تحلیل کاربردها و چالشهای پیشروی فناوری زنجیرهبلوکی در حوزه مقررات حفاظت از دادههای عمومی (GDPR)
محورهای موضوعی : مجله فناوری اطلاعات در طراحی مهندسی
مهدی سیدهاشمی
1
,
حسن شاکری
2
*
,
ابوذر عرب سرخی
3
,
رحیم خانیزاد
4
1 - گروه مهندسی کامپیوتر، واحد سبزوار، دانشگاه آزاد اسلامی، سبزوار، ایران
2 - گروه مهندسی کامپیوتر، واحد مشهد، دانشگاه آزاد اسلامی، مشهد، ایران
3 - پژوهشگاه ارتباطات و فناوری اطلاعات، تهران، ایران
4 - دانشکده مدیریت، اقتصاد و فناوری پیشرفت، دانشگاه علم و صنعت
کلید واژه: زنجیرهبلوکی, GDPR, الزامات حفاظت از داده,
چکیده مقاله :
رشد کاربرد فناوریهای نوظهور در صنایع مختلف و افزایش حجم و سرعت تولید و انتشار دادهها باعث افزایش نگرانیها در زمینه حفاظت از دادههای شخصی شده است. دولتها و نهادهای قانونگذار قوانینی در جهت صیانت از حریم خصوصی کاربران تدوین کردهاند که یکی از جامعترین آنها GDPR است که توسط اتحادیه اروپا تدوین شده و مسئولیتها و وظایفی را بر سازمانها، کسبوکارها و نهادهای نظارتی تحمیل میکند تا از دادههای شخصی کاربران محافظت شود. در میان فناوریهای نوظهور، زنجیرهبلوکی توجه بسیاری را در زمینه صیانت از حریمخصوصی و GDPR به خود جلب کردهاست. زنجیرهبلوکی بهدلیل قابلیت ردیابی، شفافیت و امنیت، راهحلهای نوآورانهای در زمینه حفاظت از دادهها ارائه میکند. از سوی دیگر، معماری توزیعشده، تغییرناپذیری و عدم حداقلسازی فضایذخیرهسازی توسط زنجیرهبلوکی، باعث ایجاد چالشهایی در زمینه انطباق این فناوری با الزامات GDPR شده است. در این مقاله به بررسی انطباق فناوری زنجیرهبلوکی با چارچوب این قوانین از دو منظر معماری و قابلیتی و وارسی جزئی ويژگیهای تسهیلگر و بازدارنده این فناوری با قوانین مذکور پرداختهایم و تعدادی از راهحلهای ارائهشده در جهت رفع بازدارندگی این فناوری در پیروی از GDPR، از جمله ذخیرهسازی داده در خارج از زنجیره و استفاده از توابع درهمساز را مورد تحلیل قرار دادهایم.
The growth of the use of emerging technologies in various industries and the increase in the volume and speed of data production and dissemination have increased concerns in the field of personal data protection. Governments and legislative bodies have developed laws to protect users' privacy, including GDPR, which was developed by the European Union and imposes responsibilities and duties on organizations, businesses and regulatory bodies to protect users' personal data. Among emerging technologies, blockchain has attracted much attention in the field of privacy protection and GDPR. Blockchain provides innovative solutions in the field of data protection due to its traceability, transparency and security. On the other hand, blockchain's distributed architecture, immutability, and non-minimization of storage space have created challenges in the field of compliance of this technology with GDPR requirements. In this article, we examine the compliance of blockchain technology with the framework of these laws from two architectural and functional perspectives, and a partial verification of the facilitating and inhibiting features of this technology with the aforementioned laws, and a number of solutions provided to remove the inhibition of this technology in complying with GDPR, including storage We have analyzed the data off-chain and the use of hashing functions.
[1] J. G. R. R. Philipp Sandner, "Convergence of Blockchain, IoT and AI," Frontiers in Blockchain, vol. 3, 2020.
[2] Z. K. Y. G. Angela Mottaeva, "Impact of the digital economy on the development of economic systems," E3S Web of Conferences, vol. 381, 2023.
[3] World Economic Forum, PWC, "Unlocking Technology for the Global Goals," World Economic Forum, 2020.
[4] R. G. B. D. Y. Philip Treleaven, "Blockchain Technology in Finance," Computer, vol. 50, no. 9, pp. 14-17, 2017.
[5] S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System".
[6] A. H. R. P. S. S. K. S. Mohd Javaid, "Blockchain: Research and Applications," Blockchain: Research and Applications, vol. 2, 2021.
[7] L. Yang, "The blockchain: State-of-the-art and research challenges," Journal of Industrial Information Integration, vol. 15, pp. 80-90, 2019.
