 22965–22991Google Scholar

  • [35] Murmann P., Usable transparency for enhancing privacy in mobile health apps, In: MobileHCI 2018, 2018, 440–442Google Scholar

  • [36] Onik M. M. H., Al-Zaben N., Phan Hoo H., Kim C. S., MUXER – A new equipment for energy saving in Ethernet, Technologies, 2017, 5(4), 74Google Scholar

  • [37] Nakamoto S., Bitcoin: A peer-to-peer electronic cash system, http://bitcoin.org/bitcoin.pdf. [Accessed: 06-Mar-2019]

  • [38] Zheng Z., Xie S., Dai H., Chen X., Wang H., An overview of blockchain technology: Architecture, consensus, and future trends, In: 2017 IEEE International Congress on Big Data (Big-Data Congress), 2017, 557–564Google Scholar

  • [39] Liang X., Shetty S., Tosh D., Kamhoua C., Kwiat K., Njilla L., Provchain: A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability, In: Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, 2017, 468–477Google Scholar

  • [40] Zhu L.,Wu Y., Gai K., Choo K. K. R., Controllable and trustworthy blockchain-based cloud data management, Future Generation Computer Systems, 2019, 91, 527–535CrossrefGoogle Scholar

  • [41] Yin S., Bao J., Zhang Y., Huang X., M2M security technology of CPS based on blockchains, Symmetry, 2017, 9(9), 193Google Scholar

  • [42] Carey P., Data protection: a practical guide to UK and EU law, Oxford University Press, Inc., 2018Google Scholar

  • [43] Voss W. G., European Union data privacy law reform: General data protection regulation, privacy shield, and the right to delisting, Business Lawyer, 2017, 72(1), 221–233Google Scholar

  • [44] EUGDPR – Information Portal, https://gdpr-info.eu/art-4-gdpr/ [Accessed: 06-Mar-2019]

  • [45] Wirth C., Kolain M., Privacy by blockchain design: a blockchainenabled GDPR-compliant approach for handling personal data, Reports of the European Society for Socially Embedded Technologies, 2018, 2(6), (https://hdl.handle.net/20.500.12015/3159)

  • [46] Ferrari V., EU blockchain observatory and forum workshop on GDPR, data policy and compliance, Institute for Information Law, Research Paper No. 2018-04, Available at SSRN: https://ssrn.com/abstract=3247494 or http://dx.doi.org/10.2139/ssrn.3247494

  • [47] De Filippi P. D. F., Blockchain and the Law: The Rule of Code, Harvard University Press, 2018Google Scholar

  • [48] Yermack D., Corporate governance and blockchains, Review of Finance, 2017, 21(1), 7–31Google Scholar

  • [49] Off-chain (Alpha 3) Multichain 2.0, https://www.multichain.com/blog/2018/06/scaling-blockchains-off-chain-data/ [Accessed: 06-Mar-2019]

About the article

Received: 2018-11-30

Accepted: 2019-03-04

Published Online: 2019-04-15

Citation Information: Open Computer Science, Volume 9, Issue 1, Pages 80–91, ISSN (Online) 2299-1093, DOI: https://doi.org/10.1515/comp-2019-0005.

Export Citation

© 2019 Md Mehedi Hassan Onik et al., published by De Gruyter Open. This work is licensed under the Creative Commons Attribution 4.0 Public License. BY 4.0

Comments (0)

Please log in or register to comment.
Log in