Cyber Anthropology
Menu

data

GDPR, Blockchain, and Me

, , , , , , , , 0

I missed posting last month because a lot was happening! Of course, for everyone who is involved with technology and data at a global level, we have all been touched in some way by GDPR. I know my inbox was flooded with emails on the changes to everyone’s privacy policies and probably yours was, too. It’s worth a read to learn more about it and why it’s such a big deal and how it’s affecting businesses all over the world.

For me personally, May was a big month because I changed jobs after almost a decade at The Planet/SoftLayer + IBM where I had been a design lead for Infrastructure as a Service (IaaS), IAM (identity and access management), and BSS (accounts) and then head of the Strategic Insights team for Public Cloud Research (covering all of Infrastructure as a Service and Platform as a Service). I moved from there to SAP Leonardo Services where I took the position of a Blockchain Design Consultant. This means I’ve been heads down learning all I can about Blockchain and my new company for the last 3 weeks.

Here’s where I have to have a sense of humor around these two seemingly unrelated subjects considering the paradox of Blockchain and GDPR.

To summarize the article, given the immutable state of data in a Blockchain, there is no way to update or delete it. In developer’s parlance, there is no way to perform the UD operations of basic CRUD. In fact, the entire acronym has been updated for blockchain to be CRAB (create, retrieve, append, burn). The problem is, does burn accommodate the “right to be forgotten” and “erasure of data” portions of GDPR? If personal data is in the Blockchain, then the answer is no.

That said, there is a workaround as discussed via creating a hash and a link in the Blockchain that refers back to PII (personally identifiable information) that is stored OUTSIDE of the Blockchain. This results in the PII data only being accessible through an encrypted hash and link to it provided in the Blockchain that can only be decrypted by those who have the key. To ensure the data hasn’t been tampered with, the data retrieved via the link would need to provide its own hash that can be compared with the hash in the blockchain. If the two match, the data has not been modified. This is GDPR compliant because all of the data off-chain can be deleted thus making the hash/link in the blockchain useless. However, the blockchain is then reduced to an access control mechanism to data that remains centrally owned and located rather than a decentralized encrypted transparent immutable replicated ledger of actual data that is owned by everyone.

This results in the following:

The goal of GPDR is to give citizens back the control of their personal data, whilst imposing strict rules on those hosting and processing this data, anywhere in the world. Also, one of the things GDPR states is that data should be erasable. Since throwing away your encryption keys is not the same as ‘erasure of data, GDPR prohibits us from storing personal data on a blockchain level. Thereby losing the ability to enhance control of your own personal data.

If you want to learn more about Blockchain, I recommend this handy product manager’s guide and this how blockchain works article.

As you can see, I may have sipped a bit of the Blockchain Kool-aid.

On top of all of those changes, I also finished a side hustle where I completely redesigned a billing system for a friend’s startup.

In the coming months, I’ll be posting more about Blockchain along with some Machine Learning, IoT, as well as other forms of AI from a user and design perspective along with my ever-present posts on the Internet, privacy, security, gaming, and social media. I imagine the various topics will merge at some point down the line. I’m excited to be here in the edge technologies space. It’s exactly what I told my circle of friends I wanted to work on at the turn of the year. Thank you to SAP for making that a reality.

You’ve been data-mined

, , , 0

Yes, you, if you’re on the Internet in any capacity, you’ve been data-mined.  This is especially true if you participate on any social media platforms. While you might have known this already, now you can see it!

Facebook's data-mined categories on me
Facebook’s data-mined categories on me

Here is what Facebook thinks about me based on the data I have posted. Note, none of this data is data I have shared directly with them via any sort of survey or other personal research methodology.

This is all data that has been mined from my profile and posts I have made on the platform.

If you want to find this data out for yourself, log in to Facebook, go here and then expand the “Your Information” accordion heading. At the top you will see two navigation points, the second of which is titled “Your categories” and there you have it in all its glory.

While you’re there, take a moment to adjust your ad settings as well.

As I’ve said in several previous posts on Facebook, you pay for your access with your data. If you have children on Facebook, they do this with their data as well. Data is one of your most precious resources in this day and age. Do what you can to protect it or at least be vigilant about how it’s used and where.

Side note: Never in my life have I ever said anything or done anything with soccer. I have no idea where that came from!

Facebook & Self-Censorship

, , , 0

Salon recently featured an article (Salon.com) about a study (PDF) that reveals how Facebook monitors self-censorship by tracking everytime we type something, even if we decide not to post it. While it is understandable that people are concerned with this tracking of information that we do not share, I believe it is also important for us to understand that Facebook is not a free service. We pay for the opportunity to use this service by providing our precious data. Therefore, it is Facebook’s goal to gather and retain as much data as possible, even if that data is never explicitly shared.

Though I do not agree with their practices, as I am an advocate for the user and users rights when it comes to their data, I do understand them and contend that it is within their right to do this – even if it is an unsavory practice to perform. As a user, your rights and your power lay solely within the choice to use the product. If you want to retain ownership over your data, sharing it on a service where you provide said data for payment of using the service, is likely not the wisest choice. Keep that in mind when you type anything into any text box anywhere on the web, because as this example proves, that data may be saved even if you hit cancel.

Back To Top