DOI QR코드

DOI QR Code

A Study on the Effect of Blockchain on Personal Information Protection

  • Received : 2019.09.16
  • Accepted : 2019.09.30
  • Published : 2019.09.30

Abstract

In this paper, Blockchain is mentioned as the next-generation core IT technology. As an immature technology, there are not many practical use cases, but it is expected to be widely applied in various industries such as cryptocurrency, finance, public, etc. to increase efficiency and enable new services that did not exist in the past. Nevertheless, the generalization of blockchain technology is still difficult. In particular, from the viewpoint of personal information protection, GDPR of Europe, etc., is becoming stronger. Considering that the core of the blockchain is the change of information sharing and processing method, it is very important how the blockchain can affect, especially from the viewpoint of privacy, and how the Privacy Act can be applied to the blockchain. However, the discussion on this part also seems to be insufficient. Therefore, in this paper, blockchain By analyzing the implications and implications of technologies and services using them from the perspective of the Privacy Act, we will discuss how the blockchain will be used to prevent leakage of privacy.

Keywords

I. INTRODUCTION

Blockchain is being talked about as the next major IT technology. Although there are not many cases of actual use as immature technology, it is widely applied in various industries such as cryptocurrency, finance, and public sectors to increase efficiency and enable new services that did not exist previously [1-3]. Nevertheless, as to the legal implications of the universalization of blockchain technology, it seems that at least not enough analysis has been made in our country. In particular, considering that the core of blockchain is changes in information sharing and processing methods, it seems important to consider how blockchain can be affected, especially from the point of view of privacy, and how the privacy law can be applied to block chain, but there is not enough discussion in Korea yet. Therefore, this paper will study technologies andimprovement measures to protect personal information protection using the desired blokchain by analyzing the meaning and implications of blockchain technologies and their services from the perspective of the Privacy Act I will also deal with the introduction in Chapter 1. Chapter 2 discusses blockchain and personal information protection, while Chapter 3 shows the final conclusions in Chapter 4 of the technologies and services required when blockchain is connected to personal information. This addresses the paper that incorporates blockchain into the required personal information. And personal information protection becomes very important in Europe's GDPR, the US Privacy Act, and Asia's Privacy Act. Due to the leakage of personal information, there is still leakage of personal information using hacking etc. based on cyber attacks using internet weaknesses such as phishing, pharming, and smishing. Therefore, the proposals were made on the basis of Anonymous, Autonomy, Openness, Programmable, Traceability, Tamper Proof, and Collectively Maine, which are characteristics of blockchain to prevent such Internet authentication.

 

II. Related Research

This paper has various technologies on blockchain, needs for personal information protection, and problems such as GDPR. It also reviews the concept and characteristics of block chain and deals with specific personal information utilization situations in open blockchain and specific block chain services in order to provide specific analysis from the perspective of the Privacy Act [4-6].

 

2.1. Blockchain

Blockchain is a ledger management technology based ondistributed computing technology where small data undermanagement is stored in a chain-type, link-based distributed data storage environment created based on the P2P method, so that no one can modify it at random and any one can see the results of the change. This is essentially a form of distributed data storage technology, designed to prevent arbitrary manipulation by operators of distributed nodes as a list of changes that have been continuously changed on all participating nodes. Blockchain technology is used for most cryptocurrency transactions, including bitcoin. Because the transaction process of cryptocurrency is used for de-centralized electronic books, the server runson each computer of many users running block chains of tware, enabling free trade between individuals without central banks [7-9]. Blockchain can be seen as an agreement convergence algorithm that ensures that data on books stored distributed across each node is always availableamong large nodes. This capability enables the node to runanonymously, or even involve a poorly connected or evenuntrusted operator. The node of the cryptocurrency has apartial or full blockchain. This eliminates the need to have a centralized database that systems like PayPal need. Whereas the ordinary book records the exchange of checks, receipts, or promissory notes, blockchain is itself a trading book and is a trade certificate [10]. Bitcoin expresses that itexists in the form of unpaid results of transactions. Transactions in blockchain format will be distributed toblock chain networks through software apps such as Bitcoinwallet apps. The nodes in the blockchain network verify the transaction, then add the deal to their books. And the dealspreads the added books to other nodes in the network. These blockchain also suggest a new paradigm intraditional cryptography [Fig. 1].

 

E1MTCD_2019_v6n3_125_f0001.png 이미지

Fig. 1. Peer-to-Peer System for Blockchain.

