By Susrita Rath
The combination of blockchain technology and data privacy emerges as a complicated and crucial issue as our world grows more interconnected. This article will explore the complex interrelationships between blockchain technology and current developments in data privacy legislation. This research attempts to shed insight on the forces influencing the direction of data management in the future, from the decentralised nature of blockchain to the difficulties in maintaining privacy.
Laws and regulations pertaining to data privacy and blockchain technology have evolved primarily apart. The technology expands upon established theories and methods in encryption and distributed transaction processing. Perceptive observers soon realised that the underlying technology might be used for more than just recording peer-to-peer, trust less value transfers. Businesses are compelled to reassess their privacy policies in light of more stringent global data protection regulations that carry significantly higher potential fines. Organisations now face a great deal of uncertainty and complication when attempting to apply data privacy regulations to blockchain technology and related services.
Applications for blockchain have increased, and there are now use cases in:
1. Smart contract development.
2. Supply chain management, asset registers, and recordkeeping tools.
Other innovations in varied industries, including:
1. Fintech;
2. Real estate;
3. Health care; and
4. Retail.
Every network architecture has advantages and disadvantages. For instance, in contrast to distributed systems, decentralised blockchain systems usually put security over performance. Because every node in a blockchain network has to verify every piece of data that is added to the ledger, as the network grows in size, security improves but performance suffers. A decentralised network may become safer with more participants, but it may not get faster.
FUNDAMENTAL PRINCIPLES OF BLOCKCHAIN THAT CONTRIBUTE TO DECENTRALIZATION
DISTRIBUTED LEDGER TECHNOLOGY
This software infrastructure provides a synchronized and shared data structure that multiple participants can access and modify over a peer-to-peer network. The ledger chronologically links each new published data block to previous blocks of transactions using a cryptographic hashing process to form a chain. Participants or nodes generally store a complete copy of the ledger with previous transactions.[1]
CONSENSUS MECHANISMS.
These algorithms typically require a defined majority of participants to verify the legitimacy of and agree on each new ledger transaction request, taking the place of a traditional centralized administrator. Some consensus models include:
1. proof-of-work,
2. proof-of-stake; and
3. proof-of-authority.
In blockchain, decentralization refers to the transfer of control and decision-making from a centralized entity (individual, organization, or group thereof) to a distributed network. Decentralized networks strive to reduce the level of trust that participants must place in one another, and deter their ability to exert authority or control over one another in ways that degrade the functionality of the network.[2]
1. Resources are owned & shared by network members; difficult to maintain since no one owns it.
2. Each member has exact same copy of distributed ledger.
3. Data can only be added through group consensus.
4. No one owns the data & everyone owns the data.
This is how decentralization aligns with the growing demand for individual control over personal data.
Emerging technologies within the blockchain space designed to enhance privacy:
A zero-knowledge proof means that the prover must convince the verifier that an assertion is correct without revealing any useful information to the verifier. In other words, I need to prove to you that I know a secret, however, I can’t let you know what that secret is.
Ring signatures, on the other hand, is where you hear a secret, however, you don’t know which person in a group has said it to you. A ring signature achieves the purpose of protecting the identity of the signer by hiding his public key into a set of public keys.[3]
Real-world applications and case studies showcasing the implementation of privacy-preserving blockchain solutions are;
1. Bitcoin Blockchain Its main aim was to decentralize the banking industry and implement a peer-to-peer transfer of crypto money known as Bitcoin.
2. Ethereum It has an operating system known as EVM (Ethereum virtual machine) for executing smart contracts on participating nodes. Ethereum is an open-source and decentralized public platform that allows anyone to build and to deploy decentralized applications.
3. Merkle trees are used for the efficient storage and verification of large data sets.
4. Hyperledger is an open-source, enterprise-class platform for developing blockchain solutions. It includes different projects for different types of blockchain needs and solutions. Some of its projects are Burrow, Composer, Fabric, Indy, etc.
An essential standard for evaluating whether blockchain apps comply with data protection laws is the General Data Protection Regulation (GDPR) in the European Union. The rights of individuals with regard to their personal data are highlighted by GDPR. To achieve compliance, blockchain initiatives need to carefully negotiate the regulatory environment, including issues with data erasure, consent management, and accountability.
The EU's high, unified standard for protecting personal data is outlined in the GDPR, however member states are permitted to make certain exceptions.
The GDPR:
· Article 4(1) GDPR defines personal data as any information pertaining to an identified or identifiable individual.
· Adopts an expansive extraterritorial perspective, shielding citizens of the EU from less strict data protection laws in different countries by extending to:
1. the processing of personal data of EU citizens when providing them with goods or services; and
2. the tracking of EU citizens' online behaviour.
In order to comply with the principles and several requirements of the GDPR, controllers and their optional processors need to take a number of actions to document their programmes. Users of blockchain technology may have difficulties with a number of compliance obligations, such as:
· Article 6, GDPR securing the legitimacy of the processing of personal data, for instance, by:
1. getting the agreement of each individual data subject; or
2. satisfying the requirements for other legal bases, such as the performance of a contract or the weighing of legitimate interests.
· Articles 12 through 23, GDPR Informing data subjects about and fulfilling various individuals’ rights, such as:
1. notice;
2. data access, rectification, and portability;
3. opportunities to object to processing, including automated decision making; and
4. data removal, also known as “the right to be forgotten,” under specified circumstances.
· Article 32, GDPR upholding risk-based guidelines for data security.
