The “right to be forgotten” is a key element of the new GDPR regulation which has dominated most enterprise’s agenda for many past months. In theory, since May 25th, everyone in Europe should be confident, if they ask an organisation to have their personal data deleted, that the organisation will do so and, if requested, provide proof of such a deletion. For theory, if you are standing in the queue to buy a Happy Meal from McDonald’s, you can ask to see the footage from the security camera records and request your image deletion.
Nevertheless, in the wake of the Cambridge Analytica/Facebook debacles, the question remains: can individuals be truly satisfied their data has been eradicated when requested? BTL recently judged a hackathon at the Consensus blockchain conference in New York. At this BTL challenged developers to build applications on its Interbit platform to delete data.
“Right to be forgotten” and deleting data
BTL had teams opting to use Interbit on the basis that they could build applications which allowed permanently erasure of data storage on the BTL blockchain. One such application was for predicting sports outcomes for betting purposes. Users could build betting profiles and rank these according to their performance.
But blockchain’s immutable attribute means any data stored on a chain cannot be deleted. This is particularly the case with public or open blockchains such as Bitcoin and Ethereum. Yet business requires blockchain technology to be more flexible. This explains why BTL built Interbit to be able to meet GDPR’s requirement of the “right to be forgotten”.
BTL goes further. It argues “we would go as far as to say that you can only truly meet this (GDPR) requirement with … a blockchain solution. If we look back at the betting profile application built at Consensus, if a user wishes to leave the service their entire profile and history could be deleted due to the way Interbit allows data to be segregated across multiple chains within single applications. Delete a chain, (and the) data is gone, for good.”
By segregating data across multiple private chains:
- not only does this facilitate compliance with GDPR
- but implementer can deliver total privacy of data (unlike with public blockchains where metadata is visible).
Back-ups, security and multiple blockchains
Another facet BTL believes is vital is the inherent security of a blockchain network. Blockchains make it difficult to tamper with, steal or hack user data, all without the need for backup (other than the implicit backing-up that coms with a peer-to-peer network).
Arguably, back-ups of systems are in themselves incredibly risky for enterprises in today’s GDPR world: any deletion of data requires each and every system (and all its back-ups) to open up with the relevant data eliminated from all sources. This is a technical headache, but one which BLT argues “goes away when using blockchain, as the network automatically ensures all copies of any data that is to be deleted, is indeed removed”.
How can an enterprise have multiple blockchains in any one application? BLT argues that Interbit’s ‘chain joining’ capability enables this. Where an enterprise requires it, it can segregate user data across many different chains which can joined (in technical jargon they are ‘interoperable’). This enables total privacy and the ability to be forgotten.
Interbit is a blockchain development platform designed for business – innovators and developers – to incorporate the best of blockchain capabilities into enterprise applications. The Interbit platform includes a suite of API’s and smart contracts. These allow application developers to incorporate blockchain technology into enterprise applications. Applications powered by Interbit can, allegedly, drive efficiencies by reducing or eliminating the effort and costs of conventional processes where multiple parties/systems interact with a common data set.
Visa Europe worked with Interbit on a blockchain-based cross-border settlement solution. This offered banks an opportunity to explore the potential for blockchain technology and smart contracts. This proof-of-concept for a trading and settlement application performed realistic, high volume and high velocity simulations of cross-border transfers. A different proof of concept involved energy and trading confirmation, with BP, ENI and Wien Energie.
Enterprise Times: what does this mean
It is no surprise that privacy is contentious. Recent research, which BLT commissioned, found just 279 technology professionals in the UK and US who stated ‘data privacy’ was their highest priority, ahead of ‘business operations’ and even ‘revenue growth’. This is worrying when current computing systems are not well designed to operate and meet the guidelines set out by GDPR:
- they leak
- conventional back-ups are a problem in themselves
- data stored in just one place creates an easy target for incompetence and/or cybercriminals.
For BTL the paradigm of blockchain can deliver respect for GDPR. But it is equally possible to suggest that blockchain technology is an enemy of GDPR. The jury is out, and may be out for some while yet.