Galia Kondova
ABSTRACT
This paper studies three existing technical solutions for a self-sovereign identity on blockchains and analyzes the arising issues related to the General Data Protection Regulation (GDPR) of the European Union (EU). In particular, the paper provides an overview of the existing Sovrin self-sovereign identity on the Hyperledger Indy public permissioned blockchain as well as uPort and Jolocom on the Ethereum public permissionless blockchain. The paper then concludes with a discussion on the GDPR-compliance of the blockchain-based identity concepts.
- EU Blockchain Observatory and Forum, "Blockchain and Digital Identity," 2019. Available at https://www.eublockchainforum.eu/reports (All links accessed December 2019)Google Scholar
- F. Zbinden and G. Kondova, "Economic Development in Mexico and the Role of Blockchain," Advances in Economics and Business, vol. 7, no. 1, pp. 55--64, Jan. 2019.Google Scholar
- D. He et al., "Virtual Currencies and Beyond: Initial Considerations," IMF Staff Discussion Notes, vol. 16, no. 03, p. 1, 2016.Google ScholarCross Ref
- EU Blockchain Observatory and Forum, "Blockchain and the GDPR," 2019. Available at https://www.eublockchainforum.eu/reportsGoogle Scholar
- World Wide Web Consortium (W3C), "Decentralized Identifiers (DIDs) v1.0: Core Data Model and Syntaxes," 2019. Available at https://w3c.github.io/did-core/#did-documentGoogle Scholar
- World Wide Web Consortium (W3C), "DID Method Registry", 2019. Available at https://w3c-ccg.github.io/did-method-registry/Google Scholar
- Sovrin Foundation, "Sovrin: A Protocol and Token for Self-Sovereign Identity and Decentralized Trust," 2018. Available at https://sovrin.org/library/sovrin-protocol-and-token-white-paper/Google Scholar
- A. Tobin, "Sovrin: What Goes on the Ledger?," Evernym White Paper, 2018. Available at https://www.evernym.com/wp-content/uploads/2017/07/What-Goes-On-The-Ledger.pdfGoogle Scholar
- uPort Specs, 2019. Available at: https://github.com/uport-project/specsGoogle Scholar
- uPort PKI, 2019. Available at: https://github.com/uport-project/specs/blob/develop/pki/index.mdGoogle Scholar
- Jolocom, A Decentralized, Open Source Solution for Digital Identity and Access Management, Whitepaper 2.1, December 2019. Available at https://jolocom.io/wp-content/uploads/2019/12/Jolocom-Whitepaper-v2.1-A-Decentralized-Open-Source-Solution-for-Digital-Identity-and-Access-Management.pdfGoogle Scholar
- General Data Protection Regulation (GDPR), 2016. Available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679Google Scholar
- aepd EDPS, Introduction to the Hash Function as a Personal Data Pseudonymisation Technique, October 2019. Available at https://edps.europa.eu/sites/edp/files/publication/19-10-30_aepd-edps_paper_hash_final_en.pdfGoogle Scholar
- J. Erbguth, "Datenschutzkonforme Verwendung von Hashwerten auf Blockchains," Multimedia und Recht 2019, no. 10, pp. 654--660.Google Scholar
- J. Erbguth, "Five Ways to GDPR-Compliant Use of Blockchains," European Data Protection Law Review 2019, no. 3, pp. 427--433.Google ScholarCross Ref
- Article 29 Working Party, "Opinion 1/2010 on the concepts of 'controller' and 'processor'," 2010, 00264/10/EN WP 169, 9, endorsed by the European Data Protection Board on 25 May 2018. Available at https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2010/wp169_en.pdfGoogle Scholar
- B. G. Rauber, "Grzeszick/Rauber: Anwendbarkeit der DS-GVO durch Einschaltung Dritter?," Zeitschrift für Datenschutz, no. 12, pp. 560--564, 2018.Google Scholar
- CNIL, "Premiers éléments d'analyse de la CNIL - Blockchain," Sep-2018. Available at https://www.cnil.fr/sites/default/files/atoms/files/la_blockchain.pdfGoogle Scholar
- J. Erbguth and J. Galileo, "Erbguth/Fasching: Wer ist Verantwortlicher einer Bitcoin-Transaktion?," Zeitschrift für Datenschutz, no. 12, pp. 560--565, 201.Google Scholar
- European Court of Justice, Case C-101/01 Lindqvist (2003) ECR I-12971Google Scholar
Index Terms
- Self-sovereign identity on public blockchains and the GDPR
Recommendations
Design Patterns for Blockchain-based Self-Sovereign Identity
EuroPLoP '20: Proceedings of the European Conference on Pattern Languages of Programs 2020Self-sovereign identity is a new identity management paradigm that allows entities to really have the ownership of their identity data and control their use without involving any intermediary. Blockchain is an enabling technology for building self-...
Blockchain-Based Self-Sovereign Identity: Survey, Requirements, Use-Cases, and Comparative Study
WI-IAT '21: IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent TechnologyIdentity is at the heart of digital transformation. Successful digital transformation requires confidence in and protection of digital identities. On the Internet, however, there is no unique and standard identity layer. Consequently, a variety of ...
Tension between GDPR and Public Blockchains: A Data-Driven Analysis of Online Discussions
SIN 2020: 13th International Conference on Security of Information and NetworksSince coming into effect in May 2018, the EU General Data Protection Regulation (GDPR) has raised serious concerns among users of public (permissionless) blockchain systems. Such concerns are triggered by a tension between some unique characteristics ...
Comments