Data governance through a multi-DLT architecture in view of the GDPR-Reference-Cited by-同舟云学术

Data governance through a multi-DLT architecture in view of the GDPR

Published:2022-08-10 Issue:6 Volume:25 Page:4515-4542
ISSN:1386-7857
Container-title:Cluster Computing
language:en
Short-container-title:Cluster Comput

Author:

Zichichi Mirko,Ferretti Stefano^ORCID,D’Angelo Gabriele,Rodríguez-Doncel Víctor

Abstract

AbstractThe centralization of control over the processing of personal data threatens the privacy of individuals due to the lack of transparency and the obstruction of easy access to their data. Individuals need the tools to effectively exercise their rights, enshrined in regulations such as the European Union General Data Protection Regulation (GDPR). Having direct control over the flow of their personal data would not only favor their privacy but also a “data altruism”, as supported by the new European proposal for a Data Governance Act. In this work, we propose a multi-layered architecture for the management of personal information based on the use of distributed ledger technologies (DLTs). After an in-depth analysis of the tensions between the GDPR and DLTs, we propose the following components: (1) a personal data storage based on a (possibly decentralized) file storage (DFS) to guarantee data sovereignty to individuals, confidentiality and data portability; (2) a DLT-based authorization system to control access to data through two distributed mechanisms, i.e. secret sharing (SS) and threshold proxy re-encryption (TPRE); (3) an audit system based on a second DLT. Furthermore, we provide a prototype implementation built upon an Ethereum private blockchain, InterPlanetary File System (IPFS) and Sia and we evaluate its performance in terms of response time.

Funder

H2020 Marie Sklodowska-Curie Actions

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Software

Link

https://link.springer.com/content/pdf/10.1007/s10586-022-03691-3.pdf

Reference86 articles.

1. Pariser, E.: The filter bubble: what the internet is hiding from you. Penguin UK, London (2011)

2. Council of European Union: Regulation (eu) 2016/679 - directive 95/46

3. California State Legislature: California Consumer Privacy Act (2020). https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375. Accessed 3 July 2022

4. European Data Protection Supervisors: opinion on personal information management systems (2016). https://edps.europa.eu/sites/edp/files/publication/16-10-20_pims_opinion_en.pdf. Accessed 3 July 2022

5. European Union Agency for Cybersecurity: Data pseudonymisation: advanced techniques & use cases. Technical report, European Union Agency for Cybersecurity (2021). https://www.enisa.europa.eu/publications/data-pseudonymisation-advanced-techniques-and-use-cases. Accessed 3 July 2022

Cited by 17 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Navigating the Digital Dilemma;Advances in Information Quality and Management;2024-03-29

2. Decentralized Data and Privacy;Advances in Information Quality and Management;2024-03-29

3. Decentralization of Learning and Trust in the Healthcare: Blockchain-driven Federated Learning for Alzheimer’s MRI Image Classification;2024 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops);2024-03-11

4. LLM-based Solutions for Healthcare Chatbots: a Comparative Analysis;2024 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops);2024-03-11

5. Future-proofing genomic data and consent management: a comprehensive review of technology innovations;GigaScience;2024