INTER-ORGANIZATIONAL EXCHANGE OF CONFIDENTIAL PERSONAL DATA BASED ON PERMISSIONED BLOCKCHAIN
DOI:
https://doi.org/10.28925/2663-4023.2025.29.875Keywords:
personal data, inter-organizational exchange, permissioned blockchain, smart contracts, IPFS, confidentiality, Zero-Knowledge Proof, cryptographic protection, consent management, regulatory compliance, GDPRAbstract
The article addresses the issue of ensuringconfidential exchange of personal data in inter-organizationalinformation systems under conditions of increasing digitalinteraction between public and private sector entities. It is notedthat centralized models for processing and exchanging personaldata fail to provide an adequate level of protection againstunauthorized access, transaction tampering, and do not ensuresufficient transparency of data operations. These limitationshinder full compliance with regulatory requirements, particularlythe provisions of the General Data Protection Regulation(GDPR), ISO/IEC 27001 and 27701 standards, as well asnational legislation on information protection.
The study substantiates the feasibility of using a permissioned blockchain as the architectural basis forimplementing a secure, decentralized exchange of personal datawith guaranteed access control, transaction audit, and dataimmutability. A conceptual model of the information system isproposed, involving smart contracts for managing data subjectconsent, access control, and the integration of the InterPlanetaryFile System (IPFS) for robust off-chain data storage. The modelalso includes the use of Zero-Knowledge Proof (ZKP) cryptographic mechanisms and behavioral verification criteriafor transactions.
Particular attention is given to risk analysis associated withpersonal data processing in inter-organizational environments, and to the application of supplementary protection tools—suchas masking, pseudonymization, and data perturbation—tomitigate potential losses in the event of data leakage. A set oftechnical and organizational compliance criteria withinternational and national information security standards isoutlined.
The aim of this research is to design an architectural modelfor inter-organizational personal data exchange based onpermissioned blockchain that ensures confidentiality, integrity, controlled access, and regulatory compliance in the field ofinformation protection.
Downloads
References
Balatska, V. S., & Opirskyy, I. R. (2023). Ensuring personal data confidentiality and cybersecurity through blockchain. Cybersecurity: Education, Science, Technology, (4)20, 6–19. https://doi.org/10.28925/2663-4023.2023.20.619
Balatska, V., & Opirskyy, I. (2024). Blockchain as a tool for transparency and protection of government registries. Ukrainian Scientific Journal of Information Security, 30(2), 221–230. https://doi.org/10.18372/2225-5036.30.19211
Balatska, V., & Poberezhnyk, V. (2024). Concept of applying blockchain technologies to enhance personal data protection in the Diia platform. Cybersecurity: Education, Science, Technology, (2)26, 268–290. https://doi.org/10.28925/2663-4023.2024.26.681
Balatska, V., Opirskyy, I., & Slobodian, N. (2024). Blockchain for enhancing transparency and trust in government registries. In CEUR Workshop Proceedings (Vol. 3826, pp. 50–59). https://ceur-ws.org/Vol-3826/
Balatska, V., Poberezhnyk, V., & Opirskyy, I. (2024). Use of non-fungible tokens and blockchain for access control to state registries. Cybersecurity: Education, Science, Technology, (4)24, 99–114. https://doi.org/10.28925/2663-4023.2024.24.99114
Balatska, V., Poberezhnyk, V., & Opirskyy, I. (2024). Utilizing blockchain technologies for ensuring the confidentiality and security of personal data in compliance with GDPR. In CEUR Workshop Proceedings (Vol. 3800, pp. 70–80). http://ceur-ws.org/Vol-3800/
Balatska, V., Poberezhnyk, V., Petriv, P., & Opirskyy, I. (2024). Blockchain application concept in SSO technology context. In CEUR Workshop Proceedings (Vol. 3654, pp. 38–49). https://ceur-ws.org/Vol-3654/
Balatska, V. S., Poberezhnyk, V. O., Stefankiv, A. V., & Shevchuk, Y. A. (2025). Method for ensuring authenticity and security of personal data in state registry blockchain systems. Computer Systems and Networks, 7(1), 1–16. https://doi.org/10.23939/csn2025.01.001
Balatska, V. S., & Opirskyy, I. R. (2025). Decentralized digital identity and consent management using blockchain: Integration with national registries. In CEUR Workshop Proceedings (Vol. 3900, pp. 102–112). https://ceur-ws.org/Vol-3900/
Benet, J. (2014). IPFS – Content addressed, versioned, P2P file system (arXiv:1407.3561). arXiv. https://arxiv.org/pdf/1407.3561.pdf
Cabinet of Ministers of Ukraine. (n.d.). Digital transformation of Ukraine: National program “Diia”. https://diia.gov.ua/en
Cachin, C. (2016). Architecture of the Hyperledger blockchain fabric. In Proceedings of the Workshop on Distributed Cryptocurrencies and Consensus Ledgers (DCCL’16) (pp. 1–4). Chicago, USA.
Christidis, K., & Devetsikiotis, M. (2016). Blockchains and smart contracts for the Internet of Things. IEEE Access, 4, 2292–2303. https://doi.org/10.1109/ACCESS.2016.2566339
Deloitte. (2021). Blockchain for government: Real-world applications and challenges. https://www2.deloitte.com/insights
Elbahrawy, A., Alessandretti, L., Kandler, C., & Baronchelli, A. (2017). Evolutionary dynamics of the cryptocurrency market. Royal Society Open Science, 4(11), 170623. https://doi.org/10.1098/rsos.170623
European Union Agency for Cybersecurity. (2020). Data protection engineering – From theory to practice. https://www.enisa.europa.eu/publications/data-protection-engineering
European Union Agency for Cybersecurity. (2023). Blockchain security: A critical analysis of emerging threats. https://www.enisa.europa.eu
International Organization for Standardization. (2019). ISO/IEC 27701:2019. Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines. Geneva, Switzerland: ISO.
Li, W., Sforzin, A., Fedorov, S., & Karame, G. H. (2018). Towards scalable and private industrial blockchains. Future Generation Computer Systems, 93, 644–656. https://doi.org/10.1016/j.future.2018.01.061
Opirskyy, I., Balatska, V., & Poberezhnyk, V. (2023). Modern possibilities of use blockchain technology in the education system. Ukrainian Scientific Journal of Information Security, 29(3), 138–146. https://doi.org/10.18372/2225-5036.29.18073
Poberezhnyk, V., Balatska, V., & Opirskyy, I. (2023). Development of the learning management system concept based on blockchain technology. In CEUR Workshop Proceedings (Vol. 3550, pp. 114–124). https://ceur-ws.org/Vol-3550/
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). (2016). Official Journal of the European Union, L119, 1–88. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
Wang, W., Hoang, D. T., Xiong, Z., et al. (2020). A survey on consensus mechanisms and mining strategy management in blockchain networks. IEEE Systems Journal, 15(1), 57–75. https://doi.org/10.1109/JSYST.2020.2961798
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., & Wan, J. (2019). Smart contract-based access control for the Internet of Things. ACM Computing Surveys, 52(3), 1–29. https://doi.org/10.1145/3316481
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Валерія Балацька, Назарій Дмитрів
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
