Data privacy is about access to information, who defines it, who has it and who authorizes it. Compromise at any point of the entire value chain, results in data privacy breach. During Watergate times, it was paper documents & tapping telephone lines. In today’s age of internet & social media techniques have changed but the intentions are same, manipulation of information mala fide intentions. In spite, Information security infrastructure, there had been data breaches, year on year for more than a decade now. In recent time data privacy issue came in to limelight in aftermath of Facebook- Cambridge Analytica scandal. World seriously started talking about Data Privacy and enacting laws, to enforce it.
With GDPR in force, data privacy has turned main agenda of large IT companies, social media platforms and other online platforms, who deal with people’s information. GDPR has set standards of accountability on people possessing or controlling data. On the other side, it empowers the users to check the data in possession of these platforms, get it corrected if erroneous. It also provided an important right, to be forgotten, wherein all the information about the user, on the platform, need be erased.
Blockchain in its original form, as an underlying technology of Bitcoin, was public ledger. However, you can see only the transaction value, but not the transacting parties. To that extent, it was semi-public ledger. But, with advent of Blockchain technology, came private iterations of blockchain. In these iterations, only people with validated credentials can see the transactions or be part of the transactions.
Data privacy and data security are 2 sides on one coin. It is like if a data is secured, it remains private. To that extent, best in class data encryption and merkle tree infrastructure offers highest level of data security & immutability on blockchain infrastructure. With that, people look up to blockchain as tamperproof infrastructure, to not just secure their data, but also keep it private (in spite of being on public platforms). Blockchain networks, can offer hashed identities to people (having complied with KYC/AML norms), to protect their privacy, while carrying out transactions.
Blockchain technology is a great platform to take data privacy to next level, by offering correlation-resistant, “self sovereign identity” for people. It will lead to zero privacy breach. In that context lot of research work is going on.In times to come people with come across terminologies like decentralized identifiers, verifiable claims and zero knowledge proof. These are founding principles for next generation blockchain frameworks, designed for privacy. These frameworks can be backbone infrastructure, offering a sovereign identity to almost 5th of global population i.e. 1.2 billion people, who don’t have any identity.
Blockchain should not be just looked at, as a cutting edge technology for data privacy, but it will take data privacy to next level !
On most counts of data privacy principles, blockchain and GDPR or such legislation are on the same page. However, there is one aspect where blockchain technology is not in sync with GDPR and that is right to be forgotten. As per GDPR if a user wishes to delete his account from a platform, entire date pertaining to the user on that platform must be erased (not deleted). Blockchain being immutable, by virtue of merkle tree infrastructure, the data records on blockchain are append only. They can neither be edited nor deleted, far off from erased. This is the gray area, I am sure blockchain community, would be working on.
Off course, for every narrative there are proponents and opponents. You know my stand. What is your’s?