 

2.2. Type of Blockchain

Public blockchain is operated through the Internet and is freely available to anyone without the operator's permissionto participate in the blockchain network. Anyone can participate in the network by receiving an address (such as a Bitcoin address) for the transaction and downloading and using software to operate the node. That is, anyone can be come a blockchain node, add records to the block, and approve transactions. Because of this feature, it is alsocalled "permissionless blockchain" or "unpermitted block chain. " And in a private blockchain or private block chain, there is a principal who runs the network, and these entities have the authority to decide whether or not toparticipate in the network of new participants and therelevant rules [Fig. 2]. This is also referred to as a consotium blockchain. As such authority is granted to one principal or institution, aspects similar to traditional centralized methods are also found, such as rule changes ormodifications to existing records. In other words, it is likely that these entities are almost equivalent to TTP (the Privacy Act). Finally, semi-public blockchain (converged block chain) is a combination of open and private block chain, in which participation in the network is controlled by a free-flow or some pre-selected participants [11-13].

 

E1MTCD_2019_v6n3_125_f0002.png 이미지

Fig. 2. Type of Blockchain.

 

2.3. Privacy

Information on living individuals, such as names, resident registration numbers, and videos, can be easily combined with other information, even if it is not possible to recognize a particular individual. And personal information is information about identified oridentifiable surviving individuals and takes the basic principles of OECD privacy [14-17]. This includesidentifying an individual easily combined with otherinformation, even though the information alone does notidentify the individual. And the concept and scope of personal information brings about the diversification of the types of personal information that should be protected by continuously expanding information and communication technology development in accordance with the social environment and technology development of technology [Fig. 3].

1. In case there is only a name: As there are people with the same name, the name alone cannot identify aparticular individual, so it does not belong to personalinformation.

2. Statement+Address: Not only the name but also the address can be added to identify a specific individual, soit is appropriate for personal information.

3. Personal identification number: This information is unique and can identify specific individuals, so it is relevant to personal information.

4. Academic background, experience, and degree of property: This information makes an individual assessand judge, so it is relevant to personal information.

 

E1MTCD_2019_v6n3_125_f0003.png 이미지

Fig. 3. Privacy Process.

 

III. Analysis of the flow of personal
information related to blockchain

In the most circular form of a blockchain, all transactioninformation associated with such a public key, as well as aparty to the transaction, is stored on individual nodes that form a blockchain network in the form of a block. In this case, the information that makes the person identify itself is not stored in the block in principle. In addition, no othercentralized server processing unit exists to store and controlinformation. In addition, there is no single entity that makes decisions on important matters concerning processing, suchas the purpose and means of processing, and controls them. This is because these decisions are made by consensusalgorithms already established in blockchain networks andare implemented at the individual node level. This is the basic picture of an open blockchain, in which anyone can participate in a blockchain network. Thus, people in many countries can be blockchain nodes. This also enables the transmission and exchange of information betweencountries within blockchain.

Public blockchain is the most faithful blockchain to the basic concept of distributed ledger. As such, it is more like a prototype of a blockchain. As mentioned earlier, the key to blockchain is to process transaction-related information without the presence of a third party, a centralized information processor, and to ensure the reliability of the transaction. And by doing so, the philosophical foundation of blockchain is to ensure anonymity of individualsinvolved in the transaction and to strengthen their authority over information.The Privacy Act also aims to protectindividuals and strengthen their authority.

The Book is in line with these blockchain ideals. In particular, the right to self-determination of personalinformation, which is the constitutional basis of the nation 'sPersonal Information Protection Act, is defined as "the right of the information subject to decide on its own when and towhom and to which extent the information about itself is known and used, i.e. the right of the information subject todecide on its own regarding the disclosure and use of personal information." In this regard, blockchain and privacy laws share their philosophy [18-22].

On the other hand, however, there is room for thinking that the privacy law does not have a single or specific' personal information processor' in place of the situation in which blockchain and distributed principal technologies have not been popularized, and that nodes that participatein blockchain networks jointly manage information, and that the system of privacy law does not fit together [23-27].

Public blockchain is the area where potential tension between blockchain technology and privacy laws is most clearly shown. In the case of a private (private) block chain, only a given node that is allowed to participate by a centraladministrator on a closed network can handle personalinformation, which is more consistent with the existing privacy law system that has been passed on to a particular person-hand ler, but in the case of an open blockchain, anunspecified number of nodes can participate, and no centraladministrator exists. As mentioned earlier, the most common open block chains are virtual currencies such as bitcoin and ether Leeum. This paper vomits around theseopen block chains. In this regard, however, attention needsto be paid to the following two points.

