Protect data with blockchain-based digital identities

Maintaining digital sovereignty with open standards

How can you ensure security and sovereignty on the digital market without sealing yourself off nationally? The dominance of US companies such as Facebook or Google presents European companies with a major challenge. There, data is tracked and evaluated into personality profiles to an unbelievable extent - and all without customers having a right of participation or a dedicated insight into the algorithmic collection and transfer of data. Anyone who wants to take alternative independent paths will not be able to avoid authentication using blockchain technology in the future.

Blockchain technology stands for a new ecosystem of decentralized information systems that registers and stores data in an unalterable way by distributing it across the entire network. The consensus mechanism for validation does not require central authority. Especially The financial sector recognized early on the enormous advantages of using blockchain applications to offer payment applications and trading platforms cheaply, quickly and transparently. Blockchain applications not only support the acceleration of transactions, but also intelligent opt-in or know-your-customer procedures and prevent fraud through chargebacks. Value transfer, supply chains, automation or customer data — virtually every electronic data set or document has extensive options for secure authentication and processing with a blockchain.

Blockchain and Self-Sovereign Identity (SSI) strengthen IT security

Open standards, interoperability and open source provide a solid basis for innovative competition and digital sovereignty. Individual users can control their own identity data and access to it via a blockchain network. This identity model, known as Self-Sovereign Identity (SSI), can offer enormous added value: it enables the use of vendor-independent technology that is reliable yet user-friendly. A self-sovereign identity (SSI) can be implemented, for example, via a user's mobile app, which serves as an identity wallet. Such wallets are currently based on blockchains or a similar distributed ledger technology (DLT).

Protecting sensitive data plays a major role in communication with consumers, business partners and public institutions. Some of these areas are regulated by the GDPR and the upcoming ePrivacy Regulation. Other laws, such as professional secrecy or medical secrecy, regulate confidentiality and place confidential data such as medical records or diagnoses under special protection.

Anyone who stores, processes or sends data electronically is therefore faced with an urgent problem. Criminal cyber attacks are increasingly aimed at spying on or illegally appropriating this data and must therefore be prevented at all costs through a systematic IT security concept. This applies to both companies and government institutions, which are subject to a special duty of care. One way to do this is to authenticate using blockchain technology. This can be used, among other things, for digital securities, when viewing the digital land register, digital subscription processes or in the healthcare sector.

Blockchain case study: decentralized digital medical records

A good example of the use of blockchain in the public sector is digital medical records. It is currently stored centrally, but is only partially protected against unauthorised access. Patients do not have direct access, but must cumbersome request access. If digital medical records were managed and stored using blockchain or similar technology, decentralized processing would be possible. The patient would have full access to their data without having to call up an intermediate instance. Key benefits: secure access controls and traceability of actions that have taken place.

A blockchain network could connect areas of application for digital medical records in a decentralized and cost-effective way and at the same time create added value: rapid exchange of patient data between doctors, hospitals, care facilities and health insurance companies, tailor-made insurance management, transparent monitoring of supply chains or cross-institutional implementation of clinical studies. Especially when it comes to studies on new drugs or forms of treatment, the focus is not only on patients' interest. The scientific results play a major economic role for the implementing institutions and must not fall into the wrong hands or be published prematurely. Using blockchain technology and individual tokenization of data, a security concept can be implemented that meets the high requirements of these fields of expertise.

International regulations for legal bases are required

Blockchain technology is suitable for creating trust networks between different parties. This strengthens data integrity but also creates a new problem. Since all processes associated with the data set are stored using blockchain, the information about these processes is virtually indelible for an indefinite period of time and remains firmly linked to this data set. This could be problematic in terms of data protection law. The current EU GDPR requires the right to forget, minimize data and anonymize data. Well-known large blockchain networks often violate these rights. Operators of a blockchain node should take this into account when designing the technology, as they can be held liable for processing the data.

From a legal perspective, how the handling of such information should be regulated has not yet been uniformly determined. An international set of regulations for coordination is absolutely necessary for implementation in practice. First steps by the federal government and negotiations at EU level are concerned with the risks and opportunities offered by using blockchain in connection with sensitive data. that Action paper from the “Digital Identity” working group of the Blockchain Bundesverband e.V. Welcomes the emphasis of interoperable digital identities for the digital sovereignty of the Federal Republic in the Federal Government's blockchain strategy and supports the clear commitment to open standards.

Measures such as establishing trust in digital identities, such as linking government trust infrastructure (e.g. eIDAS) with self-determined identities based on blockchain technology, represent an important milestone in legal support for secure digital authentication. However, they need further clarification and expansion, particularly in the area of coordination in the European digital single market and when adapting funding criteria. It is likely that it will take some time before a broad application in the business world that generates real economic profits and economic benefits is implemented.

Using private blockchain as an interim solution

As long as there is no authorized system for government authentication, a private blockchain is possible as an interim solution. Companies are leading the way in this process as innovative pioneers. They use the private blockchain for the secure storage, transport and evaluation of sensitive data under the aspects of regulation under the GDPR and general European legislation. Some of these regulations can only be complied with if customers actively consent to the processing and storage of their data.

Logging of consent can be secured across platforms for several applications and business areas using blockchain. It gives customers and companies direct access to their data when needed. Other applications support a digital signature, trading in digital financial products or with digital tangible assets. In this way, companies can build the technological ecosystem of the future together with their customers and independently of large corporations.