Controlling Personal Data Flow: An Ontology in the COVID-19

Outbreak using a Permissioned Blockchain

Paulo Henrique Alves

1 a

, Isabella Z. Frajhof

, Fernando A. Correia

1 b

Clarisse de Souza

1 c

and Helio Lopes

1 d

Department of Informatics, PUC-Rio, Brazil

Law Department, PUC-Rio, Brazil

Keywords:

Ontology, Privacy, Data Protection, Governance, Blockchain.

Abstract:

Data protection regulations emerged to set rights and duties in managing personal data. Hence, they have

created a new challenge. Systems must comply with legal obligations whenever the processing of personal

data takes place. From the controller’s perspective, attending to such norms can be defying, as it demands a

detailed and holistic knowledge of the data processing activity. From the data subject point of view, controlling

and following the data ﬂow is also complex, as many entities can be authorized to access and use one’s personal

data. To mitigate information asymmetry and comply with data protection regulations, we developed an

ontology to identify the entities involved in personal data processing. The ontology aims to build relationships

between them and to share a common understanding of rights and duties proposed by the Brazilian Data

Protection Law under the COVID-19 pandemic context. Moreover, the permissioned blockchain technology

emerged as a solution to manage privacy concerns and to allow the compliance to such Law. We also developed

a conceptual model using such technology and provided a data governance approach to set a standard so that

the reuse becomes more accurate.

1 INTRODUCTION

The massive collection of personal data, due to

widespread goods and services connected to the inter-

net, turns the discussion of regulating personal data

into a high-priority item (Mulholland and Frajhof,

2020). Recently, Brazil enacted its Data Protection

Law (Law n. 13.709/2018 - Lei Geral de Protec¸

de Dados Pessoais - LGPD). Like other Data Pro-

tection Regulations, such as the GDPR in the Euro-

pean Union, and the Privacy and Data Protection Act

in Australia, the LGPD sets the rules and principles

for the processing of personal data environment. It

provides rights for data subjects (DS) and establishes

duties and responsibilities for data controllers (DCs)

and processors (DPs). Protection norms are important

when sensitive health data is being processed (Met-

nitz et al., 2020).

In pandemic scenarios, data sharing and commu-

https://orcid.org/0000-0002-0084-9157

https://orcid.org/0000-0003-0394-056X

https://orcid.org/0000-0002-2154-4723

https://orcid.org/0000-0003-4584-1455

nication among health institutions, public or private,

and state entities are vital to the decision-making pro-

cess. This data is used to deﬁne and develop pub-

lic policies to contain disease spread (Cori et al.,

2017). Previous pandemic outbreak experiences like

inﬂuenza, MERS-CoV, Zika

, and now Sars-CoV-2

(or COVID-19), demonstrate that data sharing be-

tween health institutions and other stakeholders is

fundamental to ﬁght against broad contamination.

In Brazil, LGPD. imposes that whenever the pro-

cessing of personal data takes place, processors and

controllers must observe the law’s command, such as

its principles, processors and controllers duties, indi-

vidual rights, etc. From the controller perspective, at-

tending to such norms can be defying, as it demands a

detailed and holistic knowledge of the data processing

activity. From the DS point of view, controlling and

following the data ﬂow is also complex, as many enti-

ties can be authorized to access and use one’s personal

data. Thus, the DS should be able to know if: the in-

Data Sharing in Public Health Emergencies. Avail-

able at: https://www.glopid-r.org/wp-content/uploads/

2019/07/data-sharing-in-public-health-emergencies-

yellow-fever-and-ebola.pdf Accessed at: 10/21/2020

Alves, P., Frajhof, I., Correia, F., de Souza, C. and Lopes, H.

Controlling Personal Data Flow: An Ontology in the COVID-19 Outbreak using a Permissioned Blockchain.

DOI: 10.5220/0010391901730180

In Proceedings of the 23rd International Conference on Enterprise Information Systems (ICEIS 2021) - Volume 2, pages 173-180

ISBN: 978-989-758-509-8

173

formed purpose of data use is being observed; the per-

sonal data has been shared with other non-informed

partners; and once the purpose of the DC is reached,

if the data is still being used, or shared, with a differ-

ent purpose.

Answering these questions and providing the re-

quired transparency is also challenging from a tech-

nology perspective. Blockchain technology emerges

as a possible solution to build a uniﬁed, distributed

and trusted database. The data immutability provided

by the consensus mechanisms ensures the uniﬁed his-

torical information. Also, the data distribution among

the worldwide network participants guarantees high

data availability. Finally, permissioned blockchain

applications (PBAs) allow personalized data sharing;

the DSs are able to set access rules and set which data

should be public, private, or accessed under case by

case authorization (Velmovitsky et al., 2020).

