See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/332085440

BPDIMS:A Blockchain-based Personal Data and Identity Management System

Conference Paper · January 2019

DOI: 10.24251/HICSS.2019.821

CITATIONS READS
85 2,178

5 authors, including:

Raghava Rao Mukkamala Ravi K. Vatrapu

Copenhagen Business School Copenhagen Business School
74 PUBLICATIONS 1,940 CITATIONS 163 PUBLICATIONS 3,569 CITATIONS

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Collaborative Representations View project

EmotionVis View project

All content following this page was uploaded by Raghava Rao Mukkamala on 11 April 2019.

The user has requested enhancement of the downloaded file.

 Proceedings of the 52nd Hawaii International Conference on System Sciences | 2019

BPDIMS:A Blockchain-based Personal Data and Identity Management

System
∗
Benedict Faber1 , Georg Michelet1 , Niklas Weidmann1 , Raghava Rao Mukkamala1,2 , Ravi Vatrapu1,2
1
Centre for Business Data Analytics, Copenhagen Business School, Denmark
2
Department of Technology, Kristiania University College, Oslo, Norway
{rrm.digi, rv.digi}@cbs.dk

Abstract collection and analysis by platform owners such as Face-

book and other third parties.
Recent scandals on the abuse of personal informa-
In May 2018 the European Union’s new GDPR [1]
tion from social media platforms and numerous user
came into effect. While aiming to protect the users, the
identity data breaches raise concerns about technical,
new regulation can potentially be a burden for compa-
commercial, and ethical aspects of privacy and security
nies [2]. While the GDPR aims to give control of per-
of user data. European Union’s new General Data Pro-
sonal online data to European users through new regula-
tection Regulation (GDPR) is one of the largest changes
tion, several further initiatives have been launched both
in data privacy regulation and entails several key regu-
from private and public spheres, to argue for a human-
latory measures for both data controllers and data pro-
centric approach to personal information [3, 4]. In 2014
cessors to empower and protect EU citizens’ privacy. In
the Finnish government published a study on the con-
this research work, we propose a conceptual design and
cept of MyData [4]. MyData facilitates the idea that
high-level architecture for a Blockchain-based Personal
users should have a better overview of where their data
Data and Identity Management System (BPDIMS), a
is stored, who uses it, and be able to change this. It is
human-centric and GDPR-compliant personal data and
a human-centric approach to people’s data and aimed at
identity management system based on the blockchain
giving control of personal data back to the users. On a
technology. We describe how BPDIMS’s architecture
different note, blockchain technology generated signif-
utilizes blockchain technology to provide a high-level
icant research interest and industry attention in recent
of security, trust and transparency. We discuss how
years mostly due to the hype and success created by
BPDIM’s human-centric approach with GDPR compli-
the cryptocurrencies. For example, Bitcoin was first de-
ance shifts the control over personal data to the end
scribed in 2008 [5] and ever since has attracted the atten-
users and empowers them better.
tion of the research community from diverse academic
fields [6, 7] and gained mainstream popularity due to its
disruptive characteristics, such as the absence of cen-
1. Introduction tralised control and high degree of anonymity. Applica-
tions which were previously run through a trusted inter-
Our lives have become increasingly digital and so has
mediary, can now - using blockchain technology - op-
the vast amount of personal data traces that we leave
erate more transparently in a decentralised mode with-
behind. The current situation is that a few large multina-
out the need of having a central authority and in a much
tional corporations make the majority of profits through
more transparent way [8]. We addresses the problem
offering services users pay for with their data. While
of personal data identity and management by adopting
data analytics can provide users with better services, the
a human-centric approach that ensures a GDPR compli-
users’ overview and control of their personal data has
ance by employing blockchain-based technologies.
decreased. Moreover, the recent Cambridge Analytica
scandal of misusing people’s personal information from Currently users lack transparency over which ser-
Facebook to influence voters in the US Elections 20161 vice is processing their personal data for which purpose
has raised serious concerns about the technical, com- and possibly handing over personal data to third party
mercial, political and ethical aspects of personal data providers without the user’s knowledge. This is partly
due to extensive and complicated terms and conditions
∗The first three authors contributed equally for first authorship. of a service and the user requirement to agree to these,
1 https://www.theverge.com/2018/3/16/17132172/facebook-
cambridge-analytica-suspended-donald-trump-strategic- if they wish to use the service. Moreover, there are no
communication-laboratories suitable mechanisms that enable users to opt-out from

