1. CSN
  2. All Volumes and Issues
  3. Volume 6, Number 2, 2024
  4. Anonymization of Data Using Blockchain Technology: a Model for Data Lifecycle Management to Ensure Transparency and Compliance With Gdpr

Anonymization of Data Using Blockchain Technology: a Model for Data Lifecycle Management to Ensure Transparency and Compliance With Gdpr

CSN.
2024;
Volume 6, Number 2
: pp. 179-188
https://doi.org/10.23939/csn2024.02.179
Authors:
  1. Andriy Pavliv
1
Department of Design and Architectural Fundamentals, Lviv Polytechnic National University, Lviv

The rapid growth in the volume of personal data collected and processed by various organizations poses significant challenges for ensuring information privacy and security. The General Data Protection Regulation (GDPR) of the European Union sets strict requirements for the processing, storage, and deletion of personal data, including the right to be forgotten, which entails the complete and irreversible deletion of information upon user request. This creates problems for traditional data management systems that cannot provide automated deletion and reliable compliance monitoring.This article proposes a new model for data anonymization based on blockchain technologies that combines smart contracts to automate data operations while using cryptographic methods to create a system resilient to de-anonymization. The model ensures control and compliance with regulatory requirements while maintaining transparency and security for all transactions.

blockchain
data anonymization
data management
offchain
right to be forgotten
smart contracts
  1. Dove, E. S. (2023). Confidentiality, public interest, and the human right to science: When can confidential information be used for the benefit of the wider community? Journal of Law and the Biosciences, 10(1), Article lsad013. https://doi.org/10.1093/jlb/lsad013
  2. GDPR.eu. (n.d.). General Data Protection Regulation (GDPR) – Official Legal Text. Retrieved from https://gdpr-info.eu/.
  3. GDPR.eu. (n.d.). Art. 17 GDPR – Right to erasure (‘right to be forgotten’). Retrieved from https://gdpr-info.eu/art-17-gdpr/.
  4. Tachepun, C., & Thammaboosadee, S. (2020). A Data Masking Guideline for Optimizing Insights and Privacy Under GDPR Compliance. In Proceedings of the 11th International Conference on Advances in Information Technology (IAIT '20) (Article No. 22, pp. 1–9). Association for Computing Machinery. https://doi.org/10.1145/3406601.3406627
  5. Kohlmayer, F., Lautenschläger, R., & Prasser, F. (2019). Pseudonymization for research data collection: Is the juice worth the squeeze? BMC Medical Informatics and Decision Making, 19, 178. https://doi.org/10.1186/s12911-019-0905-x
  6. Cai, S., Gallina, B., Nyström, D., & Wąsowski, A. (2019). Data aggregation processes: A survey, a taxonomy, and design guidelines. Computing, 101(10), 1397-1429. https://doi.org/10.1007/s00607- 018-0679-5
  7. Riplinger, L., Piera-Jiménez, J., & Pursley Dooling, J. (2020). Patient Identification Techniques – Approaches, Implications, and Findings. Yearbook of Medical Informatics, 29(1), 81–86. https://doi.org/10.1055/s-0040-1701984
  8. Monteiro, S., Oliveira, D., António, J., Martins, P., & Abbasi, M. (2024). Data Anonymization: Techniques and Models. In: Reis, J.L., Del Rio Araujo, M., Reis, L.P., dos Santos, J.P.M. (eds) Marketing and Smart Technologies. ICMarkTech 2022. Smart Innovation, Systems and Technologies, vol 344. Springer, Singapore. https://doi.org/10.1007/978-981-99-0333-7_6.