Given the lack of policies and standards to share

pandemic data, and recognizing the importance of

sharing such data reliably and safely, we propose an

ontology to organize roles, entities, and relationships

in favor of users’ privacy and data protection.

This paper is structured as follows. Section 2

focuses the data regulation background. Section 3

presents the related works in the current literature re-

garding pandemic data sharing, ontologies, and PBA

governance. Section 4 presents our ontology, which

aims to provide a model that would be used by citi-

zens, health organizations and solution architectures

to identify the main concerns when personal data is

shared. In Section 5 a blockchain data model is pro-

posed to create an environment for controlling per-

sonal data ﬂow according to LGPD. In Section 6 we

include a data governance framework based on GAF

(Governance Analytical Framework) (Hufty, 2011) to

improve the COVID-19 scenario deﬁnition and ap-

plied the governance concepts on a PBA. Section 7

presents conclusions and future perspectives.

2 DATA REGULATION

The constant and intense collection of personal data

by a myriad of services and goods, and the pan-optical

vigilance exercised over our behaviour when analyz-

ing these collected data, highlights the importance of

ensuring ways to protect one’s personal data. That

is, individuals must be informed about which data is

being collected and for what ends, and have control

and knowledge about its uses. This reﬂects the idea

of a right to informational self-determination. Such

right is put as an evolution in the information society

of the classic perspective of a right to privacy as the

“right to be let alone” (Rodot

a, 2008), put by the U.S.

Supreme Court Justices Samuel D. Warren and Louis

D. Brandeis (1890). The right to informational self-

determination means giving one the power to control

the ﬂow of his/her own information, and it is one of

LGPD’s basis (art. 1, II).

In this sense, we have highlighted four fundamen-

tal ideas from the LGPD, which will be applied in

the proposed scenario. Firstly, the purpose limitation

principle, which imposes that data processing must

be legitimate, speciﬁc, and explicitly informed to the

DS. Secondly, the data minimization principle, which

means that only the strictly necessary data shall be

used to satisfy the intended and informed purpose

(art. 6, III). Thirdly, the law recommends the use of

anonymization or pseudonymization techniques as a

governance and good practice measure to ensure data

security (arts. 12, 13, 46, 6, VII, VIII). Fourth, data

processing must happen in a transparent manner, with

the disclosure of clear, precise, and easily accessible

information related to the data processing (art. 6, VI).

Furthermore, the law establishes different legal

basis, beyond consent (arts. 7 and 11), which autho-

rizes the legitimate processing of personal and sensi-

tive data (which includes health data). Regardless of

the legal basis used to process data, all DCs and DPs

shall comply with the law’s principles, DS’s rights,

and other safeguards (art. 7, § 6).

In pandemic scenarios, data protection norms are

of the utmost importance (Bradford et al., 2020;

Almeida et al., 2020), especially because of the fun-

damental right status of data protection right (Mendes

and Keller, 2020; Mulholland, 2018). Thus, an ontol-

ogy deﬁnition is necessary to allow a common under-

standing of rights and duties foreseen in the LGPD.

Also, it can mitigate information asymmetry and en-

hance a right to informational self-determination.

3 RELATED WORK

This section aims to present the works related to: (i)

identity management (Lee, 2017), data regulation and

blockchain (Truong et al., 2019), blockchain ontology

(Tasca et al., 2017; Palmirani et al., 2018), data gov-

ernance (Alves et al., 2020) and health data manage-

ment (Ekblaw et al., 2016; Jabbar et al., 2020; da Fon-

seca Ribeiro and Vasconcelos, 2020).

Lee (2017) presented the Blockchain-based ID as

a Service (BIDaaS) for digital identity and authen-

tication management. The proposed architecture is

based on Public Key Infrastructure (PKI) for users,

companies, and partners, presenting the beneﬁts of

using PKI for these system actors. However, identity

ICEIS 2021 - 23rd International Conference on Enterprise Information Systems

174

management under data regulation, such as data pro-

tection regulation (e.g. LGPD), was not mentioned.

Hence, issues related to consent and the access autho-

rization revocation, for example, were not introduced

to guarantee accountability as well. Therefore, in or-

der to improve the PKI and access authorization, we

developed a model that also adds a user certiﬁcate to

set the rules for using personal data, allowing access

revocation (as presented in the following sections).

