How Blockchain Technology Overcomes Challenges With Privacy Regulations

Blockchain has significant potential to transform many aspects, however, this relatively new technology faces some challenges. One among them is the blockchain privacy challenge. If you are planning to implement this promising technology in your organization, you are likely wondering how blockchain technology overcomes challenges with privacy regulations. Read on, since this is exactly what I explain here.

Contents

A quick introduction to blockchain
What does the future look like for blockchain?
Blockchain adoption challenges
The relevant privacy regulations
Can a public blockchain network comply with these privacy regulations?
How does blockchain protect privacy?
Wondering how to resolve blockchain privacy challenges?

A quick introduction to blockchain

Let’s first briefly familiarize ourselves with blockchain, with the help of the following quick facts:

  • The technology emerged a decade ago, as the foundation of Bitcoin, the now-famous cryptocurrency.
  • Blockchain is a “Peer-to-Peer” (P2P) network. While public blockchain networks are open to all including anonymous and pseudonymous users, private blockchains allow only trusted parties to join.
  • Each “node”, i.e., a computer on this network has the entire transaction history of the network. This makes each node a complete ledger, therefore, we also call blockchain the “Distributed Ledger Technology” (DLT).
  • Public blockchains have no central administrator and all nodes can communicate with each other. This ensures decentralization, moreover, no one can shut the network down by taking over one server.
  • In addition to decentralization, blockchain uses security mechanisms like digital signatures, data encryption, and consensus algorithms to guard data against tampering. I have explained this technology in “How to build your own blockchain using Node.js”.
  • Blockchain platforms like Ethereum offer smart contracts, i.e., pieces of tamper-proof, open-source, and autonomous code. Their execution is irreversible, and smart contracts can make contract administration more efficient.

 

What does the future look like for blockchain?

Blockchain has several use cases where the technology can make a positive impact with its decentralization, security, tamper-proof data, and smart contracts. A few examples are as follows:

  • The technology can bring much-needed transparency in supply chain management.
  • Blockchain can give a greater degree of ownership to Internet users over their digital identity.
  • Countering fraudulent voting is possible with blockchain.
  • Combating counterfeit drugs using blockchain can improve healthcare delivery.
  • Blockchain can secure the communication between “Internet of Things” (IoT)-enabled devices.

This is not an exhaustive list, and you can find more blockchain use cases in “21 promising blockchain use cases”. The market for the blockchain technology will likely reach $23.3 billion in 2023, according to a Statista report. That’s a significant rise from $1.2 billion in 2018!

Blockchain adoption challenges

The technology is indeed promising, however, there are challenges that impede the adoption of blockchain. A quick summary of these challenges are as follows:

  • Blockchain privacy issues: Public blockchains are open to all. Businesses have sensitive information to protect, therefore, they can’t use these blockchain networks.
  • Implementing enterprise blockchains: Businesses need private, i.e., enterprise blockchains to address the above-mentioned data privacy issues, however, it’s not easy to implement them.
  • Regulatory uncertainties: Several countries are yet to come up with comprehensive regulatory mechanisms around blockchain.
  • Lack of scalability, and high energy demand: Popular public blockchains like Bitcoin or Ethereum don’t scale well, moreover, they use the energy-hungry “Proof of Work” (POW) consensus algorithm.
  • Integrating a blockchain network with the legacy applications can be hard, especially due to the lack of collaboration and standardization.
  • Developing bug-free software isn’t easy, however, it’s absolutely imperative when it comes to smart contracts! You can’t modify them after you deploy them, moreover, their execution is irreversible.
  • Shortage of skills: Blockchain is a niche technology, and it’s often hard to find skilled developers.

You can read “Top 10 blockchain adoption challenges” for insights into these challenges.

Download Our Project Specification Template

The relevant blockchain privacy regulations

Before we delve into how does blockchain protect privacy, let’s understand the relevant privacy regulations first. This will help us to understand what kind of challenges these privacy regulations pose to the blockchain technology.

