To many privacy professionals, a "user-centered internet for individuals" would only exist in a perfect utopian world. Yet, as the blockchain ecosystem matures, individual control, trust, and security are consistent themes that blockchain and cryptocurrency platforms are attempting to tackle. In the not too distant future, a cryptographically secured digital identity may allow us to "trustlessly" complete transactions that would have previously required the exchange of personal data and layers of verification.
The development of web protocols, such as HTTP (data communication) and SMTP (email), transformed the world. However, even in 1996, Tim Berners-Lee, the father of the World Wide Web, foresaw some of the security and privacy concerns that exist today.
Fast forward more than 20 years, and there are many companies with vast silos of personal data connected to the internet and susceptible to misuse by malicious parties. Tech companies that have an incentive to view personal data as gold have great influence in the development of internet infrastructure, arguably at the expense of the individual. Additionally, although website and app development have changed dramatically since the creation of the internet, the web protocols layers have remained mostly the same.
What makes blockchain and cryptocurrency platforms different from the internet now?
Cryptocurrency and blockchain platforms are attempting to become the decentralized protocols of the next iteration of the internet, "web 3.0." Unlike early web protocols, which are generally maintained by developers at no cost (or by big tech companies), decentralized protocol layer creators are incentivized to maintain and enhance these protocols. This is great for the web 3.0 individual user, whose incentives are more aligned with the developers than the website or application owner.
The web 3.0 is about “multiple profit centers sharing value across an open network.” Instead of being the “product,” as users are often with social media and other web 2.0 platforms, individuals will once again become the customers.
Decentralization of file storage
In the current World Wide Web, massive companies (e.g., Google) running applications store and control user data on their own centralized servers and databases. Even if user data is not monetized and sold to third parties, it is possible that the servers and databases can be breached. Rather than storing data in centralized databases, in the web 3.0, all user data is stored in secure and decentralized data storage protocols.
The decentralization of data and file storage has important implications for data ownership—no longer is personal information stored in large data centers and databases owned by tech companies. Instead, all applications, users, and connected devices interact directly, and personal data is not controlled by a single company. Significantly, this would likely lead to a dramatic decrease in personal data breaches.
Removal of middlemen
Public blockchains, such as Ethereum, provide a trust-less platform that is attractive to companies aiming to remove the middlemen from the equation and allow individuals to interact directly. In the web 3.0, Apple and Google would no longer have control over user information, preventing malicious parties from using this personal data. Additionally, governments would no longer have the ability to take down websites and applications at their convenience.
A self-sovereign identity may one day allow users to verify their identity on an application (e.g., bank service, credit service, etc.) without having to provide personal information to a middleman for verification. So, rather than giving a bank or landlord access to your credit history to prove income, you can use a blockchain-based ID to give them this information.
Promise of a self-sovereign identity
The cryptocurrency platform Ethereum has become the front-runner to power web 3.0 decentralized applications. ConsenSys, a well-known blockchain startup, has built a decentralized identity application, uPort. Using the security and interoperability of Ethereum through the use of a public key, uPort allows apps and users to privately exchange information.
The uPort team is working with the city of Zug, Switzerland to issue residents’ IDs on the blockchain to access government services, such as online voting and proof of residency. Aside from using the blockchain for government services, Paul Kohlhaas, a manager at ConsenSys views the “blockchain [as] a fundamental tool to bring sovereignty of the internet and data commons back to its users.”
Decentralized web 3.0 and data privacy regulation
While blockchain technology may give internet users more control, the platforms, protocols, and decentralized applications that process personal data may have difficulty navigating the regulatory landscape. For instance, some issues may be difficult to reconcile, which include:
- Determining the controller/processor,
- Ascertaining the location and jurisdiction of decentralized data,
- The ability to respond to subject access requests, and
- Deleting or changing personal information on the blockchain.
Without a centralized entity collecting and processing personal data, the current regulatory privacy framework may not be sufficient for the web 3.0. However, the most significant hurdle will likely be making decentralized applications and platforms more user-friendly and convenient for the average user.
The author would like to thank Adam Stone for his assistance in editing this piece.