URI: https://hdl.handle.net/10125/60121
ISBN: 978-0-9981331-2-6 Page 6855
(CC BY-NC-ND 4.0)
a service gracefully, e.g. deleting all the history of us- a framework for aggregating online identity and reputa-
ing the service from the service provider. And lastly, tion information based on social dependency network to
currently there is a lack of systems that enable users in provide online behavioural ratings is proposed in [11].
an effective and user-friendly way to obtain an overview In the healthcare domain several studies explored
of the usage of their personal data and to exercise fine- blockchain technology for the medical data access. A
grained control over the usage of their personal data. seminal and highly relevant contribution is [12], where
While the GDPR addresses the aspects of transparency authors proposed an architecture based on artificial in-
and consent and puts the legislation in place to enforce telligence and blockchain technology to enable control
appropriate mechanisms, the latter issue of user control of their personal data including medical records to the
has not sufficiently been solved yet. Furthermore, after users. In the similar lines a decentralised record man-
users have gained full transparency, they need adequate agement system to handle electronic patient records us-
means to control the consent that is connected to the us- ing blockchain technology was proposed in [13]. The
age of their personal data. The GDPR will put the regu- research work in [14] proposed a mobile app architec-
lation in place to empower the user to request deletion of ture based on blockchain to enable patients to own, con-
or revoke consent to use their personal data. However, trol and share their own data easily and securely without
there is a need to research and develop a system that fa- violating privacy. When compared to the existing re-
cilitates this request or revocation of personal data. The search, our research proposes a new conceptual design
main focus of this research work is to come up with a and system architecture for human-centric personal data
conceptual design for such a system called Blockchain- and identity management based on the MyData initia-
based Personal Data and Identity Management System tive, by using blockchain and smart contracts technology
(BPDIMS) that empowers users to get full transparency that is in compliance with the forthcoming GDPR [1].
and control over the usage of their personal data. Con-
sequently, the overarching research question is: 3. Theoretical Foundations
How blockchain can be utilised to develop
a system for personal data and identity GDPR: The GDPR [1] is one of the largest changes in
management which is human-centric and data privacy regulation in recent history and came into
GDPR compliant? effect in May 2018 in place of Data Protection Direc-
The rest of the paper is organised as follows: First, tive from 1995. The key aim is to harmonise data pri-
we provide a concise description of related work. In the vacy laws across Europe and particularly to empower
next section (sec. 3) we describe the theoretical founda- and protect EU citizens’ privacy. One of the most cen-
tions of relevant concepts. Sec. 4, introduces and de- tral issues is the question of user’s consent. The regula-
scribes our proposed conceptual BPDIMS design, while tion states that the service provider must show what the
sec. 5 describes different use case scenarios and the sys- user’s consent is for and it should be easy for an user
tem functionality. In the last two sections (sec. 6 & 7), to withdraw his consent. If the user withdraws his con-
we discuss technical and usage aspects of the BPDIMS sent or if there are changes in data usage other than what
and conclude with future work. the consent is for, then the service provider required to
delete the data related to the specific user. Furthermore,
2. Related Work it is the user’s right to access, meaning that on the user’s
request the service provider must provide an overview of
We limit our discussion to the systems and architec- whether the user’s personal data is being processed and
tures that proposed personal data management using the purpose of processing. The service provider must
blockchains. Blockchain technology is still evolving and also provide all data to the user in a machine-readable
the number of applications using blockchain are slowly format. Similar to the right to access is the right to data
increasing. However the applicability of blockchain portability; the user should be able to get an extract of
technology for personal data management is not well- his personal data from the controller in a machine read-
explored yet. One of the first contributions in this direc- able format and has the right to transfer his data to an-
tion is [9], where a protocol was developed which turns other controller. Voilations of GDPR can result in large
a blockchain into an automated access-control manager fines for companies of up to 20 million Euros or 4% of
for a decentralised personal data management system. global turnover, whichever is larger [1].
Use of auditable contracts deployed on blockchain in- MyData Human-Centric Personal Data Manage-
frastructures for a transparent data access, sharing/pro- ment: MyData [4] is a concept that refers to a paradigm
cessing of personal data by data owners and a privacy- shift from current organisation-centric focus to human-
preserving architecture was proposed in [10]. Similarly, centric focus in personal data management. The pri-

