If you have been living under a rock for the past 2 years, you may be unaware of the EU General Data Protection Regulation (GDPR), a replacement for the current EU data protection directive. This is of course a very Euro-centric (and yes sorry, a slightly antagonistic) viewpoint, but we hope that you will bear with us. Because we believe that the GDPR may serve as an excellent model for citizen data rights across the world.
At its core, GDPR acts to harmonise the different data privacy laws used across Europe and intends to strengthen data protection and privacy for individuals within the European Union. GDPR revises the roles, rights and obligations between those using your data (data controllers) and you (data subjects). Organizations not respecting the new rules can be fined up to 4% of their annual worldwide turnover, so the pressure is on to comply, and the regulations should not be taken lightly.
We are approaching GDPR D-Day. In May 2018 companies will have to apply this new regulation within their organization, causing enterprise-wide impact on how they must work in the future.
The idea is to bring back privacy. If you have personal data*in your organization, and the chances are that you have, you are obliged to apply a lot of complex rules which:
- Ensure protection of the data
- Give you the right to process it
- Ensure that data is removed from your organisation upon request.
This is a significant burden, but let’s not focus on the organization. After all the regulation was made to protect you and me, the regular user. Clearly, there is little convenience in this matter when looking from a commercial organization’s perspective and this surely is the intent.
When looking deeper into the reason why this legislation has come into force, we must consider the increasing number of “free” services on the Internet, and the fact that our privacy has become a currency. As a society we have readily given up our privacy, in return for “free” and convenient services such as email, easy transportation and social networks. Rather than monetise these services directly, a significant amount of income is derived from the sale of your personal data, sometimes with unpalatable results.
Many had little choice but to accept this “deal with the Devil”. Either you agreed to these terms and can use the “free” service, or you don’t and are excluded from the social groups that congregate within these services.
As we evolve through the era of the Internet of Things, we will likely transition to the Internet of Me. Me, MyData, my digital alter ego or digital twin are just different ways of looking at the new reality of self.
This new digital representation of a human promises major breakthroughs in the collection and analysis of data, as well the synthesis of new knowledge and wisdom, which could help propel humanity to the “next stage of evolution”. These are all exciting possibilities, but they raise significant issues, the vanguard of which is the need to share data.
As many others in this space, we envision a new way of approaching data control, enforcing opt-in policies instead of an opt-out approach. This means that users would have to provide consent allowing companies to process their data, and only to the level the user has agreed upon. Whenever the user changes his / her decision, the company is not allowed (or only allowed with reduced capabilities) to process the data. There will undoubtedly be an increased burden on the user in terms of data management, but we feel this may be mitigated through good user experience design and appropriate choice of default settings. The devil will, of course, be in the detail.
This is in stark contrast to the current proposition, where the difficulty lies with the management of your consent** across multiple providers, making it nearly impossible to control from a user perspective.
It is paramount that we regain control of our digital twin, and that this control is not binary (all or nothing), as is implemented currently at the majority of the organisations. Granularity is a key factor in managing consent, data or even identities, and the access control related to it.
The vast amounts of data collected on every little action we take on the Internet, the pervasive nature of digitization in our daily lives and our addiction to technology all increase the risk of privacy being breached. Whether this is done intentionally or not, directly or indirectly, it is a serious problem. This can only be halted by carefully selecting which data is collected and which not.
Distributed Ledgers can help to a certain level to keep privacy safeguarded, data in a transaction collects all data required and this does not contain sensitive data such location, name, time, etc…
In the world of internet of things this might give the opportunity to sell data related to a smart meter, your heating system, alarm log data etc… without revealing who you are, where you are and when you are. The correlation of all this data could give insight on your behavior without knowing who this person is. It enables new business models without disclosure of sensitive data nor compromising the privacy of an individual.
IOTA provides data protection by default and by design, it relies on a trustless model. A model that allows people to operate directly with one another, trust with any of the actors in the ecosystem. Nodes in the network do not have authority over any other node, hence a decentralised model of a distributed ledger. The man in the middle is replaced by mathematical computations, executed and validated in a nash equilibria of connected machines. IOTA brings a step closer in a life with a true digital identity in which the user is the principal owner. The central authority that keeps track and records all activity is obsolete, all activities are stored in the tangle distributed over a multitude of machines. Though transactions are transparent, performing surveillance activities on transactions remain complex and can be difficult. An IOTA transaction contains the following information:
- A unique hash of the transaction
- Signature message fragment, can contain a signature of the private key or data in the case of the usage of Masked Authenticated Messaging (MAM)
- The address of the recipient or in case of input generated address from the private key
- A value
- Timestamp, not enforced
- Current index, index of this transaction bundle
- Last index, the total number of transactions in this bundle
- Bundle, bundle hash allows you to identify transactions which were in the same bundle
- Trunktransaction, hash of the 1st transaction that was approved with this transaction
- Branchtransaction, hash of the 2nd transaction that was approved with this transaction
- Nonce, required for the transaction to be accepted by the network and generated by doing the Proof of Work
The complexity should not withhold you from understanding that there is no personal data in a transaction, transparency is key and privacy paramount. The public and private key are independent from your identity, there is no direct link to who the person is behind a transaction whether is a payment or a text message by means of using the IOTAMAM technology.
Note from David Sønstebø:
This is the first in a series of blog posts pertaining to the broad and complex topic of the General Data Protection Regulation. This is meant as food for thought and to initiate discussion and brainstorming around a very important and impactful regulation that takes effect this year. Koen’s view on this stems primarily from a Cyber Security perspective, wheras other blog posts will counter it from eHealth, legal, technical etc. The IOTA Foundation is committed to being thought leaders in this space and ensure that the technologies comply, but also challenge and hopefully alter regulations in a positive manner
*According to article 4 in GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
**any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.