Truong et al. (2019) proposed a design concept

for a GDPR-compliant personal data management

based on the Hyperledger Fabric (HF) permissioned

blockchain. Even though the authors presented a hy-

brid on-chain and off-chain architecture to empower

users to revoke the consent and erase personal data,

an ontology to describe the relationships between data

regulation, DSs, DCs, and DPs is missing. The paper

also limits its analysis on the legal basis of consent

and the possibility of revoking it. Hence, given this

lack, we proposed a new ontology for PBAs and for

other features foreseen in the LGPD (purpose limita-

tion and data minimization principles).

There are blockchain ontologies proposals for

different purposes, and two presented an approach

towards blockchain technology and data regulation

concerns. Firstly, Tasca et al. (2017) proposed

a component-based blockchain ontology that ap-

proached the main connectors and subcomponents.

However, data privacy is a brief topic under the se-

curity and privacy theme and lacks in-depth evalu-

ation. Secondly, Palmirani et al. (2018) presented

the PrOnto, a GDPR ontology, that provides a legal

knowledge modeling based on ﬁve modules: (i) data,

(ii) actors and roles, (iii) processing, (iv) legal rules,

and (v) legal basis. Although the authors presented

the modules in detail, the ontology is superﬁcial and

only few relationships were explained.

Alves et al. (2020) addressed the privacy’s chal-

lenges to comply with data regulation in a PBA. The

solution classiﬁes the GAF concepts in the COVID-19

pandemic outbreak. However, the authors did not ex-

plain how data rectiﬁcation, for example, would work,

and the GAF concepts lack details. In this sense, we

ﬁrst addressed the presented absences and added a

certiﬁcate in this architecture to deal with data rec-

tiﬁcation, data access, time limitation for data use,

among others. Second, we drove into the GAF con-

cepts to clarify the ontology application on a PBA.

In regards to health management data, Ekblaw

et al. (2016) and Jabbar et al. (2020) proposed a

Blockchain Smart Contract (BSC) approach for elec-

tronic medical records management to deal with the

highly regulated health sector. The BSCs allow data

sharing in this private P2P network. Even though this

solution enables immutable logs, distributed informa-

tion, and accountability, it has no association with

data protection regulations. Furthermore, they devel-

oped their application under a public blockchain plat-

form. Thus, some data had to be stored off-chain to

preserve data privacy. In this sense, we proposed an

entirely PBA that provides resources to comply with

data protection and privacy concerns.

Even though (da Fonseca Ribeiro and Vasconce-

los, 2020) have proposed a PBA for Electronic Health

Records using HF, they did not discuss concerns re-

garding data regulation. Moreover, the proposed so-

lution lacks data sharing details. Thus, we addressed

these absences, offering a conceptual blockchain

model solution based on an ontology for data protec-

tion and privacy management under LGPD.

In summary, those related works showed the main

concerns regarding identity management, data reg-

ulation, blockchain, ontology, data governance, and

health data management. However, none of them pre-

sented a uniﬁed solution and approached LGPD – this

is the gap we propose to address in our work.

4 ONTOLOGY FOR

CONTROLLING DATA FLOW

Ontologies are representations of a speciﬁc domain

that aims to create a shareable and reusable model.

They are also considered a useful instrument for re-

ducing conceptual ambiguities and inconsistencies in

a speciﬁc domain (Staab and Studer, 2010). In this

sense, an ontology proposed for blockchain technol-

ogy for a speciﬁc context, e.g., sharing personal and

sensitive data, should also be created. This would al-

low people to get a complete understanding of the ef-

fects of sharing personal data, as well as their rights,

under data protection regulations. DSs must know the

purpose of data processing, who are the controllers,

what are the responsibilities of the DP and DC, how,

and if, they can revoke access to their information and

limit its use (content and time length of data process-

ing). Disclosing these information is mandatory (art.

9, LGPD). The traceability of the data ﬂow is essen-

tial to turn effective the right to informational self-

determination, data protection, and privacy.

In order to control the ﬂow of personal data and

decrease informational asymmetry, it must be known

(i) the data source and content, (ii) who inserted the

data, (iii) when the data were added, (iv) whether

the data were changed, and (v) the processing pur-

pose. Hence, the ontology development should con-

sider these concerns to correctly represent this envi-

ronment’s needs by providing proof of the data in-

Controlling Personal Data Flow: An Ontology in the COVID-19 Outbreak using a Permissioned Blockchain

175

tegrity and provenance. Furthermore, to build a com-

plete ontology, the entities involved should also be

considered, as well as the possibility of data audit-

ing. Governments, health organizations, researchers,

citizens, and media should also be able to consult and

check the data.