Page 6856
mary idea behind MyData is that users should have a cryptocurrency with a market capital of approximately
better overview of where their data is stored, who uses more than 100 billion USD2 . Simply put, blockchain
it, and be able to influence/decide who can use it and technology is built on three main concepts: a distributed
what it is being used for. In other words, it’s a con- database, a trust protocol and cryptography. In the fol-
cept aimed at giving the control over their personal data lowing subsections we will explain them briefly.
back to the users. This is achieved through a human- Distributed database: Built on the concept of peer-to-
centric approach that empowers the users by placing peer networks and distributed storage [16], blockchain
them in the centre of the data ecosystem. MyData in- technology can be considered as a distributed data store
tends to change the infrastructural approach so it ensures with state machine replication using peer-to-peer proto-
data portability and interoperability through open infras- col, where the transactions are the atomic changes to the
tructures. Furthermore, the concept is consent-based, data store which are grouped into blocks [12].
so the user can control the flow of data without storing The Trust Protocol: In order to avoid having a central
the data on centralised repositories. Lastly, the MyData authority for enabling the trust in the system, there needs
approach facilitates data sharing across sectors with the to be some mechanism that establishes trust between the
goal of advancing the benefits of data sharing and usage involved parties, which is achievable by distributed con-
which would profit the users, businesses, and society as sensus of the involving parties. In blockchain trsust is
a whole. Main objectives from the user perspective are: ensured through a distributed consensus protocol. Al-
1) right to know what personal information exists, 2) though the protocol can vary slightly from system to
right to see the content of personal information, 3)right system, the idea of achieving trust with the consensus
to rectify false personal information, 4) right to audit of involving parties remains the same. The two most
who accesses personal information and why, 5) right to widespread concepts of this protocol are proof-of-work
obtain personal information and use it freely, 6) right to and proof-of-stake which follow a Byzantine fault toler-
share/sell personal information to others., and 7) right to ance scheme [15].
remove or delete personal information. Proof-of-work (PoW) refers to the idea that a service
requester is required to solve a cryptographic puzzle
3.1. Blockchain (computational work) to participate in a network and
it was initially proposed in hashcash [17] as a counter
measure for denial of service attack using CPU cost-
Blockchain is the decentralised distributed database
functions. In blockchain and especially in Bitcoin [5], it
technology that is combined with guarantees against
is used as a verification techniques for finding the suit-
tamper-resistance of transactions/records using crypto-
able appropriate header for new blocks of data and to
graphic methods. By using time-stamping of its trans-
append them to the chain of blocks. To add a block, a
actions and messages, blockchain provides universally
node has to solve a cost-function (find the right nonce),
verifiable proofs for existence or absence of a trans-
that results in a pre-defined hash format with certain re-
action in the distributed database and the underlying
strictions. At the same time, blocks can only be added to
cryptographic primitives using hash functions and dig-
the longest chain (with the most proof-of work invested),
ital signatures provide guarantee that these proofs are
to avoid ’dishonest’ attempts of altering the ledger.
computationally secure and verifiable at any point in
Proof-of-Stake (PoS) is another method for verifying
time. Blockchain is decentralised, jointly maintained
and adding blocks to the blockchain, where the node
by a plurality of independent parties/nodes and achieves
that creates the next block is chosen [18]. Therefore,
consistency of transactions among distributed nodes by
a node adds and verifies blocks according to how much
using distributed consensus protocols (such as Byzan-
stake they have in the system. Thereby, ownership will
tine fault tolerance algorithm [15]) without the need
lead to actors behaving honestly, otherwise they would
of having a central authority. Blockchain transactions
lose their stake, if they behave dishonestly. Even though
are transparent and visible to all users of the system
there are other anchoring schemes similar to the above,
and at the same time blockchain provides anonymity
we skip their description due to space limitations.
to its users by allowing them create pseudo-anonymous
transactions without the need for disclosing their per- 3.2. Cryptographic Primitives
sonal information. The disruptive and innovative nature
of blockchain technology resulted in the evolution of Hash Functions: Hashing is used to ensure integrity of
many decentralised applications such as cryptocurren- data and a hash function is an input independent average
cies and smart contracts. Bitcoin, a decentralised cryp- linear time algorithm that takes set of variables or data
tocurrency based on blockchain technology was intro-
duced in 2009 [5] and as of now, Bitcoin is the largest 2 https://charts.bitcoin.com/

Page 6857
and transforms it into a fixed size hash digest [19]. A computer programs that can securely enforce previously
successful hash function has the following characteris- closed contracts. Concluding, the idea of smart contracts
tics: deterministic - the same input always creates the is to take contractual clauses, translate them into code
same output, efficient - output is computed in a timely and thereby making them self-enforceable. Hence, in-
manner, distributed - evenly spread across the output termediaries who are responsible for enforcing the con-
range, meaning that similar data should not correlate tract are not needed, but instead a trusted computer pro-
to similar hashes, preimage-resistance - it needs to be gram is relied upon. Complex contractual and payment
infeasible to find the input x, based on the hash value agreements can be included in standardised contracts
(h(x)) and collision resistance - no two different inputs and then be monitored and executed at low transactional
x and y, create the same hash h(x) = h(y) =⇒ x ≡ y. costs, as they are managed digitally and immutably [25].
Furthermore, hash functions are used for organising and
linking data together in blockchains. Another key con- 4. Conceptual Design
cept of hash functions in the blockchain is that of organ-
ising and linking data together. This is done through the Methodology: We use design science as the methodol-
hashing of various elements in the block header contain- ogy for building the conceptual design of the proposed
ing hash of previous block, merkle root of transactions, system. The proposed conceptual design in this research
time, and nonce. The concept of Merkle Tree [20] is work serves as an artefact and we want use the concep-
that each transaction is hashed, then the resulting hash of tual design as a basis for building a prototype implemen-
each transaction is hashed to build a tree structure until tation later. Furthermore, we want to do several itera-
top node known as the merkle root is obtained. This type tions of the design artefact and prototype, validating and
of organising of data allows secure and efficient verifica- evaluating them according to design science guidelines
tion of contents of a block and summarise all the trans- for meeting the specifications of the proposed system.
actions in a block [21]. We also want to integrate feedback on the conceptual de-
Digital Signatures: One of the main goals of sign and subsequent prototype from different stakehold-
blockchain technology is to be able to verify authen- ers of the system systematically according to the design
ticity and non-repudiation of data/transactions. Digital science guidelines.
signature is a cryptographic scheme that guarantees two
In this research, our motivation is to develop a con-
properties: authenticity, that the data/message created
cept that maximizes the transparency as well as the con-
or owned by the known sender and the non-repudiation
trol over personal data for users. MyData has proposed a
property guarantees that the data is not altered, using
human-centric approach that empowers the user by plac-
a pair of keys with an asymmetric cryptographic algo-
ing him in the center of his data ecosystem. The main
rithm like RSA [22]. Over the years, more secure ver-
focus here is not owning the data (i.e. storing the data
sions of digital signatures have been developed. For in-
on the user’s own server), but to control the data flow
stance, Bitcoin, uses the Elliptic Curve Digital Signature
from data to service provider by controlling the asso-
Algorithm (ECDSA) for key generation [23].
ciated consents from the user to the respective service.
The orchestration of the above-described technolo-
While the approach of MyData, requires a significant
gies lead to the following characteristics (Tab. 1).
shift in the ecosystem and that service providers agree
Immutability Data written to database cannot be changed on this way of handling data, we sought to develop an
or deleted without consensus leading to approach that can enable a fair balance in the ecosys-
data integrity tem without support from the service provider, but only
Decentralization No single point of failure/control achieved
by decentralized architecture and a dis- through technology and legislative means. It needs to be
tributed database mentioned, that users also have little transparency over
Transparency All data sent through the blockchain is vis- the value of their data, which is currently used as a type
ible to all network participants
Pseudonymity The identity of data senders and receivers
of digital currency to pay for the use of a free service.
is unknown Service providers most often use personal data to tailor
Chronology Every transaction is time-stamped and can and improve their services as well as sell their user’s data
be traced back to third party providers for money. Our system design
Table 1. Characteristics of the Blockchain does not aim at avoiding the collection and usage of data
for service improvement, research, etc., but it aims at en-
Using blockchain as a tamper-proof ledger would abling the user to gain transparent insights and receive a
record the transfer and prove ownership of assets beyond monetary return for offering his personal data directly to
any doubt. This enables smart contracts, an idea con- other service providers. We deem that blockchain as a
ceptualized already 20 years ago [24]: the creation of vehicle of decentralisation, shifting the power from cen-

