Loading [MathJax]/extensions/MathZoom.js
General Data Protection Regulation Complied Blockchain Architecture for Personally Identifiable Information Management | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2018 International Conference...

General Data Protection Regulation Complied Blockchain Architecture for Personally Identifiable Information Management

PDF
Nasr Al-Zaben; Md Mehedi Hassan Onik; Jinhong Yang; Nam-Yong Lee; Chul-Soo Kim
All Authors

Abstract:

Surveillance and secrecy breaching incidents of users' privacy questioned the current third-parties data collection procedure. Massive amounts of Personally Identifiable ...Show More

Metadata

Abstract:

Surveillance and secrecy breaching incidents of users' privacy questioned the current third-parties data collection procedure. Massive amounts of Personally Identifiable Information (PII) are being exploited due to malpractice, identity theft, spamming, phishing and cyber-espionage. A large amount of data flow from users to enterprises for data-driven market analysis and prediction. Consequently, it is tough to track the flow and genuineness of PII. Blockchain technology, an ‘immutable’ distributed ledger which can efficaciously track PII exchange, store, and distribution. In contrast, ongoing EU General Data Protection Regulation (GDPR) demands ‘right to forget’ and ‘should be erasable’ rights. However, this paper proposes an off-chain Blockchain architecture which uses both local database and distributed ledgers to preserve a trustable PII life cycle. Considering the key factors of GDPR, prevailing Blockchain architecture were modified and a prototype was created to validate our proposed architecture using multichain 2.0. Proposed architecture stores PII and Non-PII physically separated location. Finally, with proposed architecture user will realm privacy and rigidity of Blockchain along with the privacy regulation of GDPR. Validation is done by comparing proposed system with existing methodology from technical aspects, future research scopes is also well advocated.
Published in: 2018 International Conference on Computing, Electronics & Communications Engineering (iCCECE)
Date of Conference: 16-17 August 2018
Date Added to IEEE Xplore: 07 March 2019
ISBN Information:
DOI: 10.1109/iCCECOME.2018.8658586
Conference Location: Southend, UK
Contents

I. Introduction

For providing user centric services, websites gather noticeable amount of Personally Identifiable Information (PII) (e.g age, race, social security numbers, house location, driving license etc.). Currently, over 50 million people use several Social Networking Sites (SNS) and have made available a vast amount of PII on these sites. All these SNS sites, other websites and mobile applications offer sign in or registration for premium services. PII are often utilized by organizations to authenticate a customer's identity. Since most of these SNS sites and applications are for free, several studies found PII breaching by these organizations. Actually, these organizations store, distribute, analyse sensitive PII information in order to generate business model through user profiling. Tech giants uses third party service providing enterprises to mine those customers PII. Ultimately, those subsidiary organizations collect, analyze and distribute data from several organization. Eventually, users are having no clue where their data are ending up with. We all are reaping the advantages of data-driven industry but the dark side is illicit use of those PII. Guardian reveals on April 2018 that, the largest SNS site Facebook breached 87 million personal information and PII of its user [1]. Constant data breaching incidents are happening in the era of big data those were mentioned by several studies [2]–[4]. According to Armerding [4], data breaches by different organization in 21 st century are Yahoo (3 billion), ebay (145 million), Adobe (38 million), JP Morgan (76 million), US Office of Personnel Management (22 million). Gemalto's Breach Level Index (BLI) reported, out of 10. 4 million yearly PII leaking, 74% were identity stealing [5]. Forbes magazine [6] stated data as new currency in trade marketing. The reported that around 200 billion USD are being invested in order to exchange PII. Companies are exchanging their customer's data to make profit. Business to business communication will be even extensive in the era of industry 4.0 which lead us to this think about PII management and tracking.

Contact IEEE to Subscribe
More Like This
A Gap Between Blockchain and General Data Protection Regulation: A Systematic Review

IEEE Access

Published: 2022

Towards Using Public Blockchain in Information-Centric Networks: Challenges Imposed by the European Union’s General Data Protection Regulation

2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN)

Published: 2018

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.