Abstract
Accessing a cloud-hosted service may involve executing a number of sub-services which are unknown to the user. A user is only aware of the service they directly invoke, not the sub-services which may be hosted across other cloud providers (including advertising and data processing services). Each service in this chain may collect and process personal user data via read, write and transfer operations. The European General Data Protection Regulation (GDPR) enforces cloud providers to receive explicit consent from their users prior to executing any such operations. We present a Blockchain-based architecture that supports GDPR compliance verification (especially in the context of such a service chain) for enhancing the data privacy of cloud users. The architecture supports a factory of smart contracts, including user consent , GDPR compliance , container and verification , each of which is activated by an actor within a cloud environment. Figure 1 illustrates the interactions between the different components that make up our system – classified into three different phases: