Industry experts reflect on current state of global data privacy
With National Data Privacy Day being observed Jan. 28, blockchain industry experts shared their thoughts on issues facing data privacy in 2019
Nydia Zhang, co-founder and chair of Social Alpha Foundation, a not-for-profit grant making platform supporting blockchain technology for social good:
“In this new data insecure world, privacy is the new premium service. But anonymity should not be yet another elitist benefit that disadvantages the poor. Privacy is a right that blockchain technology natively solves, through a combination of cryptography and decentralized networks.
“If our governments and commercial institutions cannot be trusted or are incapable of protecting our data, then at least they can employ open source blockchain technology that can guarantee this fundamental right.”
Robertas Višinskis, co-founder of Mysterium Network, an open source, not-for-profit foundation focused on security and privacy, and the world’s first decentralised VPN blockchain project:
“Over the last 12 months we have seen a significant shift in public consciousness when it comes to personal data ownership. Data privacy in a decentralized world will be one where no one person owns the internet and where access to information is available on a level playing field as opposed to being based on your location.
“The introduction of the General Data Protection Regulation (GDPR) in May 2018 was a welcome move as we continue to look towards new forms of solutions that can safeguard personal data. However, striking the right balance between fostering innovation and enforcing regulation in a bid to protect personal rights is a fine line and we are seeing that new regulations can have a huge cost on enterprise and SMEs.
“As we know, the law of the land moves slowly and, while regulators are grappling with new rules, we will see technology solving problems that the state simply cannot.”
Paul Madsen, technical lead at Hedera Hashgraph, a public distributed ledger for building faster, fairer, and more secure decentralized applications:
“Many people assume that with DLTs granular privacy controls are not possible, and that their inherent immutability is incompatible with changing privacy regulation but, ultimately, privacy is giving the user meaningful control over their PII.
“Next generation DLTs must address this. As such, two particular mechanisms that may prove useful are a flexible permissioning model that allows for data to be removed from the consensus state and so support GDPR right to be forgotten; and an opt-in model by which verified identities can be bound to a crypto account.”
Simon Harman, co-founder and project lead at Loki, an Australia-based privacy network which will allow users to transact and communicate privately and anonymously over the internet:
“Digital privacy is the responsibility of the individual. Each one of us has the power to signal to companies that we are concerned about our privacy through our choices online. Through the usage of common security techniques, such as VPNs, SSL encryption, and 2FA, whilst also limiting the amount of information we put up on websites and social media applications, we can greatly reduce the chances of being negatively impacted by hacks, or being watched by companies and state level actors.
“Further still, we should realize that the cloud, while convenient, puts all of our personal information into the hands of others, and should act accordingly. I can see that the utilization of public key authentication is going to become much more prevalent, and that companies are developing products that perform more of the work client-side instead of in the cloud as a measure to protect the user’s privacy.
“A popular example of this design would be WhatsApp or Signal. If users are willing to try out and advocate for these kind of apps, the trend could be massive.”
Rikesh Thapa, co-founder and CTO of ticketing platform Blockparty:
“From the basic consumer’s perspective, the key to keeping data that one deems private is literally that — keeping it private. There is no tech out there that can fully promise privacy of information unless it’s blockchain-based data with strong encryption that has direct access to the chain itself (so no dapps that have a company or app managing , data entry).
“There is never any guarantee that a company truly keeps your data secure, let alone private. Most companies or applications will always have a God view or a super-admin access and that in itself is risky (take Uber for example). Although this is the case with nefarious companies with bad moral compasses, even companies with no bad acting employees may not have the security sophistication or security budgets to fully protect user information and data.
“This is a bleak outlook on the state of security in the industry — however blockchain security and trustless ownership of user data is a significant leap forward. If it catches on, the industry can revolutionize how data is stored, accessed, permissioned and used. We also need a trusted third party authority that evaluates the security status of every company that stores valuable user information similar to GDPR standards set by the EU (except better and more reputable).”