Both the enactment of the European Union’s General Data Protection Regulation (GDPR) and the innovation of Blockchain Technology represent new opportunities to enhance privacy in greater respect of people’s personal data, while also challenging conventional business practices.
The GDPR, which became enforceable on May 25, 2018, and blockchain technology, which has recently caused a frenzy amongst investors and executives, have both jump started all types of businesses into action.
At Arianee, we had the advantage of designing our protocol during a period when many existing companies were attempting to work backwards in restructuring their policies in order to abide by the GDPR. We had the privilege of structuring our protocol from scratch and GDPR was actually very good news for us. Our founders were aware that involvement in industries such as the luxury goods market, combined with our data storage and asset management functions, meant that handling our users’ personal data would have to be our top priority.
“We designed Arianee to be a platform ahead of its time, carefully integrating GDPR compliance measures within the framework. During this process, we discovered that both GDPR and Arianee share the same fundamental principle of privacy, giving owners back control over their data.”
- Luc Jodet, Head of Arianee’s Business Architecture
THE ESTABLISHMENT OF GDPR
We are living in an era where access to information is of the utmost value, and the growth of the Internet has undoubtedly contributed to this phenomenon. Every time we browse the Internet, everything we do is stored digitally. This includes our personal and banking information, IP address, sites visited, social media posts — everything. If you’re just hearing about this for the first time, you’re probably staring at your screen, wide-eyed and full of anxiety. But have no fear, the GDPR was created to help protect your privacy.
GDPR changes privacy laws, impacting the way companies collect, store, manage and use customer data amongst all businesses founded in, or doing business in, the EU and EEA. These new laws were created for the customer and regulators have left it up to the businesses to maintain the proper compliance. Failure to comply to the GDPR can result in some serious fees upwards of twenty million dollars.
Under these new regulations, users have the right to request access to their personal data free of charge and find out how companies use it. They also gain the rights to delete, transfer, correct and restrict their data.
However, a peculiar question arises when the GDPR and the Blockchain intersect:
How can we give users the right to delete, transfer, correct and restrict their personal data on a blockchain which, due to it’s distributed and decentralized nature, is considered a permanent mechanism of data storage?
We sat back for a while and gave this question some thought, only to realize that the answer was actually quite simple — Arianee will never record personal information on the blockchain.
This is made possible through the dual nature of our data storage systems.
THE OWNER’S APP AND THE DIGITAL VAULT
Arianee users will never reveal their personal data unwillingly and the underlying blockchain technology protects them from unauthorized access to their data. In order to learn how we plan on handling personal data, it is essential to understand how the Digital Vault System and the Owner’s App work in tandem.
The Arianee Digital Vault is an online repository where owners can register and store their smart-assets on the blockchain. In reality, the only information that is processed on the blockchain is the product’s serial number, digital ownership and authenticity certificates, issuing date, etc., but no personal information is required to perform these processes.
The Vault, has a public key that is used to receive data such as digital certificates and a private key that secures the digital assets and should never be given to anyone. Owners can choose to store several digital assets in one vault or create a new vault for each new asset, which is highly recommended for increased security.
Arianee’s pseudonymous architecture means our users do not record any of their personal information on the blockchain by design. According to the GDPR, pseudonymisation is “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.” In other words, user privacy is augmented in a sense that areas in the data record where identifying data is usually located is replaced with a pseudonym.
The Arianee Owner’s App is where owners can access the digital assets stored within their Vault through their mobile device. It has an easy to use interface that allows the owner to interact with the blockchain to add, transfer, and manage their digital assets, and much more. For the sake of this context, it is very important to note that the personal information inputted into the app is stored locally on the owner’s app and NOT on the blockchain, giving owners full control over their information.
Although Arianee will utilize blockchain technology, the GDPR requirement that gives users the right to delete, transfer, correct and restrict their personal data is fulfilled because no personal information is recorded on the blockchain without the owner’s consent. Instead, the personal information is stored on
the owner’s app, and the user has the option whether or not to provide his/her identity through the pseudonymity feature.
Let’s take an example:
Sally buys a new purse from ABC brand, which comes with its very own unique Arianee Digital Certificate of Authenticity. Sally downloads the owner’s app to receive the certificate, inputting some of her personal information to set up the app such as her name, gender and date of birth.
Once she is set up on the app, the brand can then send the digital certificate to her public address, establishing a link between brand and owner. However, the brand does not necessarily know who she is because whenever she completes a transaction on the blockchain, her personal information is never linked to the digital asset — just that asset’s identifying information.
CONCLUSION
Based on the level of accountability, transparency and consensus function, blockchain technology can attribute much of the attention it has been receiving for its security of processing. Arianee is utilizing blockchain to serve as a tamper-proof form of data storage and processing while maintaining GDPR compliant privacy policies. GDPR was designed to be compatible with future technologies, and by design, Arianee is on the front lines.