Abstract
For digital business models data is the most crucial asset—this calls for increased awareness of appropriate privacy protection measures. The European Union General Data Protection Regulation is a consequence that followed the discussions and now forces organizations to ensure that their information ecosystems comply with the law. There is currently an emerging trend to apply blockchain technologies to business models that rely on data exchange, because the technology promises to make a centralized data authority redundant. We have taken this as the purpose for our efforts to provide insights that will help decision-makers select a suitable blockchain configuration that complies with data privacy regulatory requirements. By applying design science, we created a morphological box along with a grid, serving as a ‘data privacy assessment tool’ for the blockchain configuration Hyperledger Sawtooth. The research results can potentially be generalized to assess any other blockchain configuration.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gur, A.O., Oksuzer, S., Karaarslan, E.: Blockchain based metering and billing system proposal with privacy protection for the electric network, pp. 204–208 (2019)
Jiang, Y., Wang, C., Wang, Y., Gao, L.: A privacy-preserving e-commerce system based on the blockchain technology. In: IWBOSE 2019—2019 IEEE 2nd International Workshop Blockchain Oriented Software Engineering, pp. 50–55 (2019). https://doi.org/10.1109/IWBOSE.2019.8666470
Marsalek, A., Kollmann, C., Zefferer, T., Teufl, P.: Unleashing the full potential of blockchain technology for security-sensitive business applications. In: 2019 IEEE International Conference Blockchain Cryptocurrency, pp. 394–402 (2019). https://doi.org/10.1109/bloc.2019.8751444
Chang, H.: Blockchain: disrupting data protection? Priv. Laws Bus. Int. Rep. (2017)
Hevner, A.R., Chatterjee, S.: Design science research in information systems (2010)
Ritchey, T.: Adapted from “Fritz Zwicky, morphologie and policy analysis. In: General Morphological Analysis A general method for Non-quantified Modelling, pp. 2002–2013 (2013)
Bakis, Bruce J., J.S.M.: How to conduct a privacy audit. http://www.mitre.org/sites/default/files/pdf/HowToConductPrivacyAudit.pdf
Snedaker, S., Russ, R.: IT Security Project Management Handbook. In: Syngress IT Security Project Management, pp. 196–197, Canada (2006)
EUFRA: The EU’s independent data protection authority. In: Handbook on European Data Protection Law, pp. 1–402. Publications Office of the European Union, Luxembourg (2018)
Tankard, C.: What the GDPR means for businesses. Netw. Secur. 2016, 5–8 (2016). https://doi.org/10.1016/S1353-4858(16)30056-3
Federal Statistical Office: Erhebung zur Internetnutzung 2017. Digitale Kompetenzen, Schutz der Privatsphäre und Online-Bildung: die Schweiz im internationalen Vergleich. https://tinyurl.com/bfs-study-2017
eurostat: Digital economy and society statistics—households and individuals. https://tinyurl.com/eurostat-survey
BBC: Facebook fined GPB 500,000 for Cambridge Analytica scandal (2018). https://www.bbc.com/news/technology-45976300
European Union: Regulation (EU) 2016/679 (General Data Protection Regulation—GDPR). Off. J. Eur. Union. EN 1–88 (2016)
Habbabeh, A., Schneider, B., Asprion, P.M.: GDPR assessment instrument an exemplary case for higher education institutions. Int. J. Manag. Knowledge, Learn. 311 (2019)
Data Protection Working Party: Guidelines on data protection impact assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (WP29). Artic. 29 Data Prot. Work. Party. WP 248 rev 22 (2017). https://doi.org/10.2139/ssrn.2972855
Information Commissioner’s Office: Guide to the general data protection regulation (GDPR). https://tinyurl.com/GDPR-UK
Perrin, C.: The CIA triad (2008). https://www.techrepublic.com/blog/it-security/the-cia-triad/
Nakamoto, S.: Bitcoin (2008). https://bitcoin.org/bitcoin.pdf
Burkhardt, D., Werling, M., Lasi, H.: Distributed ledger. In: 2018 IEEE International Conference on Engineering, Technology and Innovation. ICE/ITMC 2018—Proceedings, pp. 1–9 (2018). https://doi.org/10.1109/ICE.2018.8436299
Shapley, L.S.: A value for n-person games. In: Contributions to the Theory of Games II, Annals of Mathematics Studies. Princeton University Press (1953)
Kuhn, H.W.: Lecturers on the Theory of Games—Annals of Mathematics Studies. Princeton University Press, Princeton and Oxford (2003)
Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: SoK: research perspectives and challenges for bitcoin and cryptocurrencies. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 104–121 (2015). https://doi.org/10.1109/SP.2015.14
Margolis, E., Laurence, S.: The ontology of concepts—abstract objects or mental representations? Nous. 41, 561–593 (2007)
Hobson, D.: What is bitcoin? XRDS crossroads. ACM Mag. Stud. 20, 40 (2013). https://doi.org/10.1145/2510124
Hyperledger: Hyperledger Sawtooth project page (2019). https://www.hyperledger.org/projects/sawtooth
Sawnson, T.: Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems (2015). http://www.ofnumbers.com/wp-content/uploads/2015/04/Permissioned-distributed-ledgers.pdf
Tasca, P.: Swiss Blockchain Research Symposium (2019)
Palai, A., Vora, M., Shah, A.: Empowering light nodes in blockchains with block summarization. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security NTMS 2018—Proceedings, pp. 1–5 (2018). https://doi.org/10.1109/NTMS.2018.8328735
Alsunaidi, S.J., Alhaidari, F.A.: A survey of consensus algorithms for blockchain technology. In: 2019 International Conference on Computer and Information Sciences, ICCIS 2019, pp. 1–6 (2019). https://doi.org/10.1109/ICCISci.2019.8716424
Hyperledger: Hyperledger Sawtooth documentation. https://sawtooth.hyperledger.org/docs
Tasca, P., Tessone, C.J.: A taxonomy of blockchain technologies: principles of identification and classification. Ledger 4, 1–39 (2019). https://doi.org/10.5195/ledger.2019.140
FINMA: ICO Guidelines, pp. 1–11 (2018). https://doi.org/10.1515/9783598440397.13
Cooke, I.: IS audit basics: auditing data privacy. ISACA J. 3 (2018)
Riffat, M.: Privacy audit—methodology and related considerations. ISACA J. 1 (2014)
International Organization for Standardization: ISO/IEC 29100:2011. https://www.iso.org/standard/45123.html
Lachapelle, E., Ajvazi, B., Rama, F.: ISO 29100 how can organizations secure its privacy network? https://tinyurl.com/y2l4on83
Photopoulos, C.: Managing Catastrophic Loss of Sensitive Data. Syngress (2011)
Andress, J.: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Syngress (2011)
ISACA: Glossary (2019). https://tinyurl.com/ISACAGlossary
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Moriggl, P., Asprion, P.M., Schneider, B. (2021). Blockchain Technologies Towards Data Privacy—Hyperledger Sawtooth as Unit of Analysis. In: Dornberger, R. (eds) New Trends in Business Information Systems and Technology. Studies in Systems, Decision and Control, vol 294. Springer, Cham. https://doi.org/10.1007/978-3-030-48332-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-48332-6_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-48331-9
Online ISBN: 978-3-030-48332-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)