A Blockchain-based Approach for Data Accountability and Provenance Tracking
Ricardo Neisse, Gary Steri, Igor Nai-Fovino
The recent approval of the General Data Protection Regulation (GDPR) imposes
new data protection requirements on data controllers and processors with
respect to the processing of European Union (EU) residents' data. These
requirements consist of a single set of rules that have binding legal status
and should be enforced in all EU member states. In light of these requirements,
we propose in this paper the use of a blockchain-based approach to support data
accountability and provenance tracking. Our approach relies on the use of
publicly auditable contracts deployed in a blockchain that increase the
transparency with respect to the access and usage of data. We identify and
discuss three different models for our approach with different granularity and
scalability requirements where contracts can be used to encode data usage
policies and provenance tracking information in a privacy-friendly way. From
these three models we designed, implemented, and evaluated a model where
contracts are deployed by data subjects for each data controller, and a model
where subjects join contracts deployed by data controllers in case they accept
the data handling conditions. Our implementations show in practice the
feasibility and limitations of contracts for the purposes identified in this
paper.