We will briefly review two privacy regulations from the perspective of consumer rights. These regulations are as follows:

1. “California Consumer Privacy Act”

“California Consumer Privacy Act” provides several important rights to consumers, e.g.:

  • Consumers have the right to know all data that a business collects about them, moreover, they can disallow businesses from selling their information.
  • They can take legal actions against a business that fails to secure their information.
  • Consumers have the right to ask businesses to delete their data.
  • They can now know what kind of data a business collected about them, from where, and for what purpose. Consumers can also ask about the entities with whom the company shared their data.

This is not an exhaustive list, and you can gain more insights here.

2. “General Data Protection Regulation” (GDPR)

The EU “General Data Protection Regulation” (GDPR) provides for a wide range of consumer rights, e.g.:

  • Businesses need to obtain the consent of users before processing their data.
  • Users have the right to correct information about them, moreover, they can ask the organization to delete this data.
  • Organizations collecting data need to anonymize it, in order to protect data privacy.
  • In the case of data breaches, organizations need to notify users.
  • Organizations need to secure cross-border transfer of data.

If you want more insights into GDPR, then you can read “What is the General Data Protection Regulation? Understanding & complying with GDPR requirements in 2019”.

Can a public blockchain network comply with these privacy regulations?

I will now explain why a public blockchain is bad for privacy. The limitations of a public blockchain with respect to the above-mentioned privacy regulations are as follows:

  • Public blockchains like Bitcoin allow anyone to join. Businesses using such a blockchain to store users’ data will make it open for everyone to see, which doesn’t comply with privacy regulations. Only the parties with explicit authorization should see users’ data.
  • Immutability of records in these blockchain networks is another impediment. Privacy regulations like GDPR allow users to modify or even delete their data, however, Ethereum or Bitcoin wouldn’t allow that.

You can read about these challenges in “Assess blockchain for GDPR compliance”.

How does blockchain protect privacy?

Let us now understand how organizations can overcome these blockchain privacy challenges, thereby complying with stringent privacy regulations. They will most likely need a combination of solutions, which are as follows:

1. Use an enterprise blockchain to implement a permissioned network

While public blockchains are permission-less, i.e., anyone can join them, enterprise blockchains allow only trusted parties to join. This is a key difference between an enterprise blockchain and a public blockchain, as I had earlier explained in “Public vs private (permissioned) blockchain comparison”.

Let’s review the following examples of enterprise blockchains in the context of permissioned access:

Hyperledger Fabric

Hyperledger Fabric, or Fabric as it is commonly called, is a popular enterprise blockchain framework from Hyperledger Consortium. Fabric is a permissioned blockchain framework, where all participants must have known identity.

Organizations implementing Fabric use a “Membership Service Provider” (MSP). This component of Fabric works as follows:

  • It offers a membership operation architecture.
  • An MSP takes care of issuing user certificates, validating them, and user authentication. There are cryptographic mechanisms for these, and MSP handles them in the background.
  • Setting up an MSP involves defining identity, setting rules governing this identity, and configuring business rules for user authentication. Read more about this in “Membership Service Providers (MSP)”.
  • An MSP is also called “Certificate Authority” (CA) in Fabric parlance, and Fabric provides tools for MSP certificate generation. Cryptogen is one such tool, offered by Fabric.

You can read “Hyperledger Fabric in practice. Main components and running them locally” for more insights.

Read How We Helped a Marketing Company to Build a Back-Office Custom Ads Dashboard

R3 Corda

Corda is another popular enterprise blockchain framework, and this is from R3. This is also a permissioned blockchain framework, where there is a well-developed security model around identity management.

A user needs to get an identity signed by a root authority, to join a Corda blockchain network. The security model handles authentication, authorization, and entitlements. The process of granting permissions and authenticating users uses TLS and certificates.

2. Use data-privacy solutions offered by enterprise blockchains

Enterprise blockchain frameworks have data-privacy solutions to guard sensitive data from prying eyes. You could use them to ensure the privacy of users’ data. Let’s review how you can do this using Fabric and Corda.