In this sense, our ontology aims to identify the en-

tities and their relationship for further technological

support development and to satisfy the regulation re-

quirements. Figure 1 depicts our proposal for pan-

demic data management, and we will present the on-

tology concepts in the sequence.

Citizen: is the entity responsible for: (i) query

information from the data provider, and third parties

who received the shared data, and (ii) request valida-

tion regarding data and metadata information, such as

who and when the data were added to the database.

The Citizen entity is also safeguarded by their rights

and composed by personal data.

UserRights: is the entity that represents what cit-

izens can request, such as the copy of stored and pro-

cessed data, the restriction of processing, the context

usage, data deletion, and data correction, for example.

PersonalData: is the entity that represents per-

sonal and sensitive data collected according to LGPD

legal basis. It also includes a list of data that the user

agrees to share, a list of organizations that are able

to use such data, and the legal basis. We considered

personal data as presented by art. 5, I and II, LGPD

DataController: entity can process the citizens’

data when authorized by one of the legal basis fore-

seen in arts. 7 and 11. Thus, DataController is com-

posed by OrganizationDuties and UserRights.

Article 5, I: “information relating to an identiﬁed or

identiﬁable natural person”; Article 5, II. “Personal data re-

lated to racial or ethnic origin, religious conviction, polit-

ical opinion, membership of a union or organization of a

religious, philosophical or political character data, health or

sexual data, genetic or biometric data, when associated to a

natural person”.

Art. 7: (i) user consent; (ii) to attend a legal or regu-

latory obligation by the DC; (iii) by the public administra-

tion, for shared purposes and for the execution of a public

policy foreseen in law or other legal instrument; (iv) re-

search, implementing data anonymization, when possible;

(v) to attend an agreement requirement involving the DS or

by his/her request, (vi) to exercise rights foreseen in judi-

cial, administrative or arbitral procedure, (vii) to protect the

life or physical state of the DS; (viii) to provide health safe-

guard in procedures executed by health professionals; (ix)

DCs legitimate interests, and (x) credit protection. More-

over, art. 11 sets the legal basis for processing sensitive per-

sonal data, authorizes data processing when based on the

following hypothesis: (a) with the user consent; (b) with-

out the user consent in the hypothesis (ii), (iii), (iv), (vi),

(vii) foreseen above, and (b.1) to protect one’s health, ex-

clusively in procedures performed by healthcare workers,

OrganizationDuties: is the entity responsible for

the Legal Basis application, deﬁning which one is ap-

plicable according to the processing context. For ex-

ample, as stated by LGPD principles and DS’ rights,

the DataController shall respect DataMinimization,

PurposeLimitaion, DataDeletion among others, as

well as security and data governance concerns. Once

Citizens share their data, s/he contributes to populate

the database on behalf of society. Any society mem-

ber should be able to consult the anonymized public

analysis regarding the pandemic situation, even if s/he

did not share his/her data.

InterfaceForConsultation: entity is the Data-

Controller bridge to share data with the Citizen. The

DataController receives the treated information from

the DataProcessor and discloses data to citizens.

DataProcessor: is the entity responsible for pro-

cessing data strictly in accordance to the DataCon-

troller commands and returning the processed data

from the DataSource to the DataController. The lat-

ter can exercise the DataProcessor role or delegate to

a third party.

AuditingOrg: is the entity responsible for audit-

ing the information originated in the DataSource and

exercising compliance regarding the roles and data

addition circumstances, e.g., this entity will evaluate

unauthorized data insertion.

DataSource: entity represents the database tech-

nology. To provide transparency and traceability, it is

usually required to check the data provenience. Thus,

the database should deliver resources to track data, as

well as to provide this information to the AuditingOrg.

DataTransparency and DataTraceability: entities

represents trackable attributes to provide data trans-

parency and traceability.

Also, according to art. 9, LGPD, the DataCon-

troller must provide some basic information (BI) so

that the Citizen is able to comprehend the data pro-

cessing and contact the DC. Thus, the DataController

must provide information in a straightforward man-

ner, structured in a clear, adequate, and ostensive

form, referring to the: (BI-01) speciﬁc purpose of the

treatment, (BI-02) form and duration of the process-

ing, (BI03) DC identiﬁcation and contact information,

(BI-04) DC and DP obligations, and (BI-05) DS rights

(art. 18). This ontology is designed to empower peo-

ple to check and claim for data privacy and protec-

tion, provides knowledge of collective rights (health

and social rights), and high-quality information. Also,

health services or health authority; (b.2) to protect the DS

from fraud in identity and authentication registration proce-

dures in electronic systems, preserving DS rights, and ex-

cept when it is necessary to protect DS’s fundamental rights

and principles which requires data protection.