[8] A. M. Elena Karafiloski, "Blockchain Solutions for Big Data Challenges: A Literature Review," in 17th International Conference on Smart Technologies, Ohrid, 2017.
[9] S. Y. Q. Y. K. H. S. J. R. D. Jing Chen, "Certchain: Public and efficient certificate audit based on blockchain for tls connections," in IEEE Conference on Computer Communications, Honolulu, 2018.
[10] M. A. A. A. G. A. G. W. Hany F. Atlam, "A Review of Blockchain in Internet of Things and AI," Big Data and Cognitive Computing, vol. 4, 2020.
[11] Z. Z. Y. Z. Hong-Ning Dai, "Blockchain for Internet of Things: A Survey," IEEE Internet of Things Journal, vol. 6, no. 2, pp. 8076-8094, 2019.
[12] M. D. M. M. A. D. L. M. H. J. Mohamed Amine Ferrag, "Blockchain Technologies for the Internet of Things: Research Issues and Challenges," IEEE Internet of Things Journal, vol. 6, no. 2, pp. 2188-2204, 2019.
[13] B. B. S. S. N. K. I. Y. H.-C. C. Ashok Kumar Das, "AI-Envisioned Blockchain-Enabled Signature-Based Key Management Scheme for Industrial Cyber–Physical Systems," IEEE Internet of Things Journal, vol. 9, no. 9, pp. 6374-6388, 2022.
[14] S. R. J. H. P. Sushil Kumar Singh, "BlockIoTIntelligence: A Blockchain-enabled Intelligent IoT Architecture with Artificial Intelligence," Future Generation Computer Systems, vol. 110, pp. 721-743, 2020.
[15] Y. W. C. Q. Q. L. J. L. Z. M. Ying He, "Blockchain-Based Edge Computing Resource Allocation in IoT: A Deep Reinforcement Learning Approach," IEEE Internet of Things Journal, vol. 8, no. 4, pp. 2226-2237, 2021.
[16] E. P. G. S. A. T. A. T. Ashutosh Sharma, "Sustainable Smart Cities: Convergence of Artificial Intelligence and Blockchain," Sustainability, vol. 13, 2021.
[17] E. B. J. M. R. Subhi M. Alrubei, "A Secure Blockchain Platform for Supporting AI-Enabled IoT Applications at the Edge Layer," IEEE Access, vol. 10, pp. 18583-18595, 2022.
[18] N. M. B. S. C. T. N. Lubna Luxmi Dhirani, "Ethical Dilemmas and Privacy Issues in Emerging Technologies: A Review," Sensors, vol. 23, 2023.
[19] A. S. S. M. M. H. Léo-Paul Dana, " Investigating the Impact of International Markets and New Digital Technologies on Business Innovation in Emerging Markets," Sustainability, vol. 14, 2022.
[20] C. S. Varda Mone, "An Analysis of the GDPR Compliance Issues Posed by New Emerging Technologies," Legal Information Management, vol. 22, no. 3, pp. 166-174, 2022.
[21] M. H. A. T. Nihit Goyal, "Why and how does the regulation of emergingtechnologies occur? Explaining the adoption of the EUGeneral Data Protection Regulation using the multiplestreams framework," Regulation & Governance, vol. 15, pp. 1020-1034, 2021.
[22] M. R. M. H. Araz Taeihagh, "Assessing the regulatory challenges of emerging disruptive technologies," Regulation & Governance, vol. 15, pp. 1009-1019, 2021.
[23] A. P. K. C. H. C. V. P. S. M. S. R. Alexis Kateifides, "Comparing privacy laws: GDPR v. Russian Law on Personal Data," OneTrust DataGuidance, Gorodissky & Partners, 2022.
[24] H. W. W. Caming, "Protection of personal data in the United States," The Information Society, 1984.
[25] O. o. t. P. C. o. Canada, 01 05 2024. [Online]. Available: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/.
[26] C. A. A. M. Colin J.Bennett, "Real and Substantial Connections: Enforcing Canadian Privacy Laws Against American Social Networking Companies," SSRN Electronic Journal, 2013.
[27] R. Creemers, "China's emerging data protection framework," Journal Of Cybersecurity, 2022.
[28] I. Kaori, "Advancements in the Personal Information Protection System in Japan," Global Privacy Law Review , 2020.
[29] S. Saeki, "Impact of the “Amendments to the Act of the Protection of Personal Information” to Global Health Research Conducted in Japanese Medical Facilities," Journal of Epidemiology, 2022.
[30] A. Savelyev, "Russia's new personal data localization regulations: A step forward or a self-imposed sanction?," Computer Law & Security Review, 2016.
