The unique properties of blockchain enable central requirements of distributed secure logging: Immutability, integrity, and availability. Especially when providing transparency about data usages, a blockchain-based secure log can be beneficial, as no trusted third party is required. Yet, with data governed by privacy legislation such as the GDPR or CCPA, the core advantage of immutability becomes a liability. After a rightful request, an individual's personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve this issue, we exploit a legal property of pseudonymized data: They are only regarded personal data if they can be associated with an individual's identity. We make use of this fact by presenting P3, a pseudonym provisioning system for secure usage logs including a protocol for recording new usages. For each new block, a one-time transaction pseudonym is generated. The pseudonym generation algorithm guarantees unlinkability and enables proof of ownership. These properties enable GDPR-compliant use of blockchain, as data subjects can exercise their legal rights with regards to their personal data. The new-usage protocol ensures non-repudiation, and therefore accountability and liability. Most importantly, our approach does not require a trusted third party and is independent of the utilized blockchain software.
翻译:屏障的特性使得分布式安全记录具有核心要求: 不可移动性、 完整性和可用性。 特别是在提供数据使用的透明度时, 块状安全记录可能是有益的, 因为不需要信任第三方。 然而, 由隐私立法( 如 GDPR 或 CCPA ) 管理的数据, 不可移动性的核心优势就成了一种责任。 在提出合理要求后, 个人的个人数据需要被纠正或删除, 这在不可移动的屏障中是不可能做到的。 为了解决这个问题, 我们利用隐名化数据的法律属性: 只有在数据与个人身份相关时, 块状安全记录才被视为个人数据。 我们利用这个事实, 展示P3, 一个用于安全使用日志的假名提供系统, 包括记录新使用的记录协议。 对于每一个新屏障, 生成一次性的交易假名。 假名生成算法保证了不可连接性, 并且能够证明所有权。 这些属性使得 能够使 GDPR 能够使用隐含性数据系统, 因为数据主体能够行使与个人身份有关的法律权利。 新版协议要求不可信和软件安全性。 因此, 需要独立使用保密性 。 。 安全 安全 。 。 安全 。 新协议要求使用 。
相关内容
微信扫码咨询专知VIP会员