Data Protection and Privacy

or why we do it (Part 1)

· blockchain,trust,security,decentralized,privacy

This is what we do

Before we talk about what we do, let's review quickly what blockchain can be used for (apologies for any repeat information). It can be used for such things as cloud storage, art and ownership, anti-counterfeiting, Anti-Money Laundering (AML), internet of things (IoT), digital identity, and smart contracts to name a few things. As well, my apologies for my poor writing skills, but, I would rather put information forward in an awkward manner than no information at all...

What is blockchain actually?

Basically, it's a distributed database where each 'block' of data is placed into a record that is tamper and revision proof. Blocks can contain data or programs, and each block holds individuals transactions for the specific block. EVery node in the system, which is decentralized, has a copy. There is not centralized copy, per se, and no user is 'trusted' more than any other. In order for a transaction to be completed, or included, if you prefer, to create the next block on the chain it must be authenticated across the network at the various nodes (computers, mobile devices etc). This creates trust since every copy of the transaction chain is held by the network. Likewise if someone attempts to cheat or hack the system it is clear where this happened and how. Making the attempt easy to identify.

If you prefer to use non-computer terms the system is 'notarized' at each block by a hash or identifier:

But, how does this help me?

Digital identity and digital privacy are critical online. As more transactions move online, these things become critical in recognizing who you are, and maintaining your privacy. Basically, we can think of the blockchain much the same way as you would think of the concept of 'chain of evidence', there is a clear point at every step that tells everyone on the network who is transacting with what or whom. What can be managed with this technology:

  • lease agreement
  • contracts
  • loan agreements
  • financial documents
  • insurance documents
  • healthcare
  • liability waivers
  • offer letters
  • confidentiality agreements
  • passport documents
  • driving licences
  • identity cards

The point is that our process can be used for any or all of these things. It can be used seamlessly in the process and allow everyone to go about their usual business. All of which while managing individual privacy and control.


Personal Information

What falls under the umbrella of personal information. A person's:

  • name
  • address
  • identification numbers
    • passport
    • driving licence
    • healthcard
    • identity card
  • biometrics
  • email
  • phone number
    • mobile
    • office
    • home
  • account numbers
    • bank
    • utility
    • credit cards

and so on


Anonymity or something else

The distributed ledger does a good job at hiding your personal data. This is pretty obvious when the history of cryptocurrency is examined. Cryptocurrency is based on anonymity, and it does this by hiding personal information. However, some might argue that that is not anonymity but rather pseudonymity. In other words, it creates a false ID or a pseudo ID, if you prefer. Much like when someone uses a pen name to write a book. In other words, it is a level of anonymity, and it does protect the individual user from being detected. That said, it isn't easy to jump through the various hoops to get to the actual user data.

Private Blockchain Applications

These are by their very nature more prone to privacy problems. Since they are blockchain based but are not, strictly, located on a decentralized platform. By the very nature of the private platform the data is more or less centralized. Which means that it could be prone to similar attacks as other centralized systems.

EU, the world and the US

The EU has famously put forward General Data Protection Regulation (GDPR). Under GDPR the data provider (user) has a number of data privacy rights including the right to be forgotten and the right to change or modify the information. While blockchain doesn't technically allow for this it does allow for other options. However, when a system like ours sits over top of the existing system, it provides a layer of protection for the data. The data protection is specific to GDPR countries and applies data protection to EU citizens if the data goes to other locales, such as the US, where there is no centralized data protection. Data protection is under each individual state control, but it can be superseded by federal laws for 'privacy'. Canada has The Personal Information Protection and Electronic Documents Act (PIPEDA), which is incorporating much of the GDPR regulation language into it. The original PIPEDA was based on the European Privacy regulation of 1995, and it is being updated accordingly.

What constitutes personal data under GDPR

According to the GDPR, personal data includes all information that refers to an identified or identifiable natural person. An identified person is relatively simple:

  • name
  • email address that includes a name
  • a fingerprint / biometrics
  • perhaps a photo of the face, and so on

these are immediate identifiers.

Identifiable is a bit more complicated, simply because this can include third party identifiers. What kind of third-party knowledge falls within this scope ... the question is whether the identity can be determined with some effort. This includes the cost of identification, the time needed for available technologies, and technological development, which is always changing.

Are IP addresses personal data? 

The European Court of Justice has now answered this question, and the short answer is maybe given the specific circumstances. from that it can be assumed that Cookie IDs that are enriched with data – traffic data or metadata – can also be determined to be personal data.

For Cookies, the question has now also been answered. The French Data Protection Authority recently had made a decision on an ad tech company. This company had collected location data via mobile phones and used the Mobile Advertising IDs built in to mobile devices to achieve this. This is, as an application case, very similar to Cookies. Which, by extension, says that yes, cookies are indeed personal data.

Another question which comes up in relation to blockchain relates to public keys. Do public keys in Bitcoin entail “personal reference”? We need to assume that all public keys represent personal data. Some people, for example, publish their public key on their Facebook profile and ask for donations in Bitcoin. In this case, of course, there is immediately a connection to the Facebook profile. Therefore we could assume that public keys are personal data as well.

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!