Blockchain and Personal Privacy: How Immutability is a Double-Edged Sword
You might have heard people say things like “data is the new oil”. This phrase captures the fact that data is a highly valuable commodity. But how does the value of data impact personal privacy? This article explains the central threats to privacy inherent in how data is stored and shared on the public internet, and how blockchain technology can eliminate these threats. I also address an issue that isn’t receiving enough attention from blockchain enthusiasts, which is the privacy problems that immutability creates.
Data is a Valuable Commodity
In the past few years,individuals using digital technologies have generated vast amounts of data. The rate at which this data is accumulating is growing exponentially. 90% of the world’s data was created in the last 2 years alone. 2.5 quintillion bytes of data are generated each day by individuals browsing the internet, interacting on social networks, using mobile phones, uploading personal files, syncing devices and shopping online. To get a sense of the volume of this data consider in 2017, the rate of stored data stored grew 4x faster than the world economy. This data mass is a significant source of value and power for those who control and monetize it.
However, individuals who actually generate the data do not benefit. We lose control over our personal information when signing up to services like Facebook, Google, Instagram, Twitter etc.. These platforms offer free services in exchange for our data. The reason is tracking individual likes and dislikes, desires, searches, and life choices, has huge value for advertisers. Large private organizations own the data and store it in huge silos where it is vulnerable to tampering, theft and other exploitation.
Turning over control of private information to private entities is a problem. However, the individual loss of control of personal data actually goes much deeper and lies in the very nature of the internet itself.
The Deepest Threat to Individual Privacy
The phrase “data privacy” often refers to rules set by centralized platforms that determine who has permission to access data and who gets informed when it happens. Yet, this is only the surface of the issue. The deepest threat to online privacy lies in the nature of the internet itself. The network operates like a massive copy-and-paste machine — copying information from one computer and pasting it to another. Not only do we have to repeatedly fill out forms every time we interact with a new organization or business. Those entities also make copies and store our information in centralized databases that are easy targets for hackers. The architecture of the internet and personal privacy are incompatible
Therefore, the solution to protecting data privacy does not lie in simply giving users the ability to control how platforms use their information. The problem required a fundamentally new technological approach that handles information in a different way. I’m not alone in thinking blockchain technology could provide such an approach. However, there are limitations that must also be addressed. In what follows, I describe the potential of blockchain technology to improve data privacy and the new challenges it also presents.
Blockchain Privacy Solutions
The benefit of blockchain-based privacy platforms is they store personal data on a distributed ledger and give individuals control over who/what has access to it. Instead of making copies from one computer, the blockchain involves a transfer of ownership of the original information. This is very different from the way the internet works. Instead of sharing our data again and again, there is one permanent record on the blockchain. We can give businesses and other entities temporary permission to access this data when needed. The blockchain effectively acts like a ticketing system, keeping track of who gets access, without revealing the data underneath.
Immutability is a Doubled Edged Sword
Blockchains are “immutable.” This means information cannot be altered or removed without being noticed. While immutability is good for data privacy in some ways, it also presents two main challenges:
- Immutable storage of data is potentially in conflict with new information storage laws, like the General Data Protection Regulation (GDPR) in Europe.
- There is no way to correct inaccuracies on a blockchain — even if they are rare — because they are immutable.
The Right to Erasure
the GDPR has enshrined the right to erasure in law in Europe. It means individuals can request to have certain personal information “erased” from the internet if they choose. In a blockchain environment, however, erasure is impossible because the system is designed to prevent it. There is discussion about what the right to erasure means in the context of blockchain but the question is still open to debate. Some data protection authorities have found irreversible encryption could constitute erasure. For instance, a smart contract could revoke all access rights, thereby making the information invisible to others.
While smart contracts may be able to address the right to erasure (though this is far from certain), they do not address a scenario where data is inaccurate. Immutability means mistakes cannot easily be corrected. This means individuals whose personal data is recorded incorrectly or fraudulently could face serious problems. Thus, in many instances immutability is a benefit. However, there will inevitably be instances where it also poses a problem. Governance mechanisms are necessary to deal with errors, fraud, or bugs in smart contracts.
Startups Trying to Solve Privacy Threats
Multiple companies are trying to develop the potential of blockchain technology for protecting privacy. Shyft is developing a blockchain-based network it says will have “unbreachable data protection”. Civic is developing a personal identity verification protocol to manage digital identities. Aenco is working on making it easy for individuals to access, control, and share valuable health and personal information. The Datum Network is developing a decentralized storage network and personal data marketplace.
As interesting as these solutions are, none seem to squarely address the immutability problem. For example, the Datum Network lets anyone store personal data securely and earn tokens for sharing it with pre-screened partners. Users will be able to see all transmitted data and trace who accessed it. Datum itself does not control the data and cannot access it. This is in stark contrast with the corporate silos that collect vast amounts of data under restrictive licensing terms. However, Datum does not have an answer to the immutability problem. The whitepaper states the network will initially rely on buyers for validation and regulation of fake data. This is not adequate as realistically there is no way for data buyers to verify information. Datum also plans to implement a trust ranking system. How Datum plan to correct errors in personal data is not explained.
More stringent government regulation of the data industry is on the horizon around the world. Well-crafted regulations are welcome. Startups like Datum offer a tool for individuals to take control of their data without appealing to state-base legal systems. The more users on such platforms the more powerful the momentum becomes. Users could insist data is stored and handled through blockchains. In this sense, data privacy startups embody the spirit that animated the development of blockchain technology in the first place. At the same time, however, immutability stands in the way of conforming to the GDPR. It also poses a problem for correcting errors in personal data profiles.
Subscribe to my channels Medium and Twitter channels if you like my articles and would like to know more about blockchain and cryptocurrency projects.
If you have any questions about this article, please comment in the section below.
To support my writing: 1PUzB7FtURwikfUg4zgdULyyeQkcK6o9fh