ICEIS 2021 - 23rd International Conference on Enterprise Information Systems

176

Figure 1: Ontology for Data Privacy Management and LGPD Compliance.

DCs and DPs are able to efﬁciently provide account-

ability.

5 BLOCKCHAIN DATA MODEL

Permissioned blockchain platforms are applied when

the environment requires privacy concerns related to

business secrecy and sensitive data. Such technology

can be an entirely private ecosystem or a hybrid en-

vironment. The former allows invited entities only to

read and write data. The latter enables ﬂexible rules

(da Fonseca Ribeiro and Vasconcelos, 2020).

Therefore, health data management solutions have

used PBAs to improve transparency and availability

and provide better performance than permissionless

blockchains (Kuo et al., 2019; Agbo and Mahmoud,

2019; Pongnumkul et al., 2017; Liang et al., 2017).

With a restricted number of members (nodes), a new

block’s acceptance is faster in a permissioned than in

a permissionless platform.

Data Registry. As blockchain technology enables

immutable registries, the data stored builds the history

of transactions, data modiﬁcations, access authoriza-

tions, and transfer values (tokens), all depending on

the parameters stored on the block metadata. This

history is important to evaluate if privacy and data

protection concerns were respected. Such evidence

may present: (i) the conditions in which the data was

shared; (ii) to whom it was shared; (iii) until when

this authorization is valid, and (iv) when authoriza-

tion was revoked (when consent is the legal basis).

Authorization Layers. BSCs play a vital role in

this environment. As data is immutable when stored

in the blockchain, the BSC allows the creation of im-

mutable contract rules speciﬁed in a programming

language. Also, such technology enables users and

stakeholders to get a snapshot of the environment. For

instance, in a pandemic scenario, the DC and DP are

able to use anonymized (or pseudonymized) sensitive

data to create reports and public health actions to con-

trol the outbreak spread.

Depending on the selected platform, the

blockchain technology may enable the creation

of speciﬁc channels to share data privately, even

when there are other network participants’ presence.

This enables two main features: the DS can share

his/her data with distinct DCs and DPs, and the DSs

are able to select which sensitive data to share. For

instance, the DS can share their data with a speciﬁc

research organization selecting only one certain

comorbidity instead of the entire health history.

Privacy x Immutability x Revocation. One of

the issues regarding blockchain technology applica-

tions when dealing with sensitive and personal data

is the trade-off between immutable registries and the

rights foreseen in the LGPD . Immutability guaran-

tees the BSC conditions under which the data was

processed. However, if consent is used as the legal

basis, for instance, DSs can request the revocation

of her/his consent regarding the usage of his/her data

(art. 8, § 5). This can be challenging in this environ-

ment. Furthermore, when another legal basis is used

to justify data processing, DSs have the right to object

if the LGPD is not respected (art. 18, § 2). Once the

DS authorizes a DC and DP to use their blockchain

data, it cannot be undone by the technology.

In order to work around this issue, the usage of

authorization certiﬁcates allows the DS and the DC to

set expiration date, the purpose limitation, and inform

which DC and DP can access the DS’s data. Also, the

DS and the DC can issue as many certiﬁcates as they

need, including the revocation certiﬁcates when ap-

plied. Moreover, the usage of authorization certiﬁca-

tion in addition to the symmetric cryptography algo-

rithm, such as PKI, as depicted in Figure 2, empower

DSs. They are able to issue their certiﬁcates individ-

ually for each one of the DCs and DPs. Also, the DC

can issue a certiﬁcate to make the DS aware of the

usage of his/her data.

Furthermore, the discussion of data storage archi-

Controlling Personal Data Flow: An Ontology in the COVID-19 Outbreak using a Permissioned Blockchain

177

Figure 2: Blockchain conceptual model for data sharing.

tectures plays a vital role in maintaining data pri-

vate and facilitating the exercise of DS’s rights. In

blockchain solutions, data can be stored in different

ways: plain text, hashed, a link for external storage,

and so on. Thus, depending on the solution’s design

and the complement of other computing concepts, im-

mutability can be used in favor of the DSs. More-

over, the blockchain platform’s data storage architec-

ture and the BSC design are paramount to deﬁne the

proper software architecture and data structure.

Blockchain Model for Data Sharing. We devel-

oped a conceptual model for blockchain data sharing

to empower users to manage: (i) which data should

be shared; (ii) whom should have access; (iii) for how

long, and (iv) controlling the purpose of data usage.

This model goes towards compliance with the ﬁve BI

that the DC must provide to the DS (art. 9, LGPD).

