General Data Protection Regulation Complied Blockchain Architecture for Personally Identifiable Information Management

Surveillance and secrecy breaching incidents of users' privacy questioned the current third-parties data collection procedure. Massive amounts of Personally Identifiable Information (PII) are being exploited due to malpractice, identity theft, spamming, phishing and cyber-espionage. A large amount of data flow from users to enterprises for data-driven market analysis and prediction. Consequently, it is tough to track the flow and genuineness of PII. Blockchain technology, an ‘immutable’ distributed ledger which can efficaciously track PII exchange, store, and distribution. In contrast, ongoing EU General Data Protection Regulation (GDPR) demands ‘right to forget’ and ‘should be erasable’ rights. However, this paper proposes an off-chain Blockchain architecture which uses both local database and distributed ledgers to preserve a trustable PII life cycle. Considering the key factors of GDPR, prevailing Blockchain architecture were modified and a prototype was created to validate our proposed architecture using multichain 2.0. Proposed architecture stores PII and Non-PII physically separated location. Finally, with proposed architecture user will realm privacy and rigidity of Blockchain along with the privacy regulation of GDPR. Validation is done by comparing proposed system with existing methodology from technical aspects, future research scopes is also well advocated.

[1]  Md Mehedi Hassan Onik,et al.  A Novel Approach for Network Attack Classification Based on Sequential Questions , 2018, ArXiv.

[2]  David Hylender,et al.  Data Breach Investigations Report , 2011 .

[3]  T. Grance,et al.  SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) , 2010 .

[4]  Robert E. Crossler,et al.  Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA , 2017, Eur. J. Inf. Syst..

[5]  Barbara Carminati,et al.  Decentralized privacy preserving services for Online Social Networks , 2018, Online Soc. Networks Media.

[6]  Carla Merkle Westphall,et al.  A Design Towards Personally Identifiable Information Control and Awareness in OpenID Connect Identity Providers , 2017, 2017 IEEE International Conference on Computer and Information Technology (CIT).

[7]  Gupta Aditi,et al.  Semantic approach to automating management of big data privacy policies , 2016 .

[8]  A. Pfitzmann,et al.  Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology , 2002 .

[9]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[10]  Jorge Bernardino,et al.  Big Data Issues , 2015, IDEAS.

[11]  Shai Halevi,et al.  Supporting Private Data on Hyperledger Fabric with Secure Multiparty Computation , 2018, 2018 IEEE International Conference on Cloud Engineering (IC2E).

[12]  W. Gregory Voss European Union Data Privacy Law Reform: General Data Protection Regulation, Privacy Shield, and the Right to Delisting , 2017 .

[13]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[14]  David Raymond,et al.  Host Inventory Controls and Systems Survey: Evaluating the CIS Critical Security Control One in Higher Education Networks , 2018, HICSS.

[15]  Chul-Soo Kim,et al.  A Recruitment and Human Resource Management Technique Using Blockchain Technology for Industry 4.0 , 2018, ArXiv.

[16]  Doan B. Hoang,et al.  Novel Data Protection Model in Healthcare Cloud , 2011, 2011 IEEE International Conference on High Performance Computing and Communications.

[17]  Safeeullah Soomro,et al.  Applications of Blockchain Technology beyond Cryptocurrency , 2018 .