Decentralized Identity Is The Solution You Want for GDPR Compliance — Here Is Why

uPort is blurring the lines of a separate Internet and building the foundation for a collective nervous system using decentralized Web 3.0 technology.

As we’re all aware of by now, GDPR regulations have swept across the Internet like a raging thunderstorm of catchy ✉️ email subjects, raining down upon us from the heavens of digital ☁️ cloud services.
And not just in the 🇪🇺 European Union (EU).
Ripple 🌊 effects have been spotted elsewhere.

Several weeks ago your email Inbox was probably filled with subjects like…

“We respect your privacy, which is why we waited for regulations to take reasonable steps for protecting your data, so won’t you register for our email campaign list again!”

Or something to that effect. Point being, you most likely received a bunch of emails regarding this new GDPR thing and it was probably kind’of annoying.

However, the new rules and regulations extend beyond simple emails.

The GDPR compliance rules and regulations impact You. A lot.

Businesses and organizations are taking active steps to become compliant, both in email marketing initiatives, but also in other less obvious ways. Because at the heart of the new GDPR regulations is incentives (huge monetary fines) to properly protect private use data.

The GDPR regulations will kickstart a re-organizing of the Internet’s topography, and uPort is going to be a the fore-front of this tectonic shift.

Put simply, how private user data is stored and accessed is undergoing a transformation. However, the good news is uPort has been actively working
(a couple of years now) on the protocols and technologies to both empower self-sovereign individuals, and also provide businesses with simple tools to easily become GDPR compliant, without large overhead costs.

Smartphones are becoming essential data storage systems in the network of Cloud services, and the decentralized identity protocol being built by the uPort team is the underlying platform to make it all happen.

Reducing attack vectors for identity theft, decreasing business operations cost and introducing strong cryptographic primitives as default mechanisms for everyday users.

Welcome to the future of decentralized, self-sovereign identity. It’s a beautiful place of increased user security and lower business operations cost across the entire ecosystem. A win/win for everyone involved.

The Current Challenge for Businesses

Let’s talk about the bigger challenges — from a business perspective. Businesses can no longer store user’s private information for an indefinite amount of time, just because they want too, due to GDPR regulations.

For example, let’s imagine I have (I don’t) a Job Matching service application, so naturally I request and save users information like resumes, cover letters, work experience, contact information, etc…

Prior to GDPR I could request and store this information indefinitely.

Or rather my application could request and save this information, storing the user’s private information in a database or file storage service, or some combination thereof — essentially creating a 🍯 honeypot of information.

Mmmmm honey!

The requested user data could potentially sit, and sit, and sit, for a very long-time — collecting digital dust and only to serve as a relic of fading opportunity. As we already saw with the large Equifax breach, when a business amasses a collection of valuable digital information, it’s probably not a matter of IF that data will be compromised, but rather WHEN will it be compromised.

It’s math people — if something can wrong, it probably will go wrong!

The GDPR rules and regulations weren’t a response to the Equifax, or the other also recent astounding breaches of user data, because it’s been several years in the making. However these large data breaches serve as a great example for why rules and regulations as stipulated by GDPR rules and regulations are so important.

We now know the problem space we’re dealing with.

Large collections of private information i.e. digital identity nonchalantly laying around on organization/business digital infrastructure incentivizes “bad” actors to gain access to this information by hacking technology systems.
In response, the European Union has introduced a set of laws that requires organizations and businesses to safeguard this information more proactively.

But, this obviously increases business cost…

uPort Is The Answer To Securing the Personal Information and Decreasing Business Costs

uPort is building a self-sovereign, decentralized identity platform.

O.K…and what does that mean exactly? Great question. Glad you asked!

As described by the Decentralized Identity Foundation “Decentralized identities are anchored by blockchain IDs linked to zero-trust datastores that are universally discoverable”.

Stated a little differently, emerging blockchain technologies, like the Ethereum Blockchain, provide an immutable, universally state management system, that anyone in the world (with an Internet connection) can interact with.

By using the cryptographically secure Ethereum blockchain, in combination with other distributed data storage systems like the InterPlanetary FileSystem (IPFS) it’s possible to dis-intermediate existing centralized data storage systems, while still maintaining trust and data integrity.

Tight! You used a bunch of buzzwords Kames to articulate the benefits of uPort’s value proposition and I’m even more confused as to how this adds anything of value to the Internet’s current infrastructure systems.
- Everyone

Fair point Everyone. But I simply wanted to quickly review the underlying technology that make decentralized identity possible, simply as a frame of reference, so in case you want to investigate further or have interest in joining uPort’s Community Channel, you can at-least have the bear 🐻 necessities for continuing to ask the right questions.

uPort builds atop this decentralized infrastructure.
Making self-sovereign identity possible.