Furthermore, PKI enables the DS to share his/her

data with a speciﬁc DC. First, the personal data, en-

crypted by the DC and DP public key, generates a ci-

pher data and only allows the private key owner to

decrypt the shared data. Second, the DS shall issue

the authorization certiﬁcate using his/her private key

informing: (1) his/her public key, for further localiza-

tion on the blockchain; (2) the hashed data; (3) the

authorized DC and DP public key; (4) the purpose,

and (5) the expiration date. These two artifacts - ci-

pher data and the DS issued certiﬁcate - are sent to the

blockchain-based system. This system sends to the

blockchain the hash of the cipher data and the hash of

the certiﬁcate. The hash comparison guarantees that

the information evaluated is the same as the original.

In summary, the block generated is composed of

the transaction hash, the timestamp - both generated

by the blockchain -, cipher data hash, certiﬁcate hash,

and the DS public key. Thus, the DC which access the

DS shared information shall inform the original au-

thorization certiﬁcate issued by the DS and the trans-

action hash. Next, the blockchain-based system will

check if those information are compatible with the

one stored on the blockchain. The veriﬁcation is com-

posed of three steps: (i) certiﬁcate expiration date and

the DS, DC, and DP public key; (ii) the transaction

hash must be present on the blockchain, and (iii) the

presented certiﬁcate hash is the same as the one stored

in this block. If all the veriﬁcation steps are positive,

the blockchain-based system (BBS) sends the DS ci-

pher data to the requester. Thus, the requester is able

to decipher the cipher data using his/her private key.

6 COVID-19 BLOCKCHAIN DATA

GOVERNANCE

In general, the data governance concept is related

to big companies and how they manage a high vol-

ume of data. Also, data management is crucial to

the interaction and decision-making between parties

that have to solve a mutual problem. Even though

the World Health Organization (WHO) publicly dis-

closed COVID-19 data, the transparency and trace-

ability concepts were not respected. It is not possible

to access who inserted the data, whether the data was

properly anonymized, and what was the legal basis

that authorized the processing, for example. More-

over, centralized platforms are subject to data unavail-

ability due to internet connection or hacker attacks

In a pandemic outbreak, data unavailability is espe-

cially worrying and may present severe consequences

in controlling and managing the disease spread.

Many authors discuss the challenges and oppor-

tunities in the pandemic scenario, highlighting the

importance of data governance and quality (Almeida

et al., 2020; Shaw et al., 2020; Janssen and van der

Voort, 2020). They argue that information quality de-

pends on excellent data: management, standardiza-

tion, and availability. Furthermore, GAF is another

Hackers put Brazilian government on alert.

Available at: https://brazilian.report/tech/2020/11/05/

massive-hackers-attack-brazilian-government- on-alert/

Accessed on: 11/12/2020.

ICEIS 2021 - 23rd International Conference on Enterprise Information Systems

178

well-known approach and it is based on ﬁve princi-

ples: (i) problems, (ii) actors, (ii) social norms, (iv)

processes, and (v) nodal points. This framework pro-

poses the construction of a scenario by describing the

social problems into those ﬁve principles to model the

governance. Thus, this approach was used to model

the COVID-19 data governance scenario.

Moreover, we chose the HF platform to support

the developed blockchain model, based on the pre-

sented ontology. PBA ﬁts with the ontology con-

cepts. It allows for the creation of governance rules

to manage entities and data, i.e., this technology en-

ables DSs to have their rights respected, or at least

have resources to request them.

As mentioned in Section 5, blockchain provides

transparency, traceability, data immutability, and

availability, by deﬁnition. Moreover, PBA adds a role

layer that allows data management between selected

entities. In this sense, such technology can be used to

store and share pandemic data, not only as a transpar-

ent link between DSs, DCs and DPs, but also as a data

tracker and provider to third parties. Also, PBA al-

lows data auditing and can be used as a data source for

research purposes. Self-enforcement BSCs enhance

trust between the DS and the DC and DP.

Therefore, BSCs play an indispensable role; they

are responsible for roles assignment and can be used

as a snapshot of activated norms. They are also crucial

for feeding data on the blockchain. We have used the

same GAF permissioned blockchain architecture pro-

posed in (Alves et al., 2020). It is also based on HF, as

applied by Alketbi et al. (2020). Hence, we have used

the following GAF principles: Actors are represented

by HealthInstitution, i.e., the DC and/or DP; and Cit-

izen (DS). The HealthInstitution may process data or

delegate this to a third party. Such actor is also re-

sponsible for providing its identiﬁcation (public key),

the purpose of processing and expiration access date

for each data request. Nodal Points: are represented

by BBS and Chain, which interacts directly, or indi-

rectly, with HealthInstitutions and Citizens. They are

data access points: BBS can apply graphical analysis,

and the Chain is the blockchain. Social Norms: are

represented by Certiﬁcate, BSCs, and DataPipeline.

