Blockchain, Data Protection & Personal Data

With the advent of distributed ledger technology as a means to either solve existing problems or disrupt existing industries, the question of data integrity in relation to personal data is a concern for data protection experts and innovators alike. While Bitcoin and other cryptocurrencies use blockchain to store records of token exchange, the desire to add to a public blockchain data that relates to and makes use of personal data raises questions on data protection and regulatory compliance.

Blockchain as a method of Authentication

With Equifax and similar household names experiencing data breaches of several hundred million customers affected, blockchain start-ups are looking to pioneer more secure methods of authentication. While companies such as Equifax store and manage customer personal data in servers they control, many projects look to enshrine self-sovereign principles into their blockchain design where individuals have access to and control their identification data, used then by companies as a means of authentication without storing it themselves. Where each user is the only user in a blockchain that can access their data, the single-point-of-failure found with centralised systems goes away, along with the risk of major personal data breaches.

Various companies and start-ups are present in this space, from house-hold names such as Microsoft and IBM, collaborative efforts from projects such as Hyperledger and others such as Civic, TrustedKey, Uport and SelfKey.

Blockchain as a method of Data Storage

Blockchain data storage is another user case of personal data wherein a user’s data is stored on the blockchain. This data, used for simple storage or as a means to service a customer’s needs through additional services, is secured in much the same way as data for identification purposes. However, the extent of data specified can include anything that relates to the person, and is therefore subject to the full spectrum of data protection regulation surrounding personal data acquisition, storage and management. Projects such as Storj, File Coin and Sia all look to store user’s personal data across a distributed ledger that includes existing data centres with available space and even people’s personal hard drive space. While security is paramount, the problem of using blockchain technology to store personal data is manifold, including but not limited to the following:

- Blockchain technology is noted for its immutability (i.e. cannot be changed). This causes problems with conforming to KYC (Know Your Customer) and GDPR’s (General Data Protection Regulation) requirements to allow customers to manage their personal data and any changes to it.

- The distributed nature of blockchain means that personal data is located as a copy in a multitude of nodes across a wide network, increasing the possibility of breach, though reduced in probability due to encryption.

- Blockchain nodes can exist the world over, causing regulatory concerns around the data protection of citizens subject to and protected by laws on data protection. A good example is GDPR, where any data relating to a subject identified as relating to an EU country (not just a citizen) is subject to its protection, wherever in the world that data is processed.

Responsibility to maintain personal data protection can be for the individual, resulting in a burden for users that could result in lost access to personal data with the loss of corresponding private keys.

Blockchain as a method of Data Reference

The safest way to store personal data in a bid to mitigate the risk of online attacks is to remove the risk entirely, and store such data off-chain and away from the Internet. While this may seem impossible to do, reference data may be stored on a blockchain that directly corresponds to personal data. For example, a retailer wishing to expand their marketing campaign could be satisfied in knowing that real users exist in a service that ensures such qualification, shares demographic data relating to the individual on-chain but ensure personal data is kept off-chain.

Dayta looks to enable users to share their personal data direct with companies, whether partially or fully. A user enters into profitable agreements that are stored on the Dayta blockchain, with any personal data either shared directly or reference data used. The company in question will know all users are verified as distinct and marketable. Any personal data that is shared direct to the engaged company will be deleted immediately once the agreement is over, or whenever the user wishes.

While fighting data hacks and breaches is always going to be an ongoing struggle, new approaches to data usage, data storage and data protection will be needed to ensure we go beyond the simple centralised vs decentralised debate to one that looks to mitigate partially or remove the risks where possible.

Zumar Ahmed
CEO/Founder of Dayta

Follow us on:

Facebook →

Twitter →

Bitcoin Talk →

Reddit →

Telegram →