Blockchain, data protection and P2P energy trading. A review on legal and economic challenges

Blockchain technology (BCT) enables the automated execution of smart contracts in peerto-peer (P2P) energy trading. BCT-based P2P platforms allow the sharing, exchange and trade of energy among consumers or prosumers as peers, fostering the decarbonization, decentralization and digitalization of the energy industry. On the other hand, BCT-based P2P energy trading relies on the collection, storage and processing of a large amount of user data, posing interdisciplinary challenges, including user anonymity, privacy, the governance of BCT systems and the role of energy market players. First, this paper seeks to review the state of the art of European data protection law and regulations by focusing on BCT compliance with the General Data Protection Regulation (GDPR) of 2018. Second, it explores both the potentials and the challenges of BCT-based P2P energy trading from a legal–economic perspective. To do so, the paper adopts an interdisciplinary approach which intertwines both law and economics, by reviewing the recent literature on BCT and P2P energy trading. Findings have revealed that the deployment of BCT-based P2P energy trading is still in its pilot stage because of technology immaturity, data protection uncertainty, incomplete disintermediation and the lack of both user awareness and collaboration among market players. Drawing on the review, the paper also proposes a selection of solutions to foster the implementation of BCT-based P2P energy trading

How to Develop a GDPR-Compliant Blockchain Solution for Cross-Organizational Workflow Management: Evidence from the German Asylum Procedure

Blockchain technology has the potential to resolve trust concerns in cross-organizational workflows and to reduce reliance on paper-based documents as trust anchors. Although these prospects are real, so is regulatory uncertainty. In particular, the reconciliation of blockchain with Europe’s General Data Protection Regulation (GDPR) is proving to be a significant challenge. We tackled this challenge with the German Federal Office for Migration and Refugees. Here, we explain how we used Action Research to guide the Federal Office in creating a GDPR-compliant blockchain solution for the German asylum procedure. Moreover, we explain the architecture of the Federal Office’s solution and present two design principles for developing GDPR-compliant blockchain solutions for cross-organizational workflow management

Privacy-preserving Cooperative Services for Smart Traffic

Communication technology and the increasing intelligence of things enable new qualities of cooperation. However, it is often unclear how complex functionality can be realized in a reliable and abuse-resistant manner without harming users\u27 privacy in the face of strong adversaries. This thesis focuses on three functional building blocks that are especially challenging in this respect: cooperative planning, geographic addressing and the decentralized provision of pseudonymous identifiers

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

The European Union’s General Data Protection Regulation (EU-GDPR) has initiated a paradigm shift in data protection toward greater choice and sovereignty for individuals and more accountability for organizations. Its strict rules have inspired data protection regulations in other parts of the world. However, many organizations are facing difficulty complying with the EU-GDPR: these new types of data protection regulations cannot be addressed by an adaptation of contractual frameworks, but require a fundamental reconceptualization of how companies store and process personal data on an enterprise-wide level. In this paper, we introduce the resource-based view as a theoretical lens to explain the lengthy trajectories towards compliance and argue that these regulations require companies to build dedicated, enterprise-wide data management capabilities. Following a design science research approach, we propose a theoretically and empirically grounded capability model for the EU-GDPR that integrates the interpretation of legal texts, findings from EU-GDPR-related publications, and practical insights from focus groups with experts from 22 companies and four EU-GDPR projects. Our study advances interdisciplinary research at the intersection between IS and law: First, the proposed capability model adds to the regulatory compliance management literature by connecting abstract compliance requirements to three groups of capabilities and the resources required for their implementation, and second, it provides an enterprise-wide perspective that integrates and extends the fragmented body of research on EU-GDPR. Practitioners may use the capability model to assess their current status and set up systematic approaches toward compliance with an increasing number of data protection regulations

On security and privacy of consensus-based protocols in blockchain and smart grid

In recent times, distributed consensus protocols have received widespread attention in the area of blockchain and smart grid. Consensus algorithms aim to solve an agreement problem among a set of nodes in a distributed environment. Participants in a blockchain use consensus algorithms to agree on data blocks containing an ordered set of transactions. Similarly, agents in the smart grid employ consensus to agree on specific values (e.g., energy output, market-clearing price, control parameters) in distributed energy management protocols. This thesis focuses on the security and privacy aspects of a few popular consensus-based protocols in blockchain and smart grid. In the blockchain area, we analyze the consensus protocol of one of the most popular payment systems: Ripple. We show how the parameters chosen by the Ripple designers do not prevent the occurrence of forks in the system. Furthermore, we provide the conditions to prevent any fork in the Ripple network. In the smart grid area, we discuss the privacy issues in the Economic Dispatch (ED) optimization problem and some of its recent solutions using distributed consensus-based approaches. We analyze two state of the art consensus-based ED protocols from Yang et al. (2013) and Binetti et al. (2014). We show how these protocols leak private information about the participants. We propose privacy-preserving versions of these consensus-based ED protocols. In some cases, we also improve upon the communication cost