Page 6858
tralised service providers to the end users. Through the As mentioned above, the MyData principles are in-
characteristics mentioned in section 3, blockchain has corporated into the design guidelines. In the proposed
the potential to put control in the personal data ecosys- conceptual design, we ignore scenarios of data transfer
tem in the user’s hands with an increased trust that is dis- from one provider to another. We do not want to facil-
tributed among all parties. Furthermore, the immutable itate a data transfer between service providers as it is
and chronologic storage of consents and personal data not in line with the full control of the user data by the
transactions increases trust from the service providers’ user. The proposed system would be built on a private
perspective. Lastly, capturing the conditions of data and or permissioned blockchain with public visibility, which
monetary exchange between service providers and user means that anyone can view the transactions / blocks
through smart contracts omits the need for a third party on the blockchains and verify certain permitted validity
while ensuring a reliable way of storing and enforcing checks (as a public user), but the permissions of various
the agreements. Smart contracts increase the level of stakeholders for example who can make a transaction
trust from both sides at reduced costs, as the conditions or who can be data validator etc. are regulated by the
are stored in and executed through immutable code. governing body of the proposed system which typically
However, it is important to mention, that blockchain is includes major stakeholders.
not a suitable mean to store personal data on it as it is
replicated across many nodes, which will leads to lot of 4.2. System Overview
redundancy and at the same time the immutability as-
pect of blockchain conflicts with the GDPR right to be As illustrated in figure 1, the BPDIMS incorporates sev-
forgotten in case of personal data as the data once stored eral roles and components as further explained below.
on blockchain can not be deleted. Therefore, in order System Roles: The following are the key stakeholders
to address this challenge, we propose to use off-chain in the proposed system.
repository to store the personal data of users and let the
1. User: end users utilizing the system
blockchain store a hash data pointer to the storage loca-
tion of personal data on off-chain repository. In this way, 2. Service provider: company providing a service to
if some wants to use the GDPR right to be forgotten, user, either paid or free.
then the personal data on off-chain repository is deleted 3. Data purchaser: an entity (company or person) pur-
in order to comply with GDPR and the immutable hash chasing the user data for a specific stated purpose
data pointer stored on blockchain will be become null
and void and thereby becomes GDPR compliant. Next, 4. Data validators: entities who validate the user data to
we will introduce a human-centric approach and high- make sure that it contains what the user claims to be.
light the advantages of blockchain technology.
System Components: As illustrated in figure 1, the
4.1. System Design Guidelines system incorporates several components, namely three
blockchain layers: a smart contract blockchain, an ac-
The overarching goal of the system is to provide a holis- cess blockchain and an identity blockchain, the off-
tic, personal data management tool to the user, meaning chain data repository, and the user interface.
that the user of the system can expect full transparency Data Types: The system distinguishes between two dif-
and control over his personal data. We believe that this ferent types of data collection. On the one hand, we
can be achieved by creating a system that embodies the have a static identification data type, which is already in
following system design guidelines: control of the user. This can be the user’s name, age, ad-
dress, and personal information etc. The user can verify
1. User-centric: empowering the user his data by an institution (e.g. municipality) to use the
2. Transparency: user knows at any time how and by identification functionality (sec. 5.4) or to increase the
whom his data is utilised value of his data. On the other hand, we have a dynamic
3. New rights: GDPR-compliant give and revoke con- data type, which is generated while using a service and
sent for data processing, deletion and portability. is in the control of the service provider. This includes
shopping history, performance data in a fitness app, and
4. Data economy: provide a financial value to the data
social media data, among others. The distinction is im-
and facilitate the trading of it
portant, because each data type is captured differently.
5. Validated data: a repository with validated data that Blockchain Layers: The proposed system contain
is of high value to service providers. blockchain layers (fig. 1) as further described below.
6. Security: user data stored in an encrypted form with 1) Smart contract layer (Smart Contract Blockchain):
the secure storage of encryption keys The first layer is a Smart Contract Blockchain, which

