What Consent Should Look Like in the Digital Era.

Bitmark handles consent differently than most apps: we take greater measures to empower the user to have full control over their personal data.

We’re getting ready to launch a beta of our Data Donation App that will make it easy for individuals to donate their personal data to public health studies. Initially there will be two studies from researchers at the UC Berkeley School of Public Health.

This article describes some of the new methods we’re using to make data sharing safe. The Bitmark app uses blockchain technology to keep the ownership of your data secure. The provenance of your data is recorded in the blockchain and then your data is transferred to the recipient using end-to-end encryption. This records clear consent via an authenticated “chain-of-title” — meaning you always know who has rights to access your data.

Most importantly the Bitmark blockchain provides a framework of standardized property rights, rules and infrastructure for your personal data — now you can own your digital data in the same ways you can own physical property.

How the Data Donation App works.

Individuals can browse public health studies and learn about how their data will be used (Women’s reproductive health; Diabetes remission and prevention; etc). A research study has a shareable URL that links directly into the Data Donation app:

Individuals that meet the eligibility requirements can tap a button to participate in the study. The App will then request permission from the participant to access their data. Each time data is shared the participant will be required to sign the transfer.

Taking a step back.

It’s worth pausing for a moment and comparing how different this process is from the other mobile apps. After the initial request to access your data, most apps don’t inform users what personal data is being collected. Accessing user data is like the Wild West. Big companies make money by tapping into the enormous amount of “free” information created by individual mobile users, bundling it together and selling it to the highest bidder.

When apps gain access in perpetuity to personal data individuals lose their freedom. Yes, it’s possible to revoke access. But that requires significant effort the user’s side. Even then, the choice is binary: grant or deny access to all requested data.

Here’s how we can do better.

The Bitmark app makes consent to transfer data an explicit action. When you join a study, you agree to donate data in regular intervals. Yet each time before your data is transferred, you will be asked to sign.

Why do we require your signature each and every time your personal data is transferred? Because we want you to be in control and know what is going on. When you donate data you are issuing a new digital property title, or “bitmark” for your data that will be recorded in the Bitmark blockchain. When you transfer that bitmark to the researcher they can access that specific data set. Your signature is your consent.

A signed transfer is recorded into the blockchain and linked to your signed issuance. This “chain of title” protects both parties, without relying on a central intermediary. (The Bitmark server cannot decrypt donor data or use it for any purpose.) Both sides get clarity as to where the data came from and who gets to use it.

Here’s a diagram of this process:

Note: At anytime during the course of a study, participants can simply choose not to donate data or withdraw from the study entirely. No further data will be collected after that point.

A new model for data consent.

We believe explicit consent through chain-of-title is how the exchange of data should happen. Not just for research, but for all personal data transfers.

In the academic world, when a study is considered to evaluate “human subjects research” it must have approval by the Institution to be conducted. This approval process protects the institution administering the studies and the participants of the research. (UC Berkeley has a great article on this http://cphs.berkeley.edu/review.html).

Bitmark believes similarly that individual internet users should be be able to safely and privately share their digital data. The Bitmark blockchain can enable a new model of consent for transferring personal data:

1. Public keys are used to identity participants, instead of real names or even usernames.
2. End-to-end encryption protects the data during storage and transport.
3. No third parties can access personal data, even Bitmark.
4. Participants consent is signed and recorded in the Bitmark blockchain every time their data is share to a researcher of their choosing.
5. Participants can always opt-out and no further data transfers happen.

If you are interested in how blockchain technology can be used as titles (the Bitmark blockchain) versus the ever-popular use as tokens (Bitcoin and/or Ethereum blockchains), look for a blog post coming soon that explains the difference. Follow us on Twitter, @BitmarkInc, to see what else we’re thinking about.

We are thrilled to have UC Berkeley as our first partner for this blockchain application. If you are interested in participating in the Bitmark Data Donation App, either by listing your study, or incorporating this new technology into your project, please email support@bitmark.com.