Towards Data Minimization and Access Control for Immunization Data Sharing

The global interest in taking preventative measures has intensified in response to the coronavirus epidemic. The vaccination certificate is one approach used to control the spread of disease while enabling people to carry out their regular lives and interact with each other as they normally would. Most services require their users to provide proof of immunization; however, the information they require seems to be either overly personal or unrelated to the service's intended use. Immunization Information System (IIS), the data owner, is indeed accountable for safeguarding client data and privacy in accordance with ethical considerations. In order to ensure that requests for data access are acknowledged by data subjects and that only the fields required to fulfill the usage purpose are given, some mechanisms must be presented. In this study, consent management blockchain with add-on modules that enable loose-coupling integration with existing vaccination applications is presented in an attempt to provide such functionality without adding extra burden to IIS. To limit the quantity and sensitivity of the data retrieved, a data filtering scheme is proposed. Additionally, a source authentication technique is introduced to guarantee that data is delivered to the authorized requesters. To make sure all transaction requests are processed regardless of limitations in the execution capability of the blockchain, job queues are presented to reduce transactions' conflicts. This allows multiple transactions to be executed in parallel and resolves scalability and performance concerns which are the major issues found when integrating blockchain with large-scaled production systems.