Page 6859
 Figure 1. System Architecture for BPDIMS

is used to store conditions for data exchanges between: tributed hashtable as developed by [27], which is con-
(1) user and service providers, which are agreements nected to the data pointers of the access layer. This way,
on data export on a regular basis and (2) user and data data can be fragmented and is less attractive for hack-
purchaser, which are agreements to access and pay for ing, while accessing and finding the data in the database
datasets of the user. is highly efficient. These data repositories are not part
2) Access layer (Access Blockchain): The second layer of the blockchain and therefore we can name them as
will be implemented as a tool to ensure privacy, while off-chain repositories. Storing the personal data in the
taking advantage of the immutability and integrity char- off-chain repository allows the data to be deleted from
acteristics of blockchain technology. The idea is based the system, should users revoke their consent, which
on [26] who connect an offline storage through an ac- is in line with the GDPR. Moreover, all the user data
cess layer based on the blockchain. This framework in these off-chain repositories will be stored in an en-
enables users to control and own their personal data, crypted form using symmetric encryption keys that are
while service providers are guests with delegated per- owned by the respective user who owns the data. We
missions. Only the user can change this set of permis- also propose to use threshold encryption [28] scheme
sions and thereby access to the connected data. The ba- to split the key and distribute them to the third party
sis for the access management is a smart contract-fuelled key keepers using the established key exchange algo-
blockchain, so that the user can set automatically- rithms such as either with Diffie-Hellman key exchange
enforced time limits for the access of the data. After algorithm [29] or even using the public key infrastruc-
the time limit, the consent is automatically revoked. ture [20] to to securely exchange encryption keys store
3) Hash storage layer (Identity Blockchain) The third in a safe and distributed manner.
layer is used for storing hashes of data. These hashes are
created, when personal data of the user is verified by cer- User Interface (UI): The user interface has two main
tain trusted authorities like governmental organisations purposes: firstly, to give an overview over all personal
who could verify the user’s personal details. Part of this data of the user and secondly, to be able to manage all
verification process is creating a hash of the verified data the data and system functionalities. The system displays
that is immutably stored on this Identity Blockchain of all personal data that is stored at any service provider
the system. Whenever a service provider gets access to and the respective given consents (e.g. billing, targeted
this layer, he can verify personal data sent by the user advertising or newsletter mailing), the data selling his-
and thereby verifying the digital identity of that user. tory and all data that is currently stored on the off-chain
Off-chain repository: The user data will be stored repository of the user. The user can manage all data in
in the external online data repositories which could be the same system, which is based on giving and revoking
cloud storage database systems or any other online data consents to use the data and to access the data. The data
storage repositories. For example, the underlying per- is accessed either when it was purchased by a company
sonal storage system could be constructed as a dis- or when the user identifies himself through the system.

Page 6860
5. Functionality and Use Case Scenarios 4. Through the access layer the institution gets access
to the identity blockchain, and then stores a hash of
5.1. Adding User Data that information immutably.

One of the most essential prerequisite workflows of the 5.2. Consent Management
system is adding data to the off-chain repository, as this
is how the user gets ownership over his data and how The GDPR states that it shall be as easy to revoke con-
consents are connected to this data. Dynamic data refers sent as to give consent for the user regarding process-
to the data type that is created while using services and ing and storing of private data. Consent appears in our
inevitably - also - stored on the databases of the service system in three ways: 1) Consent for processing per-
providers. It is important that the user gains ownership sonal data in return for services 2) Consent for storing
and control over this data, while forwarding or replicat- personal data, and 3) Consent for selling/access to per-
ing this data to third parties is permitted through the con- sonal data. All user’s consents are stored on the Access
sent management component. To get hold of the data, Blockchain of the system. The second and third type
the system receives the data from the service providers. of consent regarding monetization and storage, however,
It is required by the GDPR to provide a data export of all also has a link to the Smart Contract Blockchain. While
the user’s data stored at the provider, which the system the consent is stored on the Access Blockchain, it is used
will takes advantage of. As shown in fig. 1, by send- to access data in the creation of smart contracts. The
ing a request for a full data export, the user gets control creation of the smart contract entails a different type of
over all data stored at the service provider. Moreover, consent, that is binding regardless of the initial consent,
the data received from the providers will be stored in the due to the new contractual agreement between the par-
off-chain data repositories in the encrypted format using ties. It must be noted that the consents regarding mon-
symmetric-key algorithms like Rijndael AES [30] and etisation and storage of personal data is given directly
we propose that the symmetric keys should preserved in the system UI. This process involves a request sent
using threshold cryptographic methods such as [28]. from the system on the user’s behalf with a valid signa-
Adding dynamic data from service providers: ture to the service provider in question. Obtaining in-
formation regarding a consent can however be a more
1. The smart contract holding the consent of the user au-
cumbersome process, depending on the technical imple-
tomatically triggers a request to the service provider
mentation method. Especially if the service provider in
requesting the user’s private data.
question is unwilling to partake in the ecosystem our
2. The service provider transfers the data in machine- system creates. With this in mind, we identified email
readable format to the system. and a API integration as the two most feasible options
3. The system transforms the data into the format for communication of consent between the system and
needed for the repository and adds it to it. service providers, where one option does not rule out the
other. Meaning the system could feasibly operate with
4. The smart contract requests data exports at pre-
both, depending on the service provider’s willingness to
defined time intervals.
participate.
Adding unverified identification data to the system: Give consent to service provider:
1. The user enters information into the system, such as 1. User agrees to terms and conditions of service
e-mail address. provider (gives consent)
2. The user classifies the privacy rules of this informa- 2. System sends request to service provider for all the
tion, e.g. from open through controlled to sensitive. user’s personal data.
3. The system stores this information as an unverified 3. Service Provider sends data to the system in a
data entry with the respective privacy setting. commonly-used and machine-readable format.
Adding verified identification data to the system: 4. System is updated with the information from the ser-
vice provider and displayed in the user’s UI.
1. The user finds the institution that is responsible for
5. If purpose for data processing or handling changes,
issuing the identity data.
service provider must ask for new consent, which is
2. The user enters the information into the system. updated in the system in the same manner.
3. The institution gets access to this information
Revoke consent from service provider:
through the access layer, as a consent transaction is
created that stores the shared identity. 1. User removes consent through UI.

