GDPR-Compliant Use of Blockchain for Secure Usage Logs
Valentin Zieglmeier, Gabriel Loyola Daiqui
TL;DR
This paper presents P3, a pseudonym provisioning system that enables GDPR-compliant secure usage logs on blockchain by ensuring pseudonym unlinkability and proof of ownership, thus balancing transparency with privacy rights.
Contribution
The paper introduces a novel pseudonym provisioning protocol that allows GDPR-compliant blockchain logging without trusted third parties or modifying blockchain software.
Findings
P3 enables GDPR-compliant logging with pseudonym unlinkability.
The protocol guarantees proof of ownership and non-repudiation.
It operates independently of blockchain implementation details.
Abstract
The unique properties of blockchain enable central requirements of distributed secure logging: Immutability, integrity, and availability. Especially when providing transparency about data usages, a blockchain-based secure log can be beneficial, as no trusted third party is required. Yet, with data governed by privacy legislation such as the GDPR or CCPA, the core advantage of immutability becomes a liability. After a rightful request, an individual's personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve this issue, we exploit a legal property of pseudonymized data: They are only regarded personal data if they can be associated with an individual's identity. We make use of this fact by presenting P3, a pseudonym provisioning system for secure usage logs including a protocol for recording new usages. For each new block, a one-time…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.