We provide a collection protocols, libraries and solutions so blockchain developers and engineers can easily utilize the Ethereum blockchain with minimal setup and configuration.

Let’s Get Real — Why You Should Actually Care

Now that we’ve covered a little bit of how uPort’s decentralized identity platform works, let’s actually get to important parts and discuss the why.

The ultimate outcome of the above mentioned ideas, technologies and emerging protocols is actually quite remarkable. We can start to think about the Internet, not as a collection of different organisms each acting alone, but rather a holistic collection of cells all contributing to the manifestation of Universal consciousness. And we’re not talking about some hippy-dippy spiritual revolution (actually we are, but more on that later), but rather the initialization of the next digital industrial revolution, which will have huge impact on Humanities management of resources.

Thus shifting the entire global economic landscape. Enjoy the ride 🎢 wei!

And once again creating new and exciting opportunities for motivated and savvy 🤑 businesses, who can stay ahead of these emerging trends. And hopefully this time around we can incentivize highly empathetic and socially aware entrepreneurs during this globalization paradigm shift.

In terms of the Internet, it’s like humanity acquiring a collective nervous system. Whereas previously we were more like a collection of cells that communicated by diffusion. With the advent of the Internet, it was suddenly like we got a nervous system. It’s a hugely impactful thing.
Elon Musk | Dancing Unicorn

It might be argued that decentralized identity and the emerging Web of Trust is the communication protocol in humanities new found collective nervous system.

uPort is the connective tissue. The transport layer. The creme dela creme.

Very similar to how colonies of cells communicate in a living organism, moving towards a unified goal. We are not separate. We are one. And once we recognize that fact, and also construct new business models with this profound knowledge using Ethereum as the Universal State Management System we can and will do amazing things.

As promised in the title “uPort Is The Exact Application You Want for GDPR Compliance — Here Is Why” this article is going to be about how uPort will help overcome logistical and technical challenges for business aligning with the new GDPR regulations and rules.

The Problem Overview

  1. Businesses can’t store private data about users indefinetely.
  2. Businesses might want to access that data at a future point in time.
  3. Businesses need to trust the data they’re consuming.

The Solutions Overview

  1. uPort empowers people to store their own digital identities.
  2. uPort allows businesses to easily request information from users.
  3. uPort utilizes cryptographic primitives for verifiably trustable data.

I wanted to provide background for the above problem/solution space, because without context for what’s actually happening, not just in the code, but rather the large emerging patterns, it would be probably be a little difficult to articulate clearly how uPort is relevant on the context of GDPR.

Simply put, uPort allows businesses and organizations to save private data directly in the MobileApp (IOS/Android) and in the future encrypted data storage systems (userspace), which can be easily requested at any point in time.

uPort blurs the line between application database and user controlled database.

Ultimately businesses can start to think of user’s smartphone as an extension of any Web 2.0 or Web 3.0 application, which is great because it allows businesses to simply and easily overcome GDPR regulation challenges, while also empowering individuals to easily manage their private data and information.

How?

Send a request to a decentralized identity using a pushtoken asking for data.

uportCredentials.push(
pushToken,
publicEncKey,
{url}
).then(response => {
console.log(response) // The private data requested.
})

The {url} object contains the metadata for requesting different type of data. Developers can learn exactly how to structure the {url} via uPort’s documentation and tutorials.

A few more steps are required. Like first requesting to store the private information on the users phone, but by and large it’s a simple step-by-step process to utilize a user’s personal smartphone as a decentralized data storage hub.

And, we haven’t even got to the best part, which is the Web of Trust model that uPort is built upon. Not only can you request information saved by your application, but also other applications. This is great for distributing costs across an ecosystem.

For example KYC/AML requirements can be completed by a network of trust anchors and other businesses within this network can utilize the information. Identification verification services doesn’t have to be done isolation, each and every time… Hence, the cost of performing KYC can be more easily distributed across multiple organizations and businesses.

Conclusion

GDPR impacts how organizations and businesses can store private data. The new new rules and regulations de-incentivize businesses to carelessly manage private user data, with huge fines and penalties. However, private information still needs to be accessed for “business” reasons. uPort provides multiple layers of cryptographic primitives for secure and straight-forward distributed data storage.

Users stay in control.
Businesses align with rules and regulations. And save money.

Simply put, uPort is the application to help businesses manage the cost associated with GDPR compliance and regulations by maintaining a connection to user data in accordance with new rules and regulations.

uPort is the connective tissue between application and smartphone.

The collective nervous system.