Revising privacy, forgetting & profiling under the GDPR in emerging computing platforms and decentralized environments
Αναθεώρηση ιδιωτικότητας, λήθης και κατάρτισης προφίλ βάσει του GDPR σε αναδυόμενες υπολογιστικές πλατφόρμες και αποκεντρωμένα περιβάλλοντα
Doctoral Thesis
Author
Πολίτου, Ευγενία
Politou, Evgenia (Eugenia)
Date
2020-10Advisor
Αλέπης, ΕυθύμιοςAlepis, Efthimios
Keywords
Privacy ; Right to be Forgotten ; Right to be forgotten ; GDPR ; Mobile computing ; Ubiquitous sensing ; Profiling ; Backup ; Archives ; Blockchain ; Immutability ; IPFS ; Content erasure ; Decentralized storage ; Protocol ; Ιδιωτικότητα ; Δικαίωμα στη λήθη ; Διαγραφή περιεχομένουAbstract
The enforcement of the General Data Protection Regulation (GDPR) on the 25th of May 2018 across the European Union (EU) established a new regime for the protection of the personal data and the privacy of individuals. While the GDPR was mostly welcomed, it also provoked widespread scepticism both within and outside the EU territory due to its severe impact on the processing of personal data. Perhaps the most radical and controversial of its provisions -- that has been subject to heated debates due to its pivotal role in the management of personal data and its drastic consequences when enforced in the era of big data, blockchains, and the Internet of Things (IoT) -- is the Article 17 that anticipates the ``Right to be Forgotten'' (RtbF). Essentially, the RtbF allows the possibility for individuals to request the erasure of their personal data from all the available sources to which they have been disseminated when certain conditions are met.
This thesis examines the conflicts arising from the implementation of privacy principles enshrined in the GDPR, and most particularly of the RtbF, on contemporary information systems and state-of-the-art technologies. Among others, we study two ground-breaking innovations of our times: mobile ubiquitous computing, and decentralized file storage and sharing systems. Specifically, we delve into the progress of mobile affective computing and the state of the art in decentralized peer-to-peer (p2p) networks, namely the blockchain and the Inter-Planetary File System (IPFS), and we explore their risks to privacy in relation to the principles stipulated by the GDPR. Above all, we research into aligning the IPFS efficiently with the RtbF requirements and to this end we formally specify an anonymous and secure delegation protocol for content erasure.
To elaborate on the impact of the RtbF upon modern information systems, we first identify the various notions of forgetting and the need to be forgotten, including the case of revoking consent, both in the social and in the technical context. Next, the challenges of implementing the RtbF in organizational processes and current business practices, such as in already established backup and archiving procedures specified by modern security standards, are investigated. Towards seeking GDPR compliance, we evaluate technical methods, architectures and frameworks -- existing either in business or academic environments -- in terms of fulfilling the technical practicalities for the effective integration of the RtbF into current computing infrastructures.
The privacy risks imposed by ubiquitous mobile computing practice and research, especially when combined with big data algorithmic processing to infer sensitive personal details such as people's social behaviour or emotions, are subsequently identified along with their implications for individuals which are discussed on the basis of the GDPR and the RtbF. We specifically study the risks of profiling which are further elaborated in the tax and financial context. In this respect, we review the emerged trends towards accountable machine learning algorithmic processing, and we explore strategies for mitigating the risks of aggressive profiling and discriminatory automated decisions. In addition, we investigate the extent to which the GDPR provisions establish a protection regime for individuals against those risks, we highlight potential pitfalls, and we propose domain-specific countermeasures for complying with the GDPR provisions.
Next, we delve into the implementation impact of the GDPR forgetting requirements in emerging decentralized technologies such as blockchains and the IPFS. Our analysis demonstrates that the challenges of enforcing the GDPR, and in particular the RtbF, on these environments are not trivial. Against this background, the incompatibility between the blockchain immutable nature and the erasing obligations resulting from the RtbF are thoroughly investigated, whereas current advanced cryptographic techniques and methods for introducing restricted mutability into the blockchain's design are comprehensively reviewed. However, as these methods present certain limitations when applied in the wild to public permissionless blockchains, other workarounds based on decentralized file storage solution such as the IPFS are increasingly adopted by many blockchain projects. Yet, storing the actual personal files in the IPFS network does not remove the burden of erasing them should the RtbF be raised. Therefore, and given the widespread adoption of the IPFS to store personal data off-chain, we study the extent to which the IPFS protocol complies with the GDPR erasing requirements. As our analysis reveals, the IPFS protocol does not adequately adhere to the RtbF since it is not currently feasible to efficiently enforce data erasure across its entire network.
Our main contribution towards resolving the conflict between the IPFS and the RtbF is the formal proposal of an anonymous protocol for delegated content erasure that could be integrated into the IPFS to distribute efficiently and securely a content erasure request among all the IPFS nodes when a request for erasure under the RtbF needs to be carried out. The proposed protocol complies with the primary principle of IPFS to prevent censoring; therefore, erasure is only allowed to the original content provider or her delegates. A formal definition and the security proofs are provided, along with a set of experiments that prove the efficacy of the proposed protocol. To the best of our knowledge, this is the first application-agnostic proposal to align the IPFS with the RtbF and to endorse its GDPR compliance. Hence, we firmly believe that our work adds real value to the IPFS in terms of its privacy enhancement and, consequently, contributes significantly to its future adoption by applications that are processing personal data.