On July 8, the Information Commissioner’s Office (ICO) announced the highest GDPR fine ever of £183 million over last year’s data breach at British Airways. The UK’s data watchdog elected to fine the airline as its “poor security arrangements” led to the breach of credit card information, names, addresses, travel booking details, and logins of around 500,000 customers. In recent years, consumers have become wearily accustomed to data breaches of this magnitude.
GDPR & CCPA — What and How?
GDPR allows a company to be fined a maximum of 4% of its worldwide turnover; British Airways’ fine amounts to 1.5% of its 2017 revenue. With this fine, the ICO wants to send out a signal to companies that they should care about their customer privacy. From 2020, the California Consumer Privacy Act (CCPA) will introduce similar data privacy rights for residents of the sunshine state.
In the EU, meanwhile, the following types of data fall under the auspices of GDPR:
- Education history
- Employment history or job title
- Mobile device ID
- Cookie ID
- Location data
- Vehicle registration plate number
This is just a small list of potential data points that GDPR covers. You might think that personal data only includes name, address, and phone number. In fact, under the GDPR act, anything that helps to identify a person is considered to be personal information, including theirs physical, physiological, genetic, mental, economic, cultural, or social identity.
Need for on-chain data permissions
In my opinion, GDPR is doing a good thing within Europe. However, our data is still in the hands of companies that can decide to use it correctly or abuse it. Therefore, I believe that blockchain fits well for this use case, especially for storing data permissions on-chain.
The concept of on-chain data permissions is also known as “ethical data,” which forms part of the Web 3.0 vision. This school of thought holds that businesses should be able to harness user data — provided the end user is compensated and/or has consented to it. Data ethics also obliges businesses to create data-sharing frameworks that adhere to data storage laws such as GDPR, where applicable.
Datawallet is a project focused on storing data in an ethical way using blockchain technology. I asked its CEO Serafin Lion Engel to expand on the need for “Ethical data” to construct Web 3.0.
“Datawallet is the critical first step to the realization of Web 3.0. The vision of creating a decentralized internet, where every application runs locally on a person’s own device, hinges critically on our ability to first locally source and store our data in order to fuel these applications,” he explained.
“It’s the safest and most seamless way to gather the data you create on the internet, cryptographically store it on your own device, and through Datawallet’s personal API, share it with any application you like. Datawallet 3.0 is the cornerstone of Web 3.”
Let’s further explore how Datawallet enables Web 3.0.
Storing Data Ethically with Datawallet
Datawallet is a digital wallet for your online data. It grants consumers a simple, private and meaningful way to control their data, thereby shifting responsibility for data storage from web companies to consumers. From the perspective of businesses, the advantage of integrating a solution like Datawallet is that it ensures regulatory compliance while building trusted relationships with consumers.
Developers are also incentivized to create products that utilize Datawallet, whose private-public key pair will be familiar to blockchain devs. An infinite number of additional keys can be created, each controlling the data for a particular product or service. Permission flow is controlled via the Datawallet SDK, while a GUI speeds up app creation. Datawallet allows fine-grained permissioning over its data, stored on-chain. Also, every permissioning change is stored in an easily auditable blockchain record.
Datawallet aims to fix the broken data ecosystem and bring trust and transparency over data usage.
After analyzing their whitepaper, I have gleaned the following key points about Datawallet:
- Data can be sourced directly from websites like Facebook or Amazon and securely stored in the user’s local data vault, fully encrypted.
- Datawallet does not control the data at any point during the sourcing process.
- Once the data has been stored, no entity other than the organization it pertains to can access it without the user’s consent.
Datawallet aims to power an array of Web 3.0 apps that utilize ethical, cross-platform data. In doing so, it will pave the way for subsequent Web 3.0 products and integrations, formed around a framework in which all permission data is immutably stored on-chain.
The sourcing tool is a key element for the Datawallet ecosystem. It enables users to “source” (import) their online data into their personal Datawallet. Crucially, no data flows through APIs. All data is processed and stored locally.
Next, the locally sourced data is encrypted on the user’s device and stored. The encryption key is derived from an integrated Ethereum wallet. The resulting solution ensures that once a user sources their data into their Datawallet, neither Datawallet nor any other organization can access the data without the user’s active initiation.
In order to enable access to the data when it is requested, a “use” component provides this access request. Datawallet’s on-chain permissioning system allows users to decrypt and share their data with apps and brands they trust. The user has full control over who can use their data, when they can use it and how.
When Datawallet encounters a whitelisted app, it retrieves the requested data points from the app’s smart contract on the blockchain to present to the user. If the user agrees to give this app access to the specified data points, Datawallet will sign and publish this as a transaction on the blockchain. At the same time, it will release the decrypted data.
Datawallet Showcase App: YouAreTheProduct.wtf
Datawallet has built a showcase app called `YouAreTheProduct.wtf`. This application tracks everything possible about you to build a data profile. As Facebook is still seen as a rather untrustworthy social media giant, the data is sourced from Facebook into your Datawallet.