Towards Informational Self-determination: Data Portability Requests Based on GDPR by Providing Public Platforms for Authorised Minimal Invasive Privacy Protection


The Universal Declaration of Human Rights (UDHR) defines that no human being should be subjected to arbitrary interference with his privacy. Yet last decade´s digital platform progress has been legally widely unframed and untamed. Therefore, both collection and commercial use of personal data has become a widespread and profitable business model in which individuals currently practically have very little power. European Union´s General Data Protection Regulation (GDPR) rebalances rights and obligations of data controllers processing personal data and data subjects whose data are being processed. Well-tailored and targeted use of blockchain technologies enables system transactions that strengthen individual regain of control over personal data and securely transfer it. The proposed system (PPAMIPP, public platform for authorised minimal invasive privacy protection) allows data subjects to claim the personal data processed by them and request their transfer in accordance with the GDPR by defining a respective novel process and supporting technical architecture. The proposed system is validated using a prototype implementation. In addition to demonstrating the feasibility of the system while maintaining confidentiality and integrity, the trade-offs between privacy and usability, as well as general problems of the defined process from legal and technical viewpoints, are highlighted.

Poster: BLOCKCHAIN'21: 3rd International Congress on Blockchain and Applications, Salamanca, Spain; 10-06-2021 - 10-08-2021; in: “Proceedings of Blockchain'21”, Springer, Cham, vol 320 (2021), ISBN: 978-3-030-86161-2; 1 - 4
Thomas Grechenig
Thomas Grechenig
Ao.Univ.Prof. Dipl.-Ing. Dr.techn.