Page 6861
2. System sends request to service provider to stop pro- 3. Data will be validated by the data validator who will
cessing and delete personal data regarding the user. serve as auditors validating the claims of user data in
3. System receives confirmation of deletion from ser- terms of what the user is claiming.
vice provider. 4. After the validation checks, the data validators puts
4. System deletes the information from interface and/or certification for the data, which will provide confi-
repository, based on user’s demands. dence to the data purchasers that they are buying the
user data which is validated by the data validators.
5.3. Data Monetization 5. Consent is put into smart contract between user and
data purchaser, pointing to the data in question.
Data has become a trade-able asset, which we most of-
ten trade for the usage of free services, often without Data purchaser buys data:
explicitly knowing for what purposes our data is used or
to what third party provider the data is sold. By facilitat- 1. The data purchaser can browse through the market-
ing the trade of datasets between user and data purchaser place and select datasets he wants to purchase. He
for a monetary compensation, the marketplace function- can retrieve all necessary information, such as price,
ality of our system attempts to enable the user and ser- data certification details from the overview page.
vice providers to participate in the data economy in a 2. When the data purchaser wants to purchase a partic-
more direct and transparent way. Receiving a monetary ular dataset, it is checked whether the data purchaser
reward for sharing personal data is not an unknown con- has sufficient means to purchase the data in question.
cept. There are various web services out there, that of-
fer to sell different parts of user data to third parties for 3. If this is the case a consent transaction is created
which users receive a recurring or one-time payment. on the access blockchain and together with the data
For instance, users can share their mobile behavioural pointer, compensation information and expiry date
data, or their browsing activity on particular websites. In stored in a smart contract.
fact, the data brokerage market is estimated to be 156$ 4. The compensation is transferred to the user.
billion in 2016. Seen from a data purchaser point of 5. The data purchaser gets access to the repository and
view, the aggregation of a large pool of diverse datasets can download the data files.
bears the opportunity to access data profiles that would
have been normally out of reach. Furthermore, datasets 5.4. Identity Management
would be verified by data validators, for instance partici-
pating ecosystem service providers guaranteeing for the As part of a holistic data management approach, the
quality of the data. In return for validation of data they platform also supports an identity management func-
would be rewarded with a portion of the money from the tionality. Both service providers as well as users can
sale of said data. AS the proposed system is designed as highly benefit from a blockchain-based solution. It can
a permissioned blockchain, the key stakeholders of the still take several days to onboard a customer for a new
blockchain (who act as the governing body) will decide service that requires verified data (e.g. requesting a loan
who can join the blockchain as a data validator. The at a bank), while the process costs large sums of money
authenticity of the data validators can be validated/mon- for the service providers.
itored by using the feedback from the data purchasers. User digitally identifies himself to a service provider:
In case, if there are any discrepancies noticed by the
1. a user wants to access a service, which the provider
data purchaser in the data validated by the data valida-
requests information for
tor, then that particular data validator may be warned
or even block-listed in case if the validation failures are 2. the user authenticates himself to the personal data
repeated. The consents given or revoked by the user are storage through his private key
stored on the blockchain and data purchasers can browse 3. A consent transaction is created on the blockchain
through the marketplace to find relevant datasets. Fi- with a shared identity of the service provider and the
nally, the data purchaser and user enter a smart contract, user. This gives the provider access to that data point
that enforces compensation and the access to the dataset. as well as the identity blockchain
Listing a dataset for sale:
4. the service provider can read run the information
1. User gives consent to what data, if any, can be sold through the stored hash and verify the information
in the user interface. 5. the user has successfully identified himself and the
2. System lists this data as for sale in the marketplace. provider has only the information needed