These entities set up and verify the rights to access

and write data, which will deﬁne the conditions that

the data would be accessed. Also, BSCs allow citi-

zens to check the collected data and conﬁrm, for ex-

ample, the compliance to data minimization principle.

Processes: are represented by Transaction, Block,

and ConsensusProtocol entities, which manage data

in order to check the primary attributes; they are used

to create the link between the blocks. Problem: is

represented by the LegalProse, which is used to de-

scribe the scenario in abstraction level in plain text on

the BSCs. It also speciﬁes the organization’s duties

and user rights.

Thus, a PBA structured under GAF allows data

governance to deal with data accountability and trust-

worthy data sharing in pandemic situations. Accord-

ing to the access rules established on the permis-

sioned blockchain, data available to public consulta-

tion allows governments to provide fast response in a

pandemic outbreak. Furthermore, uniﬁed governance

will enable institutions to share data following previ-

ously agreed rules. Data provenance is available for

citizens, researchers, government, and health institu-

tions, which may improve the identiﬁcation of data

inconsistency worldwide by information comparison.

7 CONCLUSIONS

In this paper, we presented the ontology that we have

designed to aid DSs, DCs and DPs, to enhance some

of the LGPD provisions. We also discussed a con-

ceptual model for data sharing based on a permis-

sioned blockchain. This was improved by the use of

PKI and digital certiﬁcates that provide resources to

grant, check, delete, correct, or revoke (when applica-

ble) personal data. Finally, we developed an architec-

ture based on GAF concepts and HF in the COVID-19

outbreak scenario.

However, other limitations should be considered.

As there is a vast literature regarding cryptography,

our discussion may lack an in-depth analysis of this

topic. Moreover, blockchain interoperability is an-

other topic often discussed, and this may affect our

architecture directly. Nonetheless, there is no estab-

lished agreement regarding models and connectors to

interoperate in blockchain systems; the usual solution

is developing an Application Programming Interface

(API) for each platform.

In addition, the architecture designers should also

consider the different blockchains’ performance, i.e.,

the number of transactions per second, before deﬁn-

ing the most suitable platform. There are many other

permissioned platforms, and they perform differently.

We chose HF because it is an open-source project,

with many literature reviews.

Furthermore, we have discussed the only thr

LGPD. Thus, this approach could be adapted for other

data regulation scenarios. Therefore, the presented

limitations will be treated as the roadmap for future

works in order to improve the current approach.

Finally, other important future work is related to

an empirical analysis of the proposed ontology. We

decided to intensely discuss the ontology, governance,

Controlling Personal Data Flow: An Ontology in the COVID-19 Outbreak using a Permissioned Blockchain

179

entities, attributes, and relationships before starting

the next step: the qualitative evaluation.

REFERENCES

Agbo, C. C. and Mahmoud, Q. H. (2019). Comparison

of blockchain frameworks for healthcare applications.

Internet Technology Letters, 2(5):e122.

Alketbi, A., Nasir, Q., and Talib, M. A. (2020). Novel

blockchain reference model for government services:

Dubai government case study. International Journal

of System Assurance Engineering and Management,

pages 1–22.

Almeida, B. d. A., Doneda, D., Ichihara, M. Y., Barral-

Netto, M., Matta, G. C., Rabello, E. T., Gouveia, F. C.,

and Barreto, M. (2020). Personal data usage and pri-

vacy considerations in the covid-19 global pandemic.

encia & Sa

ude Coletiva, 25:2487–2492.

Alves, P. H., Frajhof, I. Z., Correia, F. A., de Souza, C.,

and Lopes, H. (2020). Permissioned blockchains: To-

wards privacy management and data regulation com-

pliance. In Legal Knowledge and Information Systems

- Volume 334: JURIX, pages 211–214. IOS Press.

Bradford, L. R., Aboy, M., and Liddell, K. (2020). Covid-

19 contact tracing apps: A stress test for privacy, the

gdpr and data protection regimes. Journal of Law and

the Biosciences.

