Employee data can be used to facilitate work, but their misusage may pose
risks for individuals. Inverse transparency therefore aims to track all usages
of personal data, allowing individuals to monitor them to ensure accountability
for potential misusage. This necessitates a trusted log to establish an
agreed-upon and non-repudiable timeline of events. The unique properties of
blockchain facilitate this by providing immutability and availability. For
power asymmetric environments such as the workplace, permissionless blockchain
is especially beneficial as no trusted third party is required. Yet, two issues
remain: (1) In a decentralized environment, no arbiter can facilitate and
attest to data exchanges. Simple peer-to-peer sharing of data, conversely,
lacks the required non-repudiation. (2) With data governed by privacy
legislation such as the GDPR, the core advantage of immutability becomes a
liability. After a rightful request, an individual's personal data need to be
rectified or deleted, which is impossible in an immutable blockchain.
To solve these issues, we present Kovacs, a decentralized data exchange and
usage logging system for inverse transparency built on blockchain. Its
new-usage protocol ensures non-repudiation, and therefore accountability, for
inverse transparency. Its one-time pseudonym generation algorithm guarantees
unlinkability and enables proof of ownership, which allows data subjects to
exercise their legal rights regarding their personal data. With our
implementation, we show the viability of our solution. The decentralized
communication impacts performance and scalability, but exchange duration and
storage size are still reasonable. More importantly, the provided information
security meets high requirements. We conclude that Kovacs realizes
decentralized inverse transparency through secure and GDPR-compliant use of
permissionless blockchain.Comment: Peer-reviewed version accepted for publication in ACM Distributed
Ledger Technologies: Research and Practice (DLT). arXiv admin note:
substantial text overlap with arXiv:2104.0997