The recent increase in the number of security and surveillance data breaches that compromise user data calls into question the current model where third party user collects and controls massive amount of personal data.
In the big data era, data is constantly being collected and analysed, leading to innovation and economic growth. Companies and organisations are using the data they collect to personalise services, optimise the corporate decision making process, predict future trends and more. While we all reap the benefits of a data-driven society, there is a growing public concern about user privacy. Centralised organisations— both public and private, amass large quantities of personal and sensitive information. Individuals have little or no control over the data that is stored about them, and how it is used.
The Facebook & Cambridge Analytica Data Leak Controversy Created Much Furore
At the core of the recent controversy, Facebook’s CEO, Mark Zuckerberg, apologised on a live testimony for alleged abuse of user data. The Cambridge Analytica scandal revealed that the data collected for academic purposes was actually used to target political ads during the 2016 US presidential elections campaign. After Zuckerberg’s appearance before the Congress panel, it has come to the fore that Facebook’s whole approach towards data privacy might be flawed. While people are worried about their privacy being compromised, companies like Facebook are focused on earning profits and satisfying shareholders. They make money by collecting, selling and analysing user data mainly on behalf of the advertisers.
How Blockchain Can Put Users Back In Control Of Their Data
When the whole Facebook data leak controversy broke on the scene, many experts were of the view that Cambridge Analytica could not have misused the data of the users had it been stored in a permission based decentralised blockchain. A blockchain is a type of distributed database that allows untrusted parties to agree about a shared digital history, without a middleman. There are two schools of thought around applying blockchain technology to identity:
- User-Controlled Identity: First is using a blockchain for user-controlled identity. A user-controlled identity is similar to a social media account: no pre-existing identity credentials (like a driver’s license or birth certificate) are required to create one. A blockchain-based account could then be used across the internet, and moreover, a user could grant and revoke access to his or her information on a case-by-case basis.
- Identity Attestation: The second school of thought focuses on identity attestation. Unlike user-controlled identity, attestation would mean verifying pre-existing credentials (like a driver’s license or birth certificate), and then tying that information to the rightful owner on a blockchain. This effectively creates a decentralised database for traditional forms of identification.
Personal data and sensitive data in general, should not be trusted in the hands of third-parties, where they are susceptible to attacks and misuse. Instead, users should own and control their data without compromising security or limiting companies’ and authorities’ ability to provide personalised services.
The blockchain platform enables this by combining a blockchain, re-purposed as an access-control moderator, with an off-blockchain storage solution (when you move data and computation elsewhere oﬀ the blockchain, say for example to another datastore, server or third party; the blockchain footprint is reduced). Users are not required to trust any third-party and are always aware of the data that is being collected about them and how it is used. In addition, the blockchain recognises the users as the owners of their personal data. Companies, in turn, can focus on utilising data without being overly concerned about properly securing and compartmentalising them.