[31] THE EUROPEAN PARLIAMENT, THE COUNCIL, "REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL," Official Journal of the European Union , 2016.
[32] N. Terry, "Existential challenges for healthcare data protection in the United States," Ethics, Medicine and Public Health, 2017.
[33] Y. C. R. L. Xiaojie Li, "Research Under China’s Personal Information Law," Science, 2022.
[34] K. S. G. M. L. Y. G. Nguyen Binh Truong, "GDPR-Compliant Personal Data Management: A Blockchain-Based Solution," IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1746-1761, 2019.
[35] J. Kingston, "Using artificial intelligence to support compliance with the general data protection regulation," Artificial Intelligence and Law , vol. 25, p. 429–443, 2017.
[36] G. S. A. J. T. L. K. A. D. O. F. M. C. R. R. Masoud Barati, "Privacy-Aware Cloud Auditing for GDPR Compliance Verification in Online Healthcare," IEEE Transactions on Industrial Informatics, vol. 18, no. 7, pp. 4808-4819, 2022.
[37] European Parliamentary Research Service, "Blockchain and The General Data Protection Regulation," July 2019. [Online]. Available: https://www.europarl.europa.eu/RegData/etudes/STUD/2019/634445/EPRS_STU(2019)634445_EN.pdf. [Accessed May 2024].
[38] W. D. Peyo Hristov, "The blockchain as a backbone of GDPR compliant frameworks," in 8th International Multidisciplinary Symposium, Romania, 2018.
[39] E. A. Y. L. S. L. Rahime Belen-Saglam, "A systematic literature review of the tension between the GDPR and public blockchain systems," Blockchain: Research and Applications, vol. 4, no. 2, 2023.
[40] A. D. A. D. S. B. Rahul Dutta, "Blockchain vs GDPR in Collaborative Data Governance," in 17th International Conference on Cooperative Design, Visualization and Engineering (CDVE), Bangkok, 2020.
[41] J. W. B. S. Sina Rafati Niya, "A Case Study of a Blockchain-GDPR Adaptation," in IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Shanghai, 2022.
[42] D. Matsson, "GDPR, Blockchain & Personal data," [Online]. Available: https://gupea.ub.gu.se/bitstream/handle/2077/70713/gupea_2077_70713_1.pdf;jsessionid=7AFBC5B34FA395A4F932D4AC69545D44?sequence=1. [Accessed May 2024].
[43] IBM Security, "Blockchain and GDPR," March 2018. [Online]. Available: https://iapp.org/media/pdf/resource_center/blockchain_and_gdpr.pdf. [Accessed May 2024].
[44] CMS Law, "The tension between GDPR and the rise of blockchain technologies," January 2019. [Online]. Available: https://cms.law/en/media/international/files/publications/publications/the-tension-between-gdpr-and-the-rise-of-blockchain-technologies. [Accessed May 2024].
[45] A. K. M. N. I. S. H. B. N. K. S. Akm Bahalul Haque, "GDPR Compliant Blockchains–A Systematic Literature Review," IEEE Access, vol. 7, 2021.
[46] K. Y. X. C. Yangheran Piao, "A Data Sharing Scheme for GDPR-Compliance Based on Consortium Blockchain," Future Internet, vol. 13, no. 8, 2021.
[47] Google Cloud, "Blockchain Node Engine terminology," 3 June 2024. [Online]. Available: https://cloud.google.com/blockchain-node-engine/docs/terms. [Accessed 5 June 2024].
[48] Deloitte Insight, "Blockchain: A Technical Primer," Deloitte, 2018.
[49] IBM, "What is Blockchain?," IBM, [Online]. Available: https://www.ibm.com/topics/what-is-blockchain. [Accessed May 2024].
[50] National Institute of Standards and Technology, "Blockchain Technology Overview," U.S. Department of Commerce, Washington, D.C., 2018.
[51] World Economic Forum, PwC, Stanford Woods Institute for the Environment, "Building Block(chain)s for a Better Planet," World Economic Forum, Geneva, 2018.
[52] N. B. K. S. Henry Rossi Andrian, "Blockchain Technology and Implementation : A Systematic Literature Review," in International Conference on Information Technology Systems and Innovation (ICITSI), Bandung, 2018.
[53] S. X. H. D. X. C. H. W. Zibin Zheng, "An overview of blockchain technology: architecture, consensus, and future trends," in IEEE 6th International Congress on Big Data, 2017.
[54] T. E.-R. E. H. I. E. Thomas Buocz, "Bitcoin and the GDPR: Allocating responsibility in distributed networks," Computer Law & Security Review, vol. 35, no. 2, pp. 182-198, 2019.
