_You might have heard people say something like “data is the new oil”. This phrase captures the fact data is now a highly valuable commodity. But how does the value of data impact personal privacy? This article explains the central threats to privacy inherent in how data is stored and shared on the internet, and how blockchain technology can eliminate these threats. It also addresses an issue that is not receiving enough attention from blockchain enthusiasts, which is the privacy problems that immutability create_s.
In the past few years, individuals using digital technologies have generated vast amounts of data. 2.5 quintillion bytes of data are generated each day by individuals browsing the internet, interacting on social networks, using mobile phones, uploading personal files, syncing devices, shopping online, etc. To get a sense of the volume of this data consider that in 2017 the rate of stored data grew 4x faster than the world economy. The rate at which this data is accumulating is growing exponentially. Forbes reports that 90% of the world’s data was created in the last 2 years alone. This data mass is a significant source of value and power for those who control it.
The fact that control of personal information is monopolized by private entities is a problem.
The individuals who actually generate the data do not benefit from its value. Users lose control over personal information when signing up to services like Facebook, Google, Instagram, Twitter etc.. These platforms offer free services in exchange for data. Tracking individual likes and dislikes, desires, searches, and life choices has huge value for advertisers. Large private organizations own the data and store it in huge silos where it is bought and sold to advertisers. It is also vulnerable to tampering and theft.
However, the individual loss of control of personal data actually goes much deeper than just a few companies that currently monopolize it. It lies in the very structure of the internet itself.
The phrase “data privacy” often refers to rules set by centralized platforms that determine who has permission to access data and who gets informed when it happens. Yet, this is only the surface of the issue. The deeper threat to privacy lies in the way the internet itself works.
The internet essentially operates like a massive copy-and-paste machine — copying information from one computer and pasting it to another. Not only do we have to repeatedly fill out forms every time we interact with a new organization or business. Those entities make store copies of our information in centralized databases that are easy targets for hackers. Every time we provide information to another online service, our private information is copied again. Every time this data is sold to an advertiser another copy is made, and so and so on.
The architecture of today’s internet and personal privacy are incompatible.
The solution does not lie in simply giving users the ability to control how platforms use their information. The problem requires a fundamentally new technological approach, one that handles information in a different way. I am not alone in thinking blockchain technology could provide such an approach. However, there are limitations that must also be addressed. In what follows, I describe the potential of blockchain technology to improve data privacy and the new challenges it also presents.
Photo by hyku
The benefit of blockchain-based privacy platforms is they store personal data on a distributed ledger and give individuals control over who/what has access to it. Instead of making copies from one computer, the blockchain involves a transfer of ownership of the original information. This is very different from the way the internet works. Instead of sharing our data, again and again, there is one permanent record on the blockchain. We can give businesses and other entities temporary permission to access this data when needed. The blockchain effectively acts like a ticketing system, keeping track of who gets access, without revealing the data underneath.
Blockchains are “immutable.” This means information cannot be altered or removed without being noticed. While immutability is good for data privacy, it also presents two main challenges:
The GDPR has enshrined the right to erasure in law in Europe. It means individuals can request to have certain personal information “erased” from the internet if they choose. In a blockchain environment, however, erasure is impossible because the system is designed to prevent it. There is a discussion about what the right to erasure means in the context of blockchain is still open to debate. Some data protection authorities have found irreversible encryption could constitute erasure. For instance, a smart contract could revoke all access rights, thereby making the information invisible to others.
While smart contracts may be able to address the right to erasure (though this is far from certain), they do not address a scenario where data is inaccurate. Immutability means mistakes cannot easily be corrected. This means individuals whose personal data is recorded incorrectly or fraudulently could face serious problems. Thus, in many instances immutability is a benefit. However, there will inevitably be instances where it also poses a problem. Governance mechanisms are necessary to deal with errors, fraud, or bugs in smart contracts.
Multiple companies are trying to develop the potential of blockchain technology for protecting privacy. Shyft is developing a blockchain-based network it says will have “unbreachable data protection”. Civic is developing a personal identity verification protocol to manage digital identities. Aenco is working on making it easy for individuals to access, control, and share valuable health and personal information. The Datum Network is developing a decentralized storage network and personal data marketplace.
As interesting as these solutions are, none seem to squarely address the immutability problem. For example, Datum lets anyone store personal data securely and earn tokens for sharing it with pre-screened partners. Users will be able to see all transmitted data and trace who accessed it. Datum itself does not control the data and cannot access it. This is in stark contrast with the corporate silos that collect vast amounts of data under restrictive licensing terms.
However, Datum does not have an answer to the immutability problem. The whitepaper states the network will initially rely on buyers for validation and regulation of fake data. This is not adequate. Realistically, there is no way for data buyers to verify information. Datum also plans to implement a trust ranking system. How it plans to correct errors in personal data is not explained.
More stringent government regulation of the data industry globally is on the horizon. Well-crafted regulations are welcome. However, startups are already starting to offer tools for individuals to take control of their data without appealing to state-based legal systems. The more users such platforms attract the more powerful the momentum becomes. If a critical mass of users started using these alternative solutions they could insist data be stored and handled through blockchains. At the same time, however, immutability stands in the way of conforming to the GDPR. It also poses a problem for correcting errors in personal data profiles.