You might have heard people say something like “data is the new oil”. This phrase captures how data has become a highly valuable commodity. But how does the value of data impact personal privacy? This article explains the central threats to privacy inherent in how data is stored and shared on the internet, and how blockchain technology can eliminate these threats. It also addresses an issue that is not receiving enough attention from blockchain enthusiasts, which is the privacy problems that blockchain immutability creates.
Ev on Unsplash.com
Since the invention of digital communication, individuals using digital technologies have generated vast amounts of data at an exponential rate. To get a sense of the volume of this data, consider that in 2017 the rate of stored data grew 4x faster than the world economy. Right now, 2.5 quintillion bytes of data are generated daily by individuals around the world browsing the internet, interacting on social media, using mobile phones, uploading personal files, syncing devices, shopping online, etc.
This mass of data is a gold mine for actors of all sorts: governments, marketers, private businesses. In short, personal data is a significant source of value and power for those who control it.
At the moment, control and ownership of all the data generated online are monopolized by private entities.
Individual users (like you and me) do not benefit from its value, we lose control over our personal information when signing up to services like Facebook, Google, Instagram, Twitter etc. These platforms track individual likes and dislikes, desires, searches, and life choices. This information has huge value for advertisers. Large private organizations store it in huge silos where it can be bought and sold. These centralized storage systems are also vulnerable to tampering and theft.
These problems with personal privacy online are bad enough. However, the issue actually goes much deeper. It is more than just the fact that a few large companies currently monopolize online data. The problem lies in the very structure of the internet itself.
The phrase “data privacy” often refers to rules created by centralized platforms that let users determine who has permission to access their data and who gets informed when it happens. Yet, this is only the surface of the privacy issue. The deeper threat lies in the way the internet works.
One way to think of the internet is that it is essentially like a massive copy-and-paste machine — copying information from one computer and pasting it to another. Every time we provide information to another online service, our private information is copied again. Every time this data is sold to an advertiser another copy is made, and so and so on. This is why we have to repeatedly fill out forms every time we interact with a new organization or business. Those entities store copies of our information in their own centralized databases, which are often easy targets for hackers.
In this sense, the basic architecture of today’s internet is incompatible with any kind of privacy online. As a result, the solution does not lie in simply giving users the ability to control how platforms use their information. It requires a fundamentally new technological approach that handles information in a different way.
I am not alone in thinking blockchain technology could provide such an approach. However, there are limitations that must also be addressed. In what follows, I describe the potential of blockchain technology to improve data privacy and the new challenges it also presents.
Photo by hyku
The main benefit of blockchain-based privacy platforms is that they store personal data on a distributed ledger in a way that gives individual users control over who/what has access to that data. Instead of making copies from one computer, the blockchain involves a transfer of ownership or temporary access to the original information.
This is very different from the way the internet currently works. Instead of sharing our data, again and again, there is one permanent record on the blockchain. We can give businesses and other entities temporary permission to access this data when needed. The blockchain effectively acts like a ticketing system, keeping track of who gets access, without necessarily revealing the data underneath.
Blockchains are “immutable.” This means information cannot be altered or removed without being noticed. While immutability can be good for data privacy, it also presents two main challenges:
One of the challenges immutability presents for regulatory compliance relates to what is called “the right to erasure,” which the GDPR has enshrined in law in Europe. It means individuals have the right to request to have certain personal information “erased” from the internet if they choose. In a blockchain environment, however, erasure is impossible because the system is designed to prevent it.
Discussions have ensued concerning what the right to erasure means in the context of blockchain, but it is still very much open to debate. For example, some data protection authorities have suggested irreversible encryption could constitute erasure. In theory, a smart contract could revoke all access rights, thereby making the information inaccessible to anyone. While the information would not be literally erased, it would effectively be socially erased.
While smart contracts may be able to address the right to erasure (though this is far from certain), they do not address the scenario in which data does not need to be erased but rather corrected. The immutability of the blockchain means inaccuracies cannot easily be corrected. This means individuals whose personal data is recorded incorrectly or fraudulently could face serious problems in trying to rectify the situation. Thus, while in many instances the immutability of data recorded on a blockchain is a benefit, there will inevitably be times where it also poses a problem. Governance mechanisms must be developed to deal with errors, fraud, or bugs in smart contracts before blockchain can provide a true privacy solution.
Multiple companies are trying to develop the potential of blockchain technology for protecting privacy. Shyft is developing a blockchain-based network it says will have “unbreachable data protection”. Civic is developing a personal identity verification protocol to manage digital identities. Aenco is working on making it easier for individuals to access, control, and share valuable health and personal information. The Datum Network is developing a decentralized storage network and marketplace that pays individuals for access to their data. All of these options stand in stark contrast with the corporate silos discussed above that collect vast amounts of data under restrictive licensing terms.
As interesting as these solutions are, none seem to squarely address the immutability problem. For example, Datum’s whitepaper states the network will initially rely on buyers for validation and regulation of fake data. This is not adequate. Realistically, there is no way for data buyers to independently verify information. Datum also plans to implement a trust ranking system. However, how it plans to correct errors in personal data is not clear.
More stringent government regulation of the data industry is on the horizon in countries around the world. Personally, I think well-crafted regulations are welcome. However, startups are already starting to offer tools for individuals to take control of their data without appealing to state-based legal systems. If a critical mass of users started adopting these alternative solutions the people could insist data be stored and handled through blockchains. At the same time, however, immutability stands in the way of conforming to the GDPR. It also poses a problem for correcting errors in personal data profiles.
I think the way forward will be defined by whether or not individuals start seeking out alternative ways to protect their privacy online in large numbers. The more users new blockchain privacy platforms attract, the more powerful their momentum becomes and, in turn, the more likely governments and private entities are to address the current limits of blockchain privacy.
Thank you for reading,