Page 6862
6. Discussion off-chain data repository will not lead to a data leak-
age. This is due to the encryption of the data repository
We will discuss the benefits of using blockchain to han- and the number of keys needed to decipher the data. As
dle a user-centric personal data management. one key from key keepers is not enough to decipher the
Improvements Using Blockchain: Due to the con- data, a malicious actor would have to compromise sev-
cept of immutability as part of blockchain, data stored eral key holders, which further increase the security of
on a blockchain cannot be changed without a consen- the system and decrease the likelihood of a data leakage.
sus amongst the participating nodes, which leads to a The User’s Perspective In the proposed system, a user
very high data integrity. The proposed blockchain sys- would be able to grant and revoke access to personal
tem stores the hashed data pointers pointing to the user data, but also monitor who has access to it and what
data on off-chain repositories, this provides guarantees it is being used for. This is a significant upgrade from
that the user data has not been altered by the user or today’s situation where most of us us have little knowl-
anyone else since the time it has been marked for sale. edge of where our private data is and what it is being
This kind of in-built trust provided by blockchain will used for. With access to personal data and insight to
be quite beneficial to the data purchasers as they can buy where the data is and what it is being used for, users
the data without worries about data provenance. More- are likely to become more aware of how they act. This
over the role of data validators and their certifications means users will be able to see how they navigate on-
will enhance the trust in the user data that put up for line and where they leave data traces on a more detail
sale. Blockchain provides complete transparency and level, which potentially will lead to higher awareness
verifiable proofs about various transactions related to the of users and deeper insights into their online behaviour.
user data and identity management, which will enhance The potential for monetisation of the user’s private data
trust and confidence in the system to all the stakehold- is another key change and benefit. However, a shift in
ers such as users, service providers and data purchasers transparency and access could also lead to several ben-
etc. Similarly, the anonymity feature of blockchain al- efits for companies, which will be discussed later, but
lows users to conceal identity and their personal infor- the broader access to data could result in a fairer market
mation whenever necessary, e.g. in the case of negotiat- with more competitors and cross sector usage of data. In
ing with a data purchasers and at the same time, the sys- general, the proposed approach significantly empowers
tem allows the users to reveal their identity in case if it the user with transparency and control as the main fea-
is needed. Finally the decentralised and distributed con- tures, with spillover effects to the services available and
sensus mechanisms of blockchain will provide guaran- the reward for usage.
tees against the system being taken by malicious actors Business Perspective: For service providers our sys-
easily. This means that unless a malicious actor controls tem can help facilitate compliance with the GDPR deal-
more than 51% of the network, a false entry or change ing with both consent and transparency in data han-
to the data will not be approved. dling. The incentive from a business perspective goes
Smart Contracts: Smart contracts allow us to use both through the monetization of selling data as a data
fully-automated self-enacting electronic contracts which validator and to buying data. The possibility of buying
means the automation and legal certainty of consents data of potential customers and users from competitors
and their management is significantly improved. More- within the industry and also across industries provides a
over, smart contracts operate as autonomous actors significant opportunity for companies to expand and im-
whose behaviour is completely predictable [8]. This prove services by getting in the intelligent insights into
is done while ensuring a very high integrity of the au- their customers. This incentive is particularly large for
thenticity of the contracts in question, as well as trans- smaller companies and startups that don’t have access to
parency of the system. Introduction of smart contracts data. Furthermore is the possibility to buy data to dis-
for creating and revoking consents will result in unam- cover new, potential market opportunities is another key
biguous legal contracts and it is easy for regulators and advantage that incentivises companies to engage with
auditors to investigate the claims in case of disputes be- the system.
tween the users and service providers/data purchasers.
Encrypted Data Storage: Through the implementa- 7. Conclusion and Future Work
tion of storing the user data in the encrypted form us-
ing symmetric-key cryptography and with the encryp- In this research work, we proposed a conceptual design
tion key of the user distributed over different key keep- and high-level architecture for a personal data and iden-
ers using threshold cryptographic methods, the system tity management system with key focus on providing
avoids a single point of failure. A compromise of the transparency and control over the usage of the personal