Cori, A., Donnelly, C. A., Dorigatti, I., Ferguson, N. M.,

Fraser, C., Garske, T., Jombart, T., Nedjati-Gilani, G.,

Nouvellet, P., Riley, S., Van Kerkhove, M. D., Mills,

H. L., and Blake, I. M. (2017). Key data for outbreak

evaluation: Building on the ebola experience. Philo-

sophical Transactions of the Royal Society B: Biolog-

ical Sciences, 372(1721).

da Fonseca Ribeiro, M. I. and Vasconcelos, A. (2020). Med-

block: Using blockchain in health healthcare appli-

cation based on blockchain and smart contracts. In

ICEIS (1), pages 156–164.

Ekblaw, A., Azaria, A., Halamka, J. D., and Lippman,

A. (2016). A case study for blockchain in health-

care:“medrec” prototype for electronic health records

and medical research data. In Proceedings of IEEE

open & big data conference, volume 13, page 13.

Hufty, M. (2011). Investigating policy processes: the gov-

ernance analytical framework (gaf). Research for sus-

tainable development: Foundations, experiences, and

perspectives, pages 403–424.

Jabbar, R., Krichen, M., Fetais, N., and Barkaoui, K.

(2020). Adopting formal veriﬁcation and model-based

testing techniques for validating a blockchain-based

healthcare records sharing system. In ICEIS, pages

261–268.

Janssen, M. and van der Voort, H. (2020). Agile and adap-

tive governance in crisis response: Lessons from the

covid-19 pandemic. International Journal of Informa-

tion Management, 55:102180.

Kuo, T.-T., Zavaleta Rojas, H., and Ohno-Machado, L.

(2019). Comparison of blockchain platforms: a

systematic review and healthcare examples. Jour-

nal of the American Medical Informatics Association,

26(5):462–478.

Lee, J.-H. (2017). Bidaas: Blockchain based id as a service.

IEEE Access, 6:2274–2278.

Liang, X., Zhao, J., Shetty, S., Liu, J., and Li, D. (2017).

Integrating blockchain for data sharing and collabora-

tion in mobile healthcare applications. In 2017 IEEE

28th annual international symposium on personal, in-

door, and mobile radio communications (PIMRC),

pages 1–5. IEEE.

Mendes, L. S. and Keller, C. I. (2020). A new milestone for

data protection in BRAZIL.

Metnitz, P. G., Zajic, P., and Rhodes, A. (2020). The gen-

eral data protection regulation and its effect on epi-

demiological and observational research. The Lancet

Respiratory Medicine, 8(1):23–24.

Mulholland, C. and Frajhof, I. Z. (2020). A LGPD e o novo

marco normativo no Brasil. Arquipelago, 1st edition.

Mulholland, C. S. (2018). Dados pessoais sens

ıveis e a

tutela de direitos fundamentais: uma an

alise

a luz da

lei geral de protec¸

ao de dados (lei 13.709/18). Revista

de Direitos e Garantias Fundamentais, 19(3):159–

180.

Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., and

Robaldo, L. (2018). Pronto: Privacy ontology for legal

reasoning. In International Conference on Electronic

Government and the Information Systems Perspective,

pages 139–152. Springer.

Pongnumkul, S., Siripanpornchana, C., and Tha-

jchayapong, S. (2017). Performance analysis of

private blockchain platforms in varying workloads.

In 2017 26th International Conference on Computer

Communication and Networks, pages 1–6. IEEE.

Rodot

a, S. (2008). A vida na sociedade da vigil

ancia: a

privacidade hoje. Renovar, Rio de Janeiro.

Shaw, R., Kim, Y.-k., and Hua, J. (2020). Governance,

technology and citizen behavior in pandemic: Lessons

from covid-19 in east asia. Progress in disaster sci-

ence, page 100090.

Staab, S. and Studer, R. (2010). Handbook on ontologies.

Springer Science & Business Media.

Tasca, P., Thanabalasingham, T., and Tessone, C. J. (2017).

Ontology of blockchain technologies. principles of

identiﬁcation and classiﬁcation. SSRN Electronic

Journal, 10.

Truong, N. B., Sun, K., Lee, G. M., and Guo, Y.

(2019). Gdpr-compliant personal data management:

A blockchain-based solution. IEEE Transactions on

Information Forensics and Security, 15:1746–1761.

Velmovitsky, P. E., Souza, P. A. D. S. E., Vaillancourt, H.,

Donovska, T., Teague, J., Morita, P. P., et al. (2020). A

blockchain-based consent platform for active assisted

living: Modeling study and conceptual framework.

Journal of Medical Internet Research, 22(12):e20832.

Warren, S. D. and Brandeis, L. D. (1890). The right to pri-

vacy. Harvard law review, pages 193–220.

ICEIS 2021 - 23rd International Conference on Enterprise Information Systems

180