THE CONCEPT OF APPLYING BLOCKCHAIN TECHNOLOGIES TO INCREASE THE SECURITY OF PERSONAL DATA OF THE “DIYA” PLATFORM: COMPLIANCE WITH THE REQUIREMENTS OF THE GDPR AND UKRAINIAN LEGISLATION
DOI:
https://doi.org/10.28925/2663-4023.2024.26.681Keywords:
personal data protection; blockchain; “Diya”; smart contracts; GDPR; Ukrainian legislation; IPFS; decentralized systems.Abstract
With the development of digital government services and the “Diya” project in Ukraine, the issue of personal data protection is becoming one of the most important challenges, especially in the context of compliance with the requirements of the General Data Protection Regulation (GDPR) and national legislation. Modern digital solutions must ensure transparency, security and compliance with legal norms regarding the processing and storage of citizens’ personal information. This study proposes the integration of blockchain technologies into the “Diya” project as an effective means of increasing the confidentiality and security of personal data. The use of blockchain ensures the immutability and transparency of data in state registers, allowing to track all operations with information and record each request for access. This is especially important for compliance with the principles of the GDPR, such as transparency of data processing, the right to information and the right to be forgotten. The proposed system includes key technological components, such as smart contracts to automate the management of consent to data processing and the delimitation of access to them. Smart contracts allow for automatic and secure execution of agreements between the user and the system, significantly reducing the risks of human error or abuse. In addition, the use of the decentralized IPFS file system guarantees reliable file storage, which eliminates the possibility of centralized attacks or information loss. Data protection methods such as masking, pseudo-anonymization and perturbation help reduce the risk of unauthorized disclosure of information even in the event of a data leak. This is especially relevant for state registers containing sensitive information about citizens, and provides a high level of protection in accordance with GDPR standards. The implementation of this concept within the framework of the “Diya” project will not only increase citizens’ trust in state digital services, but also create conditions for Ukraine’s integration into the European legal space in terms of personal data protection. The proposed solution can become the foundation for the further development of state registers and other digital services focused on data protection within the framework of the latest technologies. The purpose of the research is to analyze and develop an innovative system for protecting personal data in state registers of Ukraine based on blockchain technologies, which meets the requirements of GDPR and national legislation. This approach will ensure reliability, security and transparency of data processing, which will contribute to the digital transformation of public administration.
Downloads
References
Cabinet of Ministers of Ukraine. Digital Transformation of Ukraine: National Program “Diia”. (n. d.). State services online | Diia. https://diia.gov.ua/en
Forbes Ukraine. Investigation into a possible data leak in the “Diia” app. (n. d.). https://forbes.ua/news/rosiyski-khakeri-zayavili-pro-zlam-kmda-motor-sichi-i-dii-24022023-12156
Voigt, P., & Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A Practical Guide. Springer International Publishing. https://doi.org/10.1007/978-3-319-57959-7
Wright, A., & De Filippi, P. (2018). Decentralized Blockchain Technology and the Rise of Lex Cryptographia. Harvard Law Review, 18, 593–625. https://doi.org/10.2139/ssrn.2580664
Custers, B., Ursic, H., & Schermer, B. (2019). EU Personal Data Protection in Policy and Practice. European Law Journal, 25(3), 341–360. https://doi.org/10.1111/eulj.12305
Kivimaa, T., & MacDonald, M. (2021). Blockchain’s Role in Data Privacy Protection: A Comprehensive Overview. Journal of Information Security, 10(4), 289–306. https://doi.org/10.4236/jis.2021.104017
Benet, J. (2017). IPFS - Content Addressed, Versioned, P2P File System. arXiv preprint.
Goonasekera, J., Fernando, S., & Jayasuriya, S. (2020). Integration of Blockchain and IPFS for Secure and Transparent Data Management. International Journal of Network Security, 22(2), 239–250. https://doi.org/10.6633/IJNS.202003_22(2).09
Lundkvist, C., & Kravchenko, S. (2020). Securing Digital Identities: The Role of Blockchain in Data Integrity. Digital Transformation Journal, 11(5), 140–154. https://doi.org/10.18356/4024c4eb-en
Zhang, Y., & Lee, G. (2021). Privacy-Preserving Techniques for Data Security: Challenges and Solutions. Cybersecurity Science Review, 7(2), 45–62. https://doi.org/10.1109/CyberSecRev.2021.00007
Ghosh, A., & Dutta, S. (2021). Blockchain and GDPR: Synergies and Tensions. Journal of European Law Studies, 9(3), 125–141. https://doi.org/10.2139/ssrn.3348065
Poberezhnyk, V., Balatska, V., & Opirskyy, I. (2023). Development of the Learning Management System Concept based on Blockchain Technology. In: Cybersecurity Providing in Information and Telecommunication Systems II, Vol. 3550, 143–156.
Custers, B., Ursic, H., & Schermer, B. (2019). EU Personal Data Protection in Policy and Practice. European Law Journal, 25(3), 341–360. https://doi.org/10.1111/eulj.12305
Balatska, V., Poberezhnyk, V., Petriv, P., & Opirskyy, I. (2024). Blockchain Application Concept in SSO Technology Context. In: Cybersecurity Providing in Information and Telecommunication Systems, Vol. 3654, 38–49.
Casino, F., Dasaklis, T. K., & Patsakis, C. (2019). A systematic literature review of blockchain-based applications: Current status, classification and open issues. Telematics and Informatics, 36, 55–81. https://doi.org/10.1016/j.tele.2018.11.006
Dinh, T. T. A., et al. (2018). Untangling Blockchain: A Data Processing View of Blockchain Systems. IEEE Transactions on Knowledge and Data Engineering, 30(7), 1366–1385. https://doi.org/10.1109/TKDE.2017.2781227
Frequently asked questions about Diia ID. (n. d.). State services online | Diia. https://ca.diia.gov.ua/faq_diia_id
Ethereum. Anatomy of a Smart Contract. (n. d.). https://ethereum.org/en/developers/docs/smart-contracts/anatomy/
Hussein, Z., Salama, M. A. & El-Rahman, S. A. (2023). Evolution of blockchain consensus algorithms: a review on the latest milestones of blockchain consensus algorithms. Cybersecurity 6, 30. https://doi.org/10.1186/s42400-023-00163-y
Privacy and encryption. (n. d.). https://docs.ipfs.tech/concepts/privacy-and-encryption/#what-s-public-on-ipfs
What is the SSDL (Secure Software Development Life Cycle)? (n. d.). HackerOne. https://www.hackerone.com/knowledge-center/what-ssdlc-secure-software-development-life-cycle
Poberezhnyk, V., & Opirskyy, I. (2023). Developing of blockchain method in message interchange systems. In: Cybersecurity Providing in Information and Telecommunication Systems, Vol. 3421, 148–157.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Валерія Балацька, Василь Побережник
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