According to the current proposed E-Privacy Regulation, the following scenarios are expected to fall under its purview:
1. Processing of data connected to electronic communications in connection with the offering and consumption of services;
2. Information pertaining to end users' terminal equipment.
In contrast to the GDPR, the draft E-Privacy Regulation exclusively controls specific types of communications data, such as content and metadata, regardless of whether they are personal data or not. Similar to the GDPR, data processing needs a legitimate reason established by law or consent, such as when processing is required in order to provide a communications service. Users of blockchain technology may still run into problems. For instance, whenever they are finalised, the draft rules of the E-Privacy Regulation may pose further challenges to blockchain-based online businesses.
TENSIONS BETWEEN BLOCKCHAIN TECHNOLOGY AND COMMON DATA PRIVACY REQUIREMENTS
Recent data privacy frameworks and policies don't seem to have taken blockchain technology's distinctive qualities into consideration. Due to this discrepancy, it may be challenging to balance the other essential components of blockchain—such as decentralised control, immutability, and infinite data storage—with existing data protection regulations. There is currently a lack of regulatory guidance on resolving this and other possible conflicts.
Considerable conflicts exist between blockchain technology and data privacy standards, such as:
1. Differing viewpoints regarding anonymity and pseudonymity and how they impact the applicability of various privacy and data protection laws.
2. How to recognise data processors and controllers in different blockchain technology implementations.
3. Implications for distributed blockchain networks on a territorial basis.
4. The timing of cross-border data transfers and any possible limitations.
5. Adding standards for justifiable purposes of handling personal data to blockchain use cases.
6. Balancing the rights of persons with blockchain applications' data preservation and transaction immutability.
POTENTIAL MITIGATING STEPS
Some have demanded that relevant authorities provide guidance or amend existing legislation to ensure that upcoming decentralised technologies like blockchain are compatible with data privacy regulations. When contemplating blockchain technology, organisations need currently adhere to a number of risk management measures, such as:
· Thoroughly assessing if utilising blockchain technology is a good fit for present business and operational objectives.
· Preferring permissioned or private blockchains in order to impose more stringent usage guidelines.
· Restricting the amount of personal information that is really stored on blockchains through data structure and design strategies.
· Using different methods for data destruction and encryption to safeguard personal information.
Permissioned blockchains, as opposed to public blockchains, limit access to a predetermined set of participants, offering a more sophisticated method of striking a balance between data access control and transparency. This strategy is supported by the fact that it strikes a compromise, allowing for the advantages of blockchain technology to be utilised while yet retaining control over who has access to private information. Permissioned blockchains are being investigated by industries with strict privacy regulations, such finance and healthcare, in an effort to achieve a balance between secrecy and openness.
Smart contracts, which are essential self-executing code segments in blockchain applications, offer advantages and disadvantages in terms of data protection. Although smart contracts can automate contracts in an efficient manner, protecting the privacy of the data they contain is still a challenging task. Thus, developments like secure multi-party computation (SMPC), which implement smart contracts without jeopardising sensitive data, offer hope for addressing the privacy issues raised by smart contracts.
Blockchain opens us new opportunities for tracking data ownership and usage in a transparent manner. It gives people the power to govern and regulate their consent to share data. As a result, blockchain-enabled systems provide users more power over giving or withdrawing authorization for data usage. As self-executing contracts, smart contracts have the potential to automate data-sharing agreements according to pre-established norms, providing a decentralised method of managing consent.
Blockchain presents issues for data privacy despite its promises. The blockchain's immutability makes it challenging to fix mistakes or remove data. When deploying blockchain solutions for data management, the organisations also have to make trade-offs. Finding the ideal balance between privacy and transparency necessitates carefully weighing trade-offs, design decisions, and continuous technical development.
CONCLUSION
Innovation and legal compliance must coexist in the dynamic environment that exists at the convergence of blockchain technology and data privacy. Stakeholders from a variety of industries will need to work together to tackle the potential and difficulties posed by blockchain technology as it develops. Blockchain's future and its function in maintaining privacy will be shaped by how well it strikes a balance between the values of decentralisation, transparency, and individual control and the necessity of preserving personal data.
From a privacy compliance standpoint, many of the applications of blockchain technology that are being used now seem unclear, at best. In the absence of explicit legislative guidance, processing personal data directly on a public blockchain may entail substantial economic risks. According to some technologists, blockchain technology presents special opportunities to enhance privacy in the future by:
· Minimising data sharing between data controllers and their processors;
· Verifying and managing consent;
· Giving people clear notifications and records of their personal data usage across distributed systems.
Taking this one step further, some researchers envision a future when self-governing blockchain-enabled identity and data management solutions provide the preferred way to maintain and demonstrate data privacy. For now, policymakers can support innovation by recognizing decentralized data storage models and better tailoring data privacy laws, regulations, and guidance for blockchain use cases.
The author of this article is Susrita Rath, a fifth-year BBALLB student at SOA National Insitute of Law (SNIL), Bhubhaneswar.
[1] PRITESH SHAH and others, “Blockchain Technology: Data Privacy Issues and Potential Mitigation Strategies” (2019) https://www.davispolk.com/sites/default/files/blockchain_technology_data_privacy_issues_and_potential_mitigation_strategies_w-021-8235.pdf accessed January 24, 2024.
[2] “What Is Decentralization? - Decentralization in Blockchain Explained - AWS” (Amazon Web Services, Inc.) https://aws.amazon.com/blockchain/decentralization-in-blockchain/#:~:text=In%20a%20decentralized%20blockchain%20network,the%20members%20in%20the%20network.
[3] Xin Jiang, “Ring Signatures: Privacy Protection So You Can Hide In A Crowd” (Medium, December 12, 2021) https://medium.com/ppio/ring-signatures-privacy-protection-so-you-can-hide-in-a-crowd-40180a732bce .
This article contains the view of the author and the publisher in no way associates with the views or ideologies of the author. All the moral rights vests with the Author(s).
Really informative…..worth the read.
Great article