[55] N. Kshetri, "Blockchain's roles in strengthening cybersecurity and protecting privacy," Telecommunications Policy, vol. 41, no. 10, pp. 1027-1038, 2017.
[56] J. J. Xu, "Are blockchains immune to all malicious attacks?," Financial Innovation, vol. 2, 2016.
[57] Z. M. M. A. Jannah Yusoff, "A Review: Consensus Algorithms on Blockchain," Journal of Computer and Communications, vol. 10, pp. 37-50, 2022.
[58] A. G. Karl Wüst, "Do you Need a Blockchain?," in Crypto Valley Conference on Blockchain Technology (CVCBT), Zug, Switzerland, 2018.
[59] Y. H. M. P. Efpraxia Zamani, "On the Security Risks of the Blockchain," Journal of Computer Information Systems, vol. 60, no. 6, p. 495–506, 2020.
[60] J. W. G. C. R. L. B. C. O. K.-L. T. Tien Tuan Anh Dinh, "BLOCKBENCH: A Framework for Analyzing Private Blockchains," in ACM International Conference on Management of Data, 2017.
[61] Stanford Online, "Popular blockchain use cases across industries," Stanford University, [Online]. Available: https://online.stanford.edu/popular-blockchain-use-cases-across-industries. [Accessed June 2024].
[62] I. Z. M. A. J. L. W. N. Imran Makhdoom, " PrivySharing: A Blockchain-Based Framework for Privacy-Preserving and Secure Data Sharing in Smart Cities," Computers & Security, 2019.
[63] J. R. Y. L. T. Julien Polge, "Permissioned blockchain frameworks in the industry: A comparison," ICT Express, vol. 7, no. 2, pp. 229-233, 2021.
[64] State of California Department of Justice, "California Consumer Privacy Act (CCPA)," 13 March 2024. [Online]. Available: https://oag.ca.gov/privacy/ccpa. [Accessed 9 June 2024].
[65] "Health Information Privacy," [Online]. Available: https://www.hhs.gov/hipaa/index.html. [Accessed 9 June 2024].
[66] Deloitte, "The China Personal Information Protection Law (PIPL)," Deloitte, 2021.
[67] Russian Federation, "Federal Law On Personal Data (152-FZ)," 27 July 2006. [Online]. Available: https://pd.rkn.gov.ru/docs/Federal_Law_On_personal_data.doc. [Accessed 9 June 2024].
[68] "مطالعۀ اجمالی حمایت از دادههای شخصی در نظام حقوقی ایران و سند مقررات عمومی حفاظت از دادههای اتحادیۀ اروپا," حقوق فناوری های نوین, vol. 2, no. 4, pp. 1-22, ۱۴۰۰.
[69] R. K. H. H. K. F. Thomas Linden, "The Privacy Policy Landscape After the GDPR," in Proceedings on Privacy Enhancing Technologies (PoPETs), 2020.
[70] M. W. Florian Zemler, "Blockchain and GDPR: Application Scenarios and Compliance Requirements," in Portland International Conference on Management of Engineering and Technology (PICMET), Portland, 2019.
[71] D. M. D. D. A. B. C. A. R. B. Mark Foy, "Blockchain-based governance models for COVID-19 digital health certificates: A legal, technical, ethical and security requirements analysis," Procedia Computer Science, vol. 198, pp. 662-669, 2022.
[72] J. D. M. C. M. &. J. S. Jean Bacon, "Blockchain Demystified: A Technical and Legal Introduction to Distributed and Centralised Ledgers," Richmond Journal of Law and Technology, vol. 25, no. 1, 2018.
[73] E. A. C. P. F. C. M. A. Eugenia Politou, "Delegated content erasure in IPFS," Future Generation Computer Systems, vol. 112, 2020.
[74] N. R. J. L. R. B. E. P. A. J. I. K. C. H. &. J. P. Vinden Wylde, "Cybersecurity, Data Privacy and Blockchain: A Review," SN Computer Science, vol. 3, 2022.
[75] K. J. Abhishek Mahindrakar, "Automating GDPR Compliance Using Policy Integrated Blockchain," in IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), 2020.
[76] N. K. B. L. M. F. M. H. Y. Q. Mamoona N. Asghar, "Visual Surveillance Within the EU General Data Protection Regulation: A Technology Perspective," IEEE Access, vol. 7, 2019.
[77] P. R. Mehdi Benchoufi, "Blockchain technology for improving clinical research quality," Trials, 2017.
[78] S. Y. M. N. R. R. O. E. M. A. Javed Ahmed, "GDPR Compliant Consent Driven Data Protection in Online Social Networks: A Blockchain-Based Approach," in 3rd International Conference on Information and Computer Technologies (ICICT), 2020.