Blockchain Rules: How Permissioned Blockchains Support GDPR and Other Privacy Regulations

Author: Michael Hathaway, Chairman of the Cognida Foundation

Concerns about data privacy among consumers are becoming  increasingly prevalent in the wake of various data breach scandals, and as such, governments and regulatory bodies are responding with more stringent data protection laws.

Perhaps the most noteworthy of these efforts is the European Union’s General Data Protection Rule (GDPR) that went into effect this year. The law, which seeks to protect individuals’ Personally Identifiable Information (PII), is driving a new level of transparency giving people the right to restrict its use or request it be deleted all together.

But GDPR is not the endpoint; this trend will continue to go far beyond just one regulation. For example, the state of California passed a new law this year slated to come into effect in 2020 granting consumers more control over and insight into the sharing of their personal information online.

Both of these plus other laws coming into play relate to how information is stored and where it is stored, but when it comes to technology, one of the safest and most convenient ways to transfer data between both trusted and untrusted parties is the blockchain. There is some confusion around the nature of the blockchain, which still gets described as a cloud service in many parts. However, it is in fact a distributed application and not a centralized service – cloud or otherwise.

The future of data access and data privacy is a big reason why Windmill Enterprises is developing the Cognida platform, which offers enterprise customers the ability to store security policy information on a choice of blockchain ledgers that are supported by the platform. Blockchain provides an immutable, ubiquitous data source that can be employed by enterprises to establish their trusted service relationships and enforce security policies across public and private networks. Blockchain becomes a distributed database that can be reliably accessed anywhere on any network. On the Cognida Network and its open source platform, enterprises will be able to enforce security and access permissions policies on connected devices, systems and shared information using blockchain agnostic technology.

This is important in the context of new regulations like GDPR and California’s New Data Privacy Law, set to take effect in 2021, in California. While not as all-encompassing as GDPR, the California law is a sign similar regulations will start popping up in the U.S. The new law forces holders of personal data to be able to provide consumers, among other things, the right to withhold what third parties that data is shared, the right to know the commercial purpose of the data, and to delete it upon request, all in a safe and secure manner.

It should be noted that Blockchain technology does not manage security, but rather it IS a security solution in and of itself. The Cognida platform uses blockchain ledgers to store security and permission policy information that enterprises can use on service interfaces.

Enterprises can then establish trusted service relationships on the Cognida Network with which to share information. The Cognida community itself provides self-policing community oversight to identify bad cloud service actors. Further, the Cognida Foundation and its members provide governance and oversight offered on the Cognida network.

The Cognida Network and platform allows also for information to be stored “off chain” in a separate database; this data is linked to the blockchain via private and public cryptographic keys. This method allows for both private and personal data to be stored in an editable database with only a one-way hash stored on the blockchain itself. The data on the Cognida network can be trusted because the ledger is immutable and the network is auditable against such regulations as HIPAA, FCRA, GDPR and the new California Consumer Privacy Act passed in June 2018.

In this new regulatory world of data protection and increased consumer control over PII, the blockchain will play a critical role for enterprises. For example, blockchain-based systems can be used to track consent and deletion request-verification.

The simple fact is that blockchain is data privacy protection’s friend, not its enemy.  Blockchain is a proven data protection methodology with an immutable record, ideal for compliance audits and data oversight . That’s why blockchain adoption has grown so much beyond its original function just powering bitcoin transactions, given it’s natural attributes: namely security, accountability and transparency. Indeed, sectors as varied as financial services, healthcare and government are already exploring how this technology can transform their businesses and share data and information more efficiently and securely.

By |2019-02-12T17:39:44+00:00August 9th, 2018|Uncategorized|

About the Author:

Michael H.