Channels in Fabric

Fabric offers a “channel” architecture, which can ensure privacy for sensitive data. A channel in Fabric can be thought of as one blockchain network, which uses a physical blockchain network as its foundation.

Channels have their own access policies and mechanisms. These policies and mechanisms control access to assets within that channel, e.g., chaincodes, i.e., smart contracts in Fabric parlance. They control access to the transaction history and the state of the ledger too.

Channels use data-partitioning capabilities of Fabric, and only the subgroup of users with access to a channel can view the information in it. You can read more about Fabric channels in “Private and confidential transactions with Hyperledger Fabric”.

Private transactions in Fabric

Fabric offers another solution to maintain the privacy of transactions, and this is called “Private transactions”. This solution involves storing the sensitive data on a separate database, and only the cryptographic hash of the data is stored on the blockchain.

Privacy techniques in Corda

Corda offers the following privacy techniques:

  • It allows for partial data visibility, by not broadcasting the transactions globally.
  • Transaction tear-offs, which works as follows:
    • Blockchain uses a concept called “Merkle Tree”, and this is a data structure.
    • In this data structure, the lowest-level node is called a “leaf node”, and a branch node is above it.
    • The branch node contains the cryptographic hash of the leaf nodes under it.
    • The data element at the top is the cryptographic hash of the entire tree, and this is called the “root hash”.
    • Corda structures transactions as leaves in a Merkle tree, and only a user with the root hash can see all transactions in the tree.

3. Use “Zero-Knowledge Proof” technique to store only the proof of the users’ data on the blockchain

So far, we have addressed the access control aspect of the privacy regulations, moreover, we have also addressed the aspect of guarding sensitive data from prying eyes. We now need to address the requirements of modifying and deleting users’ data.

The immutability of blockchain poses a challenge here, therefore, we need to tackle this differently. I recommend that you have a permissioned network, and use the above-mentioned privacy solutions to guard data.

Additionally, I suggest that you store only the proof of users’ data on the blockchain, and not the data itself. You need to use the concept of “Zero-Knowledge Proof” (ZKP) for this, and you can read about it in “The future of blockchain privacy: zero-knowledge proofs in decentralised exchanges”.

This approach requires you to store the actual user data on a different database. Such databases allow modification and deletion of users’ data, therefore, you can meet this key condition of the privacy regulations.

However, you still need to prove that the users’ data was genuine, your organization collected it accurately, and no one tampered with it. For this, you need to store proof of the authenticity of the users’ data on the blockchain.

Zero-Knowledge proof enables you to do this. With this technique, the information in question may be stored elsewhere, however, you only store the proof of its authenticity. Another name of this technique is “Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge” (zk-SNARKs), and you can read about it in “Blockchain zero-knowledge proof in a nutshell”.

Fabric will include ZKP in an upcoming release. An IBM development team working on Fabric is developing a Fabric-specific ZKP, called “Zero Knowledge Asset Transfer” (ZK-AT). You can read about this project in “Privacy and confidentiality with Hyperledger Fabric”.

Wondering how to resolve blockchain privacy challenges?

While enterprise blockchain frameworks with their permissioned networks, privacy solutions, and innovations like ZKP can help to overcome the blockchain privacy challenges, implementing such solutions is complex. Blockchain is a niche technology, moreover, Fabric channels and ZKP involve even more advanced blockchain skills.

Planning a project like this involves careful analysis. You can read our guide “What to plan for when undertaking blockchain software development?” to gain more insights. You should also take help from a reputed software development company, and our guide “How to find the best software development company?” can help you find one.

Download Our Project Specification Template

Aran Davies

Blockchain Expert | Developer | Writer | Photographer
I love all things blockchain and related to app development. What time I have when I am not busy writing for the DevTeam.Space blog of over 350 articles, I spend sitting around wondering what the future will look like 50 years from now.
Aran Davies