  9. Shao, Y., Liu, J., Shi, S., & Zhang, Y. (2019). Fast de-anonymization of social networks with structural information. Data Science and Engineering, 4(1), 76-92. https://doi.org/10.1007/s41019-019-0086-8
  10. Tripathi, G., Ahad, M. A., & Casalino, G. (2023). A comprehensive review of blockchain technology: Underlying principles and historical background with future challenges. Digital Applications and Technology, 3, Article 100344. https://doi.org/10.1016/j.dajour.2023.100344
  11. Bodó, B., Brekke, J. K., & Hoepman, J. H. (2021). Decentralisation: A multidisciplinary perspective. Internet Policy Review, 10(2). https://doi.org/10.14763/2021.2.1563
  12. Boumaouche, O., Ghenai, A., & Zeghib, N. (2020). Data Oriented Blockchain: Off-Chain Storage with Data Dedicated and Prunable Transactions. В Advanced Communication Systems and Information Security (ACOSIS 2019). Communications in Computer and Information Science, vol 1264. Springer, Cham. DOI: 10.1007/978-3-030-61143-9_16.
  13. Wei Zhou et al., "A Blockchain-Based Privacy-Preserving and Fair Data Transaction Model in IoT", Applied Sciences, 2023. DOI: 10.3390/app132212389.
  14. Tran, Q. N., Turnbull, B. P., Wu, H., Hu, J., & Others. (2021). A survey on privacy-preserving blockchain systems (PPBS) and a novel PPBS-based framework for smart agriculture. IEEE Open Journal of the Computer Society, 99, 1-1. https://doi.org/10.1109/OJCS.2021.3053032
  15. Bao, H., Yuan, M., Deng, H., Xu, J., & Zhao, Y. (2024). Secure multiparty computation protocol based on homomorphic encryption and its application in blockchain. Heliyon, 10(1), e34458. https://doi.org/10.1016/j.heliyon.2024.e34458
  16. Zhou, W., Zhang, D., Han, G., Wang, X., & other authors. (2023). A Blockchain-Based Privacy- Preserving and Fair Data Transaction Model in IoT. Applied Sciences, 13(22), 12389. https://doi.org/10.3390/app132212389
  17. Alamri, B., Javed, I. T., & Margaria, T. (2021, April 19–21). A GDPR-Compliant Framework for IoT- Based Personal Health Records Using Blockchain. Proceedings of the 2021 International Conference on New Technologies, Mobility and Security (NTMS). IEEE. https://doi.org/10.1109/NTMS49979.2021.9432661
  18. Shashidhara, R., Chirakarotu Nair, R., & Panakalapati, P. (2024). Promise of Zero-Knowledge Proofs (ZKPs) for Blockchain Privacy and Security: Opportunities, Challenges, and Future Directions. Security and Privacy, 2024. https://doi.org/10.1002/spy2.461
  19. Capraz, S., & Ozsoy, A. (2021). Personal Data Protection in Blockchain with Zero-Knowledge Proof. In Proceedings of the 2021 International Conference on Information and Communication Technologies (ICT). Springer. https://doi.org/10.1007/978-981-33-6470-7_7
  20. El Emam, K., Mosquera, L., & Fang, X. (2022). Validating a membership disclosure metric for synthetic health data. JAMIA Open, 5(4), ooac083. https://doi.org/10.1093/jamiaopen/ooac083
  21. Torra, V., & Navarro-Arribas, G. (2023). Attribute disclosure risk for k-anonymity: The case of numerical data. International Journal of Information Security, 22, 2015–2024. https://doi.org/10.1007/s10207-023-00730-x
  22. Su, B., Huang, J., Miao, K., Wang, Z., Zhang, X., & Chen, Y. (2023). K-Anonymity privacy protection algorithm for multi-dimensional data against skewness and similarity attacks. Sensors, 23(3), 1554. https://doi.org/10.3390/s23031554
  23. Liu, J., Zhang, S., Luo, Y., & Cao, L. (2022). Machine Learning-Based Similarity Attacks for Chaos- Based Cryptosystems. IEEE Transactions on Emerging Topics in Computing, 10(2), 824–837. https://doi.org/10.1109/TETC.2020.3048498