Why Blockchain matters for consent

Why Blockchain matters for consent

51, Thu 18 April 2019

Blockchain is intrinsically associated with alternative digital currencies such as Bitcoin in the public eye. But because blockchain is a distributed database where no part of the database is attached to a computer processor, it is extremely difficult to modify a blockchain database once a record, known as a block, has been created and added to the chain, making it an ideal technology for all types of digital authentication and authorization, not just currency.

In the past, people would sign for currency with their signature in person, but this is both difficult in the digital world, requiring technology not available in standard computers. Even when a customer could sign their digital signature, there is no guarantee that someone somewhere won't change the data once the customer has given authorization. Blockchain thus has tremendous value to all digital businesses, particularly when it comes to data shared by two or more parties whose interests are not necessarily aligned, such as a company and one of its customers or a company and one of its suppliers.

In our world, we see this around the consent of marketing permissions. Imagine I tick a box to permit a company to store my data so I can make payments but do not tick a second box asking for permission to store my data for marketing purposes. These preferences are stored in a traditional database, making it very easy for a dishonest company, or even employee within the company, to then go into the database and edit my consent boxes. It would now wrongly appear that I also gave my permission for the company to store my data for marketing purposes. This tampering with the data is impossible with blockchain because the record is unalterable. If next week I change my mind and decide I would like to benefit from the company using my data to give me a personalized marketing experience rather than a general one that I have little interest in, I can go back into the website and re-tick the box. Both my initial choice to not tick the box, and the second choice to receive personalized marketing, remain in the database, with the second choice superseding the first.

Blockchain is particularly useful for compliance with the laws and regulations like the EU's GDPR regulation, and California's recently passed CCPA bill. Blockchain is the guarantee that a person has given their consent digitally because it is effectively impossible to falsify. Given the fines for breaching GDPR are up to 20 million euros or 4% of the company's annual global turnover, having an unalterable record that the customer has given their consent can act as a failsafe against falling foul of these regulations.

Blockchain for beginners

Blockchain is a distributed ledger, which can be either public or private, where records are known as blocks, with each new block which a team adds to the chain containing a cryptographic hash and a timestamp. Copying a blockchain is impossible. The first thing a data science team which is planning to build a blockchain needs to do is identify which datapoints are going to need to go into the blockchain and which are not, as most of the data companies collect is unlikely to require blockchain. Your company might hold lots of information about a customer, but the only data requiring a blockchain could be, for example, when a customer gives consent to be contacted and make purchases. Once they have given their consent to having their data used for marketing purposes, the data in question can be stored in a traditional database and won't require a blockchain.

However, data science teams need to be very careful to fulfill the GDPR's right to be forgotten directive by ensuring that the data in the blockchain does not include any information that they may then have to delete. At Dativa, we do not agree that this right to be forgotten and blockchain are inherently incompatible, as some argue, but if the team isn't thinking about this right to be forgotten, they may make costly mistakes by adding too much data to the blockchain. 

Generally, the blocks take the form of a transaction or a contract or a digital currency. A customer will either sign an agreement, such as a consent box or request a transaction, such as trying to buy a product online. It is essential to identify all possible uses for blockchain within your company's products and services at the start of the process. The data science team then have to set up tasks that send these requests to a P2P network, consisting of various computers (nodes). The team also have to either write an algorithm (or use one already publicly available) that allows the node network to validate the transaction and confirm the identity of the user. Now the transaction has been completed the team needs to add this block to the other pre-existing blocks in such a way that it cannot be modified or removed from the chain. Typically a team would add transactions to the distributed ledger daily, making the blockchain larger day by day.

The core challenge for the data science team is to ensure that the blockchain is immutable. The key to achieving this is in the cryptographic hashs. Many good ones have already been developed, such as  SHA-2, developed by the NSA, and which also offers alternative implementations including  SHA-224, SHA-256, and SHA-384. By using Python and an appropriate algorithm, the team can enter a transaction into the chain, and they receive a 64-bit string of characters containing both numbers and lower-case letters, which is the unique identifier for this particular operation. Whether the data is less than 64 characters or contains MBs of data, the end string is always the same and always contains 64 characters and is always unique. A string might look something like this: 4c3e6637db1eb2fa8fca8d4fdbf33bff4129vcb985c24848bf25311d516dde93

Contact our data science team to learn more about the work we are doing with blockchain

Need help? Get in touch...

Sign up below and one of our data consultants will get right back to you

Other articles about The Innovation Hub

Deductive is a global consulting firm providing data consulting and engineering services to companies that want to build and implement strategies to put data to work. We work with primary data generators, businesses harvesting their own internal data, data-centric service providers, data brokers, agencies, media buyers and media sellers.

145 Marina Boulevard
San Rafael
California - 94901
+1 (415) 843 1774

Registered in Delaware

Thames Tower
Station Road

Registered in England & Wales, number 8170657