Abstract
The development of Internet of Things (IoT) industries has raised significant questions in terms of accountability of smart devices and user privacy. The advent of European General Data Protection Regulation (GDPR) in such industries enabled users to control their collected data and be informed about the collecting devices. This paper by using blockchain technology provides the audit trail of IoT devices under GDPR rules. It translates a set of such rules into smart contracts to protect personal data in a transparent and automatic way. By proposing an abstract model and designing some business processes, the paper shows how the integration of GDPR and blockchain can appear in the design patterns of IoT devices to achieve a greater transparency of privacy.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
If device is a lightweight node, it is indirectly registered in the blockchain via the full node communicating with.
- 2.
For each times of execution, an operation is randomly selected among access, store, profiling, and transfer.
- 3.
The verify function, implemented in the verification contract, checks whether operations of actors on personal data conform to user consent or not.
- 4.
The assumptions of the experiment are the same with previous experiment, namely the investigation of cost by changing the number of actors.
References
Patsioura, C.: Blockchain and distributed ledger technologies: what’s the value for IoT? Technical report, GSMA Intelligence (2018)
Boudguiga, A., et al.: Towards better availability and accountability for IoT updates by means of a Blockchain. In: IEEE European Symposium on Security and Privacy Workshops, Paris, France, pp. 50–58 (2017)
Panarello, A., Tapas, N., Merlino, G., Longo, F., Puliafito, A.: Blockchain and IoT integration: a systematic survey. Sensors 18(8), 2575 (2018)
Hassan, M.U., Rehmani, M.H., Chen, J.: Privacy preservation in blockchain based IoT systems: integration issues, prospects, challenges, and future research directions. Futur. Gener. Comput. Syst. 97, 512–529 (2019)
Casino, F., Dasaklis, T.K., Patsakis, C.: A systematic literature review of blockchain-based applications: current status, classification and open issues. Telemat. Inform. 36, 55–81 (2019)
Virvou, M., Mougiakou, E.: Based on GDPR privacy in UML: case of e-learning program. In: 8th International Conference on Information, Intelligence, Systems and Applications, Larnaca, Cyprus (2017)
Wachter, S.: Normative challenges of identification in the Internet of Things: privacy, profiling, discrimination, and the GDPR. Comput. Law Secur. Rev. 34(3), 436–449 (2018)
Castelluccia, C., Cunche, M., Metayer, D.L., Morel, V.: Enhancing transparency and consent in the IoT. In: IEEE European Symposium on Security and Privacy Workshops, London, UK, pp. 116–119 (2018)
Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A.: Blockchain-based consents management for personal data processing in the IoT ecosystem. In: 15th International Joint Conference on e-Business and Telecommunications, Porto, Portugal, pp. 572–577 (2018)
Crabtree, A., et al.: Building accountability into the Internet of Things: the IoT Databox mode. J. Reliab. Intell. Environ. 4(1), 39–55 (2018)
Loideain, N.N.: A port in the data-sharing storm: the GDPR and the Internet of Things. J. Cyber Policy 4(2), 178–196 (2019)
Zheng, Z., Xie, S., Dai, H., Chen, X., Wang, H.: An overview of blockchain technology: architecture, consensus, and future trends. In: IEEE 6th International Congress on Big Data, Honolulu, USA, pp. 557–564 (2017)
Tang, B., Kang, H., Fan, J., Li, Q., Sandhu, R.: IoT passport: a blockchain-based trust framework for collaborative Internet-of-Things. In: 24th ACM Symposium on Access Control Models and Technologies, Toronto, Canada, pp. 83–92 (2019)
Dwivedi, A.D., Srivastava, G., Dhar, S., Singh, R.: A decentralized privacy-preserving healthcare blockchain for IoT. Sensors 19(2), 326 (2019)
Lv, P., Wang, L., Zhu, H., Deng, W., Gu, L.: An IoT-oriented privacy-preserving publish/subscribe model over blockchains. IEEE Access 7, 41309–41314 (2019)
Corrales, M., Jurčys, P., Kousiouris, G.: Smart contracts and smart disclosure: coding a GDPR compliance framework. In: Corrales, M., Fenwick, M., Haapio, H. (eds.) Legal Tech, Smart Contracts and Blockchain. PLBI, pp. 189–220. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-6086-2_8
Qiu, H., Qiu, M., Memmi, G., Ming, Z., Liu, M.: A dynamic scalable blockchain based communication architecture for IoT. In: Qiu, M. (ed.) SmartBlock 2018. LNCS, vol. 11373, pp. 159–166. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05764-0_17
Ethereum. https://www.ethereum.org/. Accessed 10 Sept 2019
Ropsten testnet PoW chain. https://github.com/ethereum/ropsten. Accessed 7 Sept 2019
Solidity. https://solidity.readthedocs.io/en/v0.5.3. Accessed 5 Sept 2019
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Barati, M., Rana, O. (2020). Enhancing User Privacy in IoT: Integration of GDPR and Blockchain. In: Zheng, Z., Dai, HN., Tang, M., Chen, X. (eds) Blockchain and Trustworthy Systems. BlockSys 2019. Communications in Computer and Information Science, vol 1156. Springer, Singapore. https://doi.org/10.1007/978-981-15-2777-7_26
Download citation
DOI: https://doi.org/10.1007/978-981-15-2777-7_26
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-2776-0
Online ISBN: 978-981-15-2777-7
eBook Packages: Computer ScienceComputer Science (R0)