 

3.1. Chain ID

The first collection of personal information included in the blockchain for the chain ID service would constitute the collection of personal information. This is done during the process in which users request the issuance of certificates through individual participants. The person who collects the personal information will then be the appropriateparticipant in the task of issuing the certificate. In addition, the information is automatically shared among each node (participants) in the process of creating a new block containing personal information, which can constitute athird party provision of personal information under the ICTNetwork Act. The provision of personal information meansthe transfer of control and control of personal informationto third parties other than the personal information processors. In other words, "supplies" include not only the delivery of personal information, but also the sharing of personal information by allowing access to the DB system, allowing access to it, and by enabling copying. In particular, ' supplies ' differ from 'personal information processing consignment ' in that personal information is transferred for the purpose and benefit of processing the work of therecipient. Participants in the position of the information and communication service provider in relation to the chain ID service shall destroy the information on blockchain when the user has an obligation to exercise the right to delete ordestroy personal information in accordance with law by withdrawing their consent to collect and use personalinformation or to provide personal information to third parties. However, there is a problem with block chaininformation that is not easy to delete. The reliability of datain a blockchain is based on indelible immutability, which iscited as an advantage in ensuring the integrity of the data, but the problem is that it is almost impossible to change ordelete the data recorded on the blockchain from the perspective of the Privacy Act. as a solution, consider ty ing all existing data before a particular destruction point into asingle block, processing and destroying the hash function. It would not be possible to rule out the possibility thatexisting data would be treated as permanently deleted in anon-renewable way if the existing blocks were grouped together to disable them and then a new blockchain would be started after the demolition. However, the unclearinterpretation of the technical standards and statutes in this part is as discussed earlier.

 

3.2. Blockchain and GDPR

The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should beconsidered to be information on an identifiable natural person. To determine whether a natural person isidentifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required foridentification, taking into consideration the availabletechnology at the time of the processing and technological developments. The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified oridentifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not thereforeconcern the processing of such anonymous information, including for statistical or research purposes.

As above, the GDPR considers all measures likely to be used reasonably by the controller or another person todetermine whether personal information is 'identifiable' butconsiders all objective factors such as cost, time and available technology. In addition, the expert 26 mentions aliased information 131 and anonymous information, whichis described as identifiable information and personalinformation by the use of additional information, and thatanonymous information is not applicable to the Act asinformation not related to identified or identifiable natural persons. As we saw earlier, within the block, an individual ' spublic key is stored as metadata for transaction information, which seems to be personal information, in that it can beseen as an individual when combined with additionalinformation called a corresponding secret key. As wediscussed earlier, the exchange has additional information that enables individual identification, so for the exchange, the information stored within the block may be personalinformation, but there may be problems with the general node.

 

IV. CONCLUSION

If the information on the public blockchain can be personal, it may contain the personal information of EU citizens, and some of the nodes may be located within the European Union. Then all the nodes in the European Union can be exploited by the GDPR. Does the node handling the personal information of EU citizens subject to GDPR evenif it is not located within the EU? In this respect, the GDPR sets forth explicit provisions for the geographical coverage, unlike our Privacy Act. According to this, nodes within the European Union will be subject to the GDPR once they are in the EU. However, even nodes that are not within the European Union are subject to GDPR if they provide goodsor services to information entities within the European Union or monitor the behavior of such information entities within the European Union. First of all, the open block chainnode is responsible for maintaining and managing the transaction ledger so that the blockchain transaction cantake place, so this may be considered to be a kind of serviceprovision. However, it should be acknowledged that for GDPR, the fact that the controller is simply not sufficient to provide services to the information entity within the European Union and is clearly expected to provide servicesto the information entity within the European Union. Noliterature has been found to have a definitive conclusion on this part. However, this should be assessed on a case-by-case basis, and there is a view that in view of the widerinterpretation of Article 3 above, the GDPR is likely to be applied to transactions that are not relevant to the EU. Thereare numerous difficulties in deciding whether to apply the Personal Information Protection Act to an open block chainand in how the Personal Information Protection Act should be applied. It is thought that a practical solution to such difficulties will be possible only after more social discussions and experience in various use cases of block chain technology has accumulated to a significantextent.