Page 6863
 data of users. Building on the foundations of blockchain technologies to decentralize and accelerate biomedical
and smart contract technologies with a human-centric research and healthcare,” Oncotarget, vol. 9, no. 5,
p. 5665, 2018.
focus, our proposed system provides high-level trust and
security and shifts the control over personal data to the [13] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman,
“Medrec: Using blockchain for medical data access and
end users in a transparent manner and facilitates the permission management,” in Open and Big Data (OBD),
functionality of creating and revoking consents for ac- International Conference on, pp. 25–30, IEEE, 2016.
cessing and selling their data to the companies that want [14] X. Yue, H. Wang, D. Jin, M. Li, and W. Jiang, “Health-
to buy user data. care data gateways: found healthcare intelligence on
blockchain with novel privacy risk control,” Journal of
In future, the secure data transfer from service medical systems, vol. 40, no. 10, p. 218, 2016.
providers to off-chain data repositories and the service
[15] L. Lamport, R. Shostak, and M. Pease, “The byzan-
provider integration will be explored. We want to work tine generals problem,” ACM Transactions on Program-
more in the direction of preparing a detailed specifica- ming Languages and Systems (TOPLAS), vol. 4, no. 3,
tion for the proposed system. We would like to use a pp. 382–401, 1982.
formal methods approach to derive a detailed specifica- [16] L. Xu, Highly available distributed storage systems.
tion by describing various interactions between different PhD thesis, California Institute of Technology, 1999.
stakeholders of the system in an unambiguous manner. [17] A. Back, “Hashcash-a denial of service counter-
measure.” http://www.hashcash.org/
papers/hashcash.pdf, 2002.
References
[18] BitFury Group, “Proof of stake versus proof of
[1] G. D. P. Regulation, “Regulation (eu) 2016/679 - direc- work.” http://bitfury.com/content/
tive 95/46,” Official Journal of the European Union (OJ), 5-white-papers-research/pos-vs-pow-1.
vol. 59, pp. 1–88, 2016. 0.2.pdf, 2015.
[2] C. Tankard, “What the gdpr means for businesses,” Net- [19] J. Carter and M. N. Wegman, “Universal classes of hash
work Security, vol. 2016, no. 6, pp. 5–8, 2016. functions,” Journal of Computer and System Sciences,
vol. 18, no. 2, pp. 143 – 154, 1979.
[3] O. K. Foundation and the Open Rights Group, “Personal
data and privacy working group,” 2014. [20] R. C. Merkle, “Protocols for public key cryptosystems,”
in Security and Privacy, 1980 IEEE Symposium on,
[4] A. Poikola, K. Kuikkaniemi, and H. Honko, “Mydata a pp. 122–122, IEEE, 1980.
nordic model for human-centered personal data manage-
ment and processing,” Finnish Ministry of Transport and [21] A. M. Antonopoulos, Mastering Bitcoin: unlocking dig-
Communications, 2015. ital cryptocurrencies. ” O’Reilly Media, Inc.”, 2014.
[5] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash [22] R. L. Rivest, A. Shamir, and L. Adleman, “A method
system,” 2008. for obtaining digital signatures and public-key cryptosys-
tems,” Communications of the ACM, vol. 21, no. 2,
[6] R. Böhme, N. Christin, B. Edelman, and T. Moore, pp. 120–126, 1978.
“Bitcoin: Economics, technology, and governance,”
The Journal of Economic Perspectives, vol. 29, no. 2, [23] D. Johnson, A. Menezes, and S. Vanstone, “The elliptic
pp. 213–238, 2015. curve digital signature algorithm (ecdsa),” International
journal of information security, vol. 1, no. 1, pp. 36–63,
[7] S. T. Ali, D. Clarke, and P. McCorry, “Bitcoin: Perils 2001.
of an unregulated global p2p currency,” in Cambridge
International Workshop on Security Protocols, Springer, [24] N. Szabo, “Formalizing and securing relationships on
2015. public networks,” First Monday, vol. 2, Sep 1997.
[8] K. Christidis and M. Devetsikiotis, “Blockchains and [25] M. Swan, Blockchain: Blueprint for a new economy. ”
smart contracts for the internet of things,” IEEE Access, O’Reilly Media, Inc.”, 2015.
vol. 4, pp. 2292–2303, 2016.
[26] G. Zyskind, O. Nathan, and A. Pentland, “Enigma: De-
[9] G. Zyskind, O. Nathan, et al., “Decentralizing privacy: centralized computation platform with guaranteed pri-
Using blockchain to protect personal data,” in Security vacy,” arXiv preprint arXiv:1506.03471, 2015.
and Privacy Workshops (SPW), 2015 IEEE, pp. 180–184,
IEEE, 2015. [27] P. Maymounkov and D. Mazieres, “Kademlia: A peer-to-
peer information system based on the xor metric,” in In-
[10] N. Kaaniche and M. Laurent, “A blockchain-based data ternational Workshop on Peer-to-Peer Systems, pp. 53–
usage auditing architecture with enhanced privacy and 65, Springer, 2002.
availability,” in Network Computing and Applications
(NCA), 2017 IEEE 16th International Symposium on, [28] A. Shamir, “How to share a secret,” Communications of
pp. 1–5, IEEE, 2017. the ACM, vol. 22, no. 11, pp. 612–613, 1979.
[11] A. Yasin and L. Liu, “An online identity and smart con- [29] G. Al-Aali, B. Boneau, and K. Landers, “Diffie-hellman
tract management system,” in Computer Software and key exchange,” Proceedings of CSE 331, Data Structures
Applications Conference (COMPSAC), 2016 IEEE 40th Fall 2000, vol. 67, 2000.
Annual, vol. 2, pp. 192–198, IEEE, 2016. [30] J. Daemen and V. Rijmen, The design of Rijndael: AES-
[12] P. Mamoshina, L. Ojomoko, Y. Yanovich, A. Os- the advanced encryption standard. Springer Science &
trovski, A. Botezatu, P. Prikhodko, E. Izumchenko, Business Media, 2013.
A. Aliper, K. Romantsov, A. Zhebrak, et al., “Converg-
ing blockchain and next-generation artificial intelligence

Page 6864

View publication stats