Data governance through a multi-DLT architecture in view of the GDPR

【Author】 Zichichi, Mirko; Ferretti, Stefano; D'Angelo, Gabriele; Rodriguez-Doncel, Victor

【Source】CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS

【影响因子】2.303

【Abstract】The centralization of control over the processing of personal data threatens the privacy of individuals due to the lack of transparency and the obstruction of easy access to their data. Individuals need the tools to effectively exercise their rights, enshrined in regulations such as the European Union General Data Protection Regulation (GDPR). Having direct control over the flow of their personal data would not only favor their privacy but also a "data altruism", as supported by the new European proposal for a Data Governance Act. In this work, we propose a multi-layered architecture for the management of personal information based on the use of distributed ledger technologies (DLTs). After an in-depth analysis of the tensions between the GDPR and DLTs, we propose the following components: (1) a personal data storage based on a (possibly decentralized) file storage (DFS) to guarantee data sovereignty to individuals, confidentiality and data portability; (2) a DLT-based authorization system to control access to data through two distributed mechanisms, i.e. secret sharing (SS) and threshold proxy re-encryption (TPRE); (3) an audit system based on a second DLT. Furthermore, we provide a prototype implementation built upon an Ethereum private blockchain, InterPlanetary File System (IPFS) and Sia and we evaluate its performance in terms of response time.

【Keywords】Distributed Ledger Technology; GDPR; Smart Contracts; Personal Data; Decentralized File Storage; Data Governance

【发表时间】

【收录时间】2022-08-28

【文献类型】理论模型

【主题类别】

区块链技术-核心技术-分布式存储