GDPR-Compliant Use of Blockchain for Secure Usage Logs (V.Zieglmeier, G.Loyola Daiqui), EASE 2021: Evaluation and Assessment in Software Engineering

In our project Inverse Transparency, we research ways to securely track and make available information about data accesses to data owners. One approach to guarantee tamper-proof logging without necessitating trust in a central authority is using blockchain for storing the logs. Yet, blockchain is by design fundamentally at odds with the GDPR privacy legislation. To overcome this conflict, we have designed P³, a pseudonym provisioning system for secure usage logs including a protocol for recording new usages. With it, we enable GDPR-compliant logging in any blockchain without requiring a trusted third party.