Abstract
Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
A recognition of a procedure by an EU based supervisory authority is legally valid and recognized by all Countries that adhere to the GDPR.
References
Ateniese, G., Magri, B., Venturi, D., Andrade, E.: Redactable blockchain - or - rewriting history in Bitcoin and friends. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 111–126 (2017). https://doi.org/10.1109/EuroSP.2017.37
Campanile, L., Iacono, M., Levis, A.H., Marulli, F., Mastroianni, M.: Privacy regulations, smart roads, blockchain, and liability insurance: putting technologies to work. IEEE Secur. Priv. 19(1), 34–43 (2021). https://doi.org/10.1109/MSEC.2020.3012059
Campanile, L., Iacono, M., Marulli, F., Mastroianni, M.: Privacy regulations challenges on data-centric and IoT systems: a case study for smart vehicles. In: Proceedings of the 5th International Conference on Internet of Things, Big Data and Security, vol. 1, AI4EIoTs, pp. 507–518. INSTICC, SciTePress (2020). https://doi.org/10.5220/0009839305070518
Campanile, L., Iacono, M., Marulli, F., Mastroianni, M.: Designing a GDPR compliant blockchain-based IoV distributed information tracking system. Inf. Process. Manag. 58(3), 102511 (2021). https://doi.org/10.1016/j.ipm.2021.102511
Commission Nationale de l’Informatique et des Libertés: Blockchain and the GDPR: solutions for a responsible use of the blockchain in the context of personal data. https://www.cnil.fr/en/blockchain-and-gdpr-solutions-responsible-use-blockchain-context-personal-data
Council of European Union: General Data Protection Regulation (2016). https://eur-lex.europa.eu/eli/reg/2016/679/oj
Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V., et al.: Blockchain technology: beyond bitcoin. Appl. Innov. 2(6–10), 71 (2016)
EY: EY Global Information security Survey 2018–19 (2019). https://assets.ey.com/content/dam/ey-sites/ey-com/en_ca/topics/advisory/ey-global-information-security-survey-2018-19.pdf
French Data Protection Authority (CNIL): Privacy Impact Assessment (PIA) - Knowledge Bases (2018). https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf
Haque, A.B., Islam, A.K.M.N., Hyrynsalmi, S., Naqvi, B., Smolander, K.: GDPR compliant blockchains-a systematic literature review. IEEE Access 9, 50593–50606 (2021). https://doi.org/10.1109/ACCESS.2021.3069877
Krawczyk, H., Rabin, T.: Chameleon hashing and signatures. Cryptology ePrint Archive, Report 1998/010 (1998). https://eprint.iacr.org/1998/010
Kshetri, N.: Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommun. Policy 41(10), 1027–1038 (2017)
Landoll, D.: The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, 2nd edn. Second Edition. CRC Press Inc, Boca Raton (2011)
Politou, E., Alepis, E., Patsakis, C., Casino, F., Alazab, M.: Delegated content erasure in IPFs. Future Gener. Comput. Syst. 112, 956–964 (2020)
Puddu, I., Dmitrienko, A., Capkun, S.: \(\mu \)chain: How to forget without hard forks. IACR Cryptology ePrint Archive (IACR), February 2017. https://eprint.iacr.org/2017/106
Rieger, A., Guggenmos, F., Lockl, J., Fridgen, G., Urbach, N.: Building a blockchain application that complies with the EU General Data Protection Regulation. MIS Q. Executive 18(4), 263–279 (2019). https://doi.org/10.17705/2msqe.00020
Shi, S., He, D., Li, L., Kumar, N., Khan, M.K., Choo, K.K.R.: Applications of blockchain in ensuring the security and privacy of electronic health record systems: a survey. Comput. Secur. 97, 101966 (2020)
Verizon Enterprise: 2019 data breach investigation report (2019). https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
Zheng, X., Zhu, Y., Si, X.: A survey on challenges and progresses in blockchain technologies: a performance and security perspective. Appl. Sci. 9(22), 4731 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Campanile, L., Cantiello, P., Iacono, M., Marulli, F., Mastroianni, M. (2021). Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2021. ICCSA 2021. Lecture Notes in Computer Science(), vol 12956. Springer, Cham. https://doi.org/10.1007/978-3-030-87010-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-87010-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-87009-6
Online ISBN: 978-3-030-87010-2
eBook Packages: Computer ScienceComputer Science (R0)