The Movement for Management and Application of Personal Information
For the last couple of years, some of the unauthorized conducts from large IT corporations — such as illicit collection of users’ personal information, selling/providing user data to the 3rd parties without consent — formed into a social issue. Another incident of server-stored users’ personal information leaked publicly has also been at the center of the controversy for a while.
As such issues repeatedly rise, “Data Sovereignty,” the importance of the concept defined as ‘allowing individuals to manage and take care of their own data’ is getting more weights.
To make data the protection and the data business thrive, countries are establishing many possible solutions. Since 2018, the EU has mandated GDPR (General Data Protection Regulation), a legislation reinforcing the responsibility related to the users’ private information protection. At the same time, China is also enforcing the ‘China Internet Security Law.’
Japan took a step further and revealed a policy that can both ensure privacy protection and proactive application of the data: the ‘Information Bank Project.’ The Ministry of Internal Affairs and Communications of Japan has provided the guidelines for domestic companies to anonymously process and legally trade and distribute information so they can protect users’ personal information. And for the corporations that own or want to use the information, the company that can mediate the two types of information trade (1. Information Bank, and 2. Information Trust) is getting ready to be implemented, and is going under the verification review.
Other than the social issues mentioned, the major reason that shaped the background to Japan’s attempt to implement the Information Bank and Trust comes from the fact that it is not so easy to manage the data on the individual’s own. On the individuals’ side, it is very difficult to decide whether to agree to provide the personal data, or providing the data on their own.
The Information Bank allows the institutions like financial institutions, hospitals, online services that have personal information to collect the information on behalf of the individual users, yet let the individuals designate the subjects to provide/sell the data on their own, and also choose whether to agree to provide their data or not. And the Information Trust adopts a way to manage the personal information just as the Information Trust companies handle assets, once the individuals assign their decision-making authorities on the personal information provision options to the Trust.
The Mountains to Climb For Managing and Using the Personal Information
The advent of the Information Bank and Information Trust do have a positive outlook in terms of providing realistic solutions by proactively using data, something beyond just the protecting and regulating the personal information. However, there still remains a big mountain to climb since there are many obstacles to solve including the ‘concept of the Information Bank.’ The lists are: 1) the problems on the transparency of using personal information, 2) prevention of the maluse or reuse via violating the purpose of the personal data provision, 3) if there is substantial level of motivation to provide the personal information to the Information Bank.
1)Transparency on the Personal Information Usage
If we completely rely on the Information Bank on handling personal information, then there comes a chance to make another ‘big brother.’ One of the biggest things the individuals fear is that there is no way to find out how their personal info is used. Even though the data becomes Information-Banked, if a profit-seeking corporations take the responsibility and handle all the personal information transactions via data trading, the reliability about the transactions history checking becomes questionable.
All the data transaction histories — including which information have been shared to whom, how many times my info have been viewed, when the others tried to browse my info, etc. — must be transparently shared to the subject who provided the data. And the management of all these procedures should not be controlled by some ‘central force’ of the company that seeks profit. Rather, all the info and transaction histories should be transparently exposed and the view/sell histories should never be forged or altered by anyone.
2)The Protection of Personal Data Anonymity and Control about the Usage Venue
Another issue to be resolved is, even though an individual has fully agreed to provide the personal info to the 3rd party, the foundations to the information provider platform gets a critical defect when the 3rd parties resell or leak the personal information to the other 3rd parties.
Thus, if only the essential parts of the personal info have been appropriately provided, and the receiver (the 3rd party) has served the purpose and usage plan of the info appropriately must be managed. In the first place, the personal data should be anonymized so that the personal information that does not serve the designated purposes cannot be shared to the 3rd parties, and should prevent the leakage by strictly prohibiting duplications.
3)The cost and benefits of providing personal information
The individuals who provide their personal information wouldn’t want to gladly provide their info with risks of their info leakage when there is no substantial/economic benefits for providing their info to the Information Bank. If there are some realistic values come in return of providing the info (benefits such as extra feature of the service, credit benefits, etc.), then the individuals will feel the necessities for providing the data as a must.
According to the recent survey about the awareness on the data usage conducted in Japan, circa 70% responded that they expect to receive monetary benefits like cash or points, and 30% wanted returned costs like public interest or social contributions.
Personal Information and Data Management through the Implementation of Blockchain and Token Economy
On the other hand, the dilemmas that the Information Bank projects and many other projects that handles Personal Information and Data can be solved at some extent with the help of blockchain and token economy.
1)Securing Data Sovereignty of the Data Provider
Since all the data on the blockchain is encrypted and chained in a chronological order, forging any past record requires recreation of all the blocks after that moment and replacement of all the ledger data. Thus, theoretically, the impossibility of forging/altering data on the blockchain is the most widely known strength that anyone is aware of. Thus, if the track records on viewing, transactions of the personal data is written on the blockchain, then it will become possible to prevent the forge/alteration of transactions/records and provide transparency as well.
Also, compared to the previous centralized system, since the data ledger can be stored and saved by everyone engaged in the network it can eliminate the 3rd party’s intrusion and decentralize the way to save personal data. Furthermore, the network can be customized into the structure: Instead of writing the data themselves onto the blockchain, the individuals can store their own asset and write only the addresses of the data that can be accessed. This way, they will be able to have their own authority to data generation and elimination.
2)Possibility for Implementing Data Security and Privacy Enhancement Features
There is this technology called ‘Zero Knowledge Proof.’ Simply, it is a method to see what kinds of information are there without exposing the data to the others. With this method, we can get only the necessary info by applying True/False answers to the requested questions and don’t have to open the detailed personal information that the data requester has inquired.
With this, the privacy is enhanced as the individuals can manage and encrypt their own info, and the requisite that the outside data requester demand can be met at the same time. Only the blockchain can support this feature.
3)The Thriving Ecosystem of User Data Trading Platform from the Implementation of the Token Economy
In the perspective of the service user, there is nobody who likes to see the service provider spreading their personal information out there, and selling their data without their consent. Actually, even with the consent, it will be very unacceptable to see the service providers taking the full credit off their own personal data. For this, we need to apply a twist in the current mechanism and idea: earn as contribute. Meaning that, as the individuals provide the data, there are more of benefits and profits produced, and as they engage and contribute more, then more of the benefits will be made.
When individuals — the real subject of the data providers — can engage in the data trade platform with crypto-assets, receive fair level of the distribution according to their contributions, and then secure more sovereignty about their own data, and can enjoy much more benefits and convenience using the Internet than managing the data by themselves, then more number of the individuals will be able to engage in the ecosystem.
Data is the most important foundation of today’s industry. The data market of today is controlled by the conglomerates and data brokers. Brokers raise their profit as they sell the collected data to the companies, and the companies can collect the data easily. But what needs to be taken under the consideration is that, those data are being traded in the market without the users’ consents to provide the personal data, and the real providers of the data — each individual users of the services — are completely isolated from the data market.
But it is nearly impossible to stop the collection and trade of the personal data. Because once the personal data are collected and accelerate the big data-based businesses, then the data can work as catalyst to shift the entire paradigm. Thus, rather than restricting all the activity at once, the data business can be developed into another level when it gets the right balance with the proper guidelines and solutions.
So, if the corporation is preparing for, or considering establishing an Information Bank/Information Trust in near future, the followings should be taken into the priority: returning the data sovereignty to the owners via the blockchain and token economy, activating the data market, and then any benefits or profits earned from those deeds should then be re-distributed to the data owners.