References

  1. Nakamoto S. "Bitcoin: a peer-to-peer electronic cash system," pp 1-9, 2008.
  2. J-H Huh and K. Seo, "Blockchain-based mobile fingerprint verification and automatic log-in platform for future computing," The Journal of Supercomputing, Springer, pp.1-17, 2018.
  3. S-K Kim and J-H Huh, "A Study on the Improvement of Smart Grid Security Performance and Blockchain Smart Grid Perspective," Energies, MDPI, Vol.11, No.7, pp.1-22, 2018.
  4. Yan Chen, "Blockchain tokens and the potential democratization of entrepreneurship and innovation," SSRN, pp.12-13, 2017.
  5. Y Nir Kshetri, "Blockchain's roles in meeting key supply chain management objectives," International Journal of Information Management, Elsevier, 80-82., 2018.
  6. Alexander Savelyev, "Copyright in the Blockchain era: Promises and challenges," Computer Law & Security Review, Elsevier, 2018.
  7. J-H Huh, S Otgonchimeg, and K Seo,; "Advanced metering infrastructure design and test bed experiment using intelligent agents: focusing on the PLC network base technology for Smart Grid system," The Journal of Supercomputing, Springer, Vol.72, No.5, pp 1862-1877, 2016. https://doi.org/10.1007/s11227-016-1672-4
  8. Nir Kshetri, "Blockchain's roles in strengthening cybersecurity and protecting privacy," Telecommunications Policy, pp 20-23, 2017.
  9. S-K Kim, U-M Kim, J-H Huh, "A Study on Improvement of Blockchain Application to Overcome Vulnerability of IoT Multiplatform Security," Energies, MDPI, Vol.12, No.3, pp.1-29, 2019.
  10. J-H Huh and K Seo. "Hybrid advanced metering infrastructure design for micro grid using the game theory model," International Journal of Software Engineering and Its Applications, Vol. 9, No. 9, 257-268, 2015. https://doi.org/10.14257/ijseia.2015.9.9.22
  11. Richard B. Levin, Peter Waltz, and Holly LaCount, "Betting Blockchain Will Change Everything - SEC and CFTC Regulation of Blockchain Technology, Handbook of Blockchain," Digital Finance, and Inclusion, Elsevier, Vol. 2, 187-212, 2017.
  12. J-H Huh, "Smart grid test bed using OPNET and power line communication," IGI Global, USA, 1-425, 2017.
  13. Christoph Prybila, Stefan Schulte, Christoph Hochreiner, and Ingo Webe, "Runtime verification for business processes utilizing the Bitcoin Blockchain," Future Generation Computer Systems, Elsevier, 2017.
  14. Janusz J. Sikorski, Joy Haughton, and Markus Kraft, "Blockchain technology in the chemical industry: Machine-to-machine electricity market," Applied Energy, Elsevier, 234-246, 2017.
  15. J. H. Huh, "PLC-based design of monitoring system for ICT-integrated vertical fish farm," Human-centric Computing and Information Sciences, 7(1), pp. 1-21, 2017. https://doi.org/10.1186/s13673-016-0083-0
  16. J. Park et al., Design of the real-time mobile push system for implementation of the shipboard smart working. In Advances in Computer Science and Ubiquitous Computing, Springer, 541-548, 2015.
  17. J.H Huh, T Koh, and K. Seo. "NMEA2000 ship area network design and test bed experiment using power line communication with the 3-phase 3-line delta connection method," International Journal of Applied Engineering Research, Research India Publications, 10(11), 27789-27797, 2015.
  18. Sullivan, C., Burger, E. (2017). E-residency and blockchain. computer law & security review, Elsevier, 33(4), 470-481. https://doi.org/10.1016/j.clsr.2017.03.016
  19. J-H Huh and K. Seo, "RUDP design and implementation using OPNET simulation," Computer science and its applications. Springer, 913-919, 2015.
  20. Herian R. "Regulating disruption: Blockchain, Gdpr, and questions of data sovereignty," Journal of Internet Law, 22(2), 1, 2018.
  21. Berberich, Matthias, and Malgorzata Steiner. "Blockchain Technology and the GDPR-How to Reconcile Privacy and Distributed Ledgers." Eur. Data Prot. L. Rev. 2- 422, 2016.
  22. J.H. Huh, T. Koh, and K. Seo, "Design of a shipboard outside communication network and the test bed using PLC: for the Workers' safety management during ship-building process," In Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication, pp. 1-6. ACM, 2016.
  23. Fabiano N., "The Internet of Things ecosystem: The blockchain and privacy issues," The challenge for a global privacy standard. In 2017 International Conference on Internet of Things for the Global Community (IoTGC) (pp. 1-7). IEEE, 2017.
  24. J-H Huh and K Seo, "Design and Implementation of the Basic Technology for Solitary Senior Citizen's Lonely Death Monitoring System using PLC," KMMS, Vol. 18, No. 6, 742-752, 2015.
  25. Andoni M., et al., "Blockchain technology in the energy sector: A systematic review of challenges and opportunities," Renewable and Sustainable Energy Reviews, Elsevier, 100, 143-174, 2019. https://doi.org/10.1016/j.rser.2018.10.014
  26. B-G Kim and K Goswami, "Basic prediction techniques in modern video coding standards," Springer, 2016.
  27. Schwerin S., "Blockchain and privacy protection in the case of the european general data protection regulation(GDPR): a delphi study," The Journal of the British Blockchain Association, 1(1), 3554, 2018. https://doi.org/10.31585/jbba-1-1-(4)2018