Securing the Rights of Data Subjects with Blockchain Technology

The European Union's General Data Protection Regulation (GDPR) has been effective for more than a year. Even though several million euros have been spent on GDPR projects, companies are insecure about being fully compliant. The status quo is that companies lack processes and infrastructure for several legal responsibilities regarding rights of data subjects. This leads to manual effort and long waiting times for users. Data protection authorities receive complaints about these waiting times, but affected people cannot legally submit a proof for request initiation since these requests are usually done via the companies' platforms or email. This paper presents a technical solution to this problem by installing a blockchain-based application to submit and track requests for data access securely whilst preserving data protection for the subjects to be able to file complaints and ultimately ensure the given data protection rights.

[1]  Nir Kshetri,et al.  Blockchain in Developing Countries , 2018, IT Professional.

[2]  Garrett A. Johnson,et al.  Regulating Privacy Online: An Economic Evaluation of the GDPR , 2019, SSRN Electronic Journal.

[3]  Konstantinos Demertzis,et al.  Blockchain-based Consents Management for Personal Data Processing in the IoT Ecosystem , 2018, ICETE.

[4]  Thomas Grechenig,et al.  Towards Using Public Blockchain in Information-Centric Networks: Challenges Imposed by the European Union’s General Data Protection Regulation , 2018, 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN).

[5]  C. May,et al.  Interaction between States and Citizens in the Age of the Internet: “e-Government” in the United States, Britain, and the European Union , 2003 .

[6]  Fran Casino,et al.  A systematic literature review of blockchain-based applications: Current status, classification and open issues , 2019, Telematics Informatics.

[7]  Herbert Leitold,et al.  STORK e-privacy and security , 2011, 2011 5th International Conference on Network and System Security.

[8]  Jesus Carretero,et al.  Federated Identity Architecture of the European eID System , 2018, IEEE Access.

[9]  Heng Hou,et al.  The Application of Blockchain Technology in E-Government in China , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[10]  Antonio Lioy,et al.  On integration of academic attributes in the eIDAS infrastructure to support cross-border services , 2018, 2018 22nd International Conference on System Theory, Control and Computing (ICSTCC).

[11]  Norman Meuschke,et al.  Decentralized Trusted Timestamping using the Crypto Currency Bitcoin , 2015, ArXiv.

[12]  Jan Philipp Albrecht,et al.  How the GDPR Will Change the World , 2016 .

[13]  Robert E. Crossler,et al.  Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems , 2011, MIS Q..

[14]  Colin Tankard,et al.  What the GDPR means for businesses , 2016, Netw. Secur..

[15]  Christian Wirth,et al.  Privacy by BlockChain Design: A BlockChain-enabled GDPR-compliant Approach for Handling Personal Data , 2018 .

[16]  COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS , 2008 .