If you've been living under a rock for the past two years, you may be unaware of the EU General Data Protection Regulation (GDPR), a replacement for the current EU data protection directive. This is of course a very Euro-centric (and yes sorry, a slightly antagonistic) viewpoint, but we hope that you will bear with us. Because we believe that the GDPR may serve as an excellent model for citizen data rights across the world.
At its core, GDPR acts to harmonize the different data privacy laws used across Europe and intends to strengthen data protection and privacy for individuals within the European Union. GDPR revises the roles, rights, and obligations between those using your data (data controllers) and you (data subjects). Organizations not respecting the new rules can be fined up to 4% of their annual worldwide turnover, so the pressure is on to comply and the regulations should not be taken lightly.
We are approaching GDPR D-Day. In May 2018 companies will have to apply this new regulation within their organization, causing an enterprise-wide impact on how they must work in the future.
The idea is to bring back privacy. If you have personal data*in your organization, and the chances are that you have, you are obliged to apply a lot of complex rules which:
- Ensure the protection of the data
- Give you the right to process it
- Ensure that data is removed from your organization upon request.
This is a significant burden, but let’s not focus on the organization. After all the regulation was made to protect you and me, the regular user. Clearly, there is little convenience in this matter when looking from a commercial organization’s perspective and this surely is the intent.
When looking deeper into the reason why this legislation has come into force, we must consider the increasing number of “free” services on the Internet, and the fact that our privacy has become a currency. As a society, we have readily given up our privacy, in return for “free” and convenient services such as email, easy transportation, and social networks. Rather than monetize these services directly, a significant amount of income is derived from the sale of your personal data, sometimes with unpalatable results.
Many had little choice but to accept this “deal with the Devil”. Either you agreed to these terms and can use the “free” service, or you don’t and are excluded from the social groups that congregate within these services.
As we evolve through the era of the Internet of Things, we will likely transition to the Internet of Me. Me, MyData, my digital alter ego, or digital twin are just different ways of looking at the new reality of self.
This new digital representation of a human promises major breakthroughs in the collection and analysis of data, as well as the synthesis of new knowledge and wisdom, which could help propel humanity to the “next stage of evolution”. These are all exciting possibilities, but they raise significant issues, the vanguard of which is the need to share data.
Like many others in this space, we envision a new way of approaching data control, enforcing opt-in policies instead of an opt-out approach. This means that users would have to provide consent allowing companies to process their data, and only to the level the user has agreed upon. Whenever the user changes his / her decision, the company is not allowed (or only allowed with reduced capabilities) to process the data. There will undoubtedly be an increased burden on the user in terms of data management, but we feel this may be mitigated through good user experience design and appropriate choice of default settings. The devil will, of course, be in the detail.
This is in stark contrast to the current proposition, where the difficulty lies with the management of your consent** across multiple providers, making it nearly impossible to control from a user perspective.
It is paramount that we regain control of our digital twin, and that this control is not binary (all or nothing), as is implemented currently at the majority of organizations. Granularity is a key factor in managing consent, data, or even identities, and the access control related to it.
The vast amounts of data collected on every little action we take on the Internet, the pervasive nature of digitization in our daily lives, and our addiction to technology all increase the risk of privacy being breached. Whether this is done intentionally or not, directly or indirectly, it is a serious problem. This can only be halted by carefully selecting which data is collected and which is not.
Distributed Ledgers can help to a certain level to keep privacy safeguarded, data in a transaction collects all data required and this does not contain sensitive data such as location, name, time, etc.
In the world of the Internet of Things this might give the opportunity to sell data related to a smart meter, your heating system, alarm log data etc. without revealing who you are, where you are, and when you are. The correlation of all this data could give insight into your behavior without knowing who this person is. It enables new business models without disclosure of sensitive data or compromising the privacy of an individual.
IOTA provides data protection by default and by design, it relies on a trustless model. A model that allows people to operate directly with one another, and trust any of the actors in the ecosystem. Nodes in the network do not have authority over any other node, hence a decentralized model of a distributed ledger. The man in the middle is replaced by mathematical computations, executed and validated in a nash equilibria of connected machines. IOTA brings a step closer to life with true digital identity in which the user is the principal owner. The central authority that keeps track and records all activity is obsolete, all activities are stored in the tangle distributed over a multitude of machines. Though transactions are transparent, performing surveillance activities on transactions remains complex and can be difficult. An IOTA transaction contains the following information:
- A unique hash of the transaction
- Signature message fragment, which can contain a signature of the private key or data in the case of the usage of Masked Authenticated Messaging (MAM)
- The address of the recipient or in case of input generated address from the private key
- A value
- Timestamp, not enforced
- Current index, the index of this transaction bundle
- Last index, the total number of transactions in this bundle
- Bundle, bundle hash allows you to identify transactions that were in the same bundle
- Trunktransaction, a hash of the first transaction that was approved with this transaction
- Branchtransaction, a hash of the second transaction that was approved with this transaction
- Nonce, which is required for the transaction to be accepted by the network and generated by doing the Proof of Work
The complexity should not withhold you from understanding that there is no personal data in a transaction, transparency is key and privacy paramount. The public and private keys are independent of your identity, there is no direct link to who the person is behind a transaction whether is a payment or a text message by means of using the IOTA MAM technology.
Note from David Sønstebø:
This is the first in a series of blog posts pertaining to the broad and complex topic of the General Data Protection Regulation. This is meant as food for thought and to initiate discussion and brainstorming around a very important and impactful regulation that takes effect this year. Koen’s view on this stems primarily from a Cyber Security perspective, wheras other blog posts will counter it from eHealth, legal, technical etc. The IOTA Foundation is committed to being thought leaders in this space and ensure that the technologies comply, but also challenge and hopefully alter regulations in a positive manner."
*According to Article 4 in GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
**any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.