The General Data Protection Regulation highlights the principle of data minimization, which means that only data required to successfully accomplish a given task should be processed. In this paper, we propose a Blockchain-based scheme that allows users to have control over the personal data revealed when accessing a service. The proposed solution does not rely on sophisticated cryptographic primitives, provides mechanisms for revoking the authorization to access a service and for guessing the identity of a user only in cases of need, and is compliant with the recent eIDAS Regulation. We prove that the proposed scheme is secure and reaches the expected goal, and we present an Ethereum-based implementation to show the effectiveness of the proposed solution.

《通用数据保护条例》强调了数据最小化原则，这意味着只有成功完成给定任务所需的数据才能被处理。在本文中，我们提出了一种基于区块链的方案，允许用户控制访问服务时透露的个人数据。所提议的解决方案不依赖于复杂的加密原语，提供了撤销访问服务授权和仅在需要的情况下猜测用户身份的机制，并且符合最近的 eIDAS 法规。我们证明了所提出的方案是安全的并达到了预期的目标，并且我们提出了一个基于以太坊的实现来展示所提出的解决方案的有效性。