GDPR compliant Data Protocols

Jude (product manager and one of the core developers) recently mentioned working on the GDPR compliant data protocols. Could you tell us a bit more about that?

Sure. Blockchain enables innovative solutions to GDPR related problems such as data privacy and permission level protocols to ensure compliance. However, certain experts have stated that GDPR and blockchain form a paradox in which security and privacy of the data is uncertain or even compromised when a public ledger comes into the picture. Our solution to this, which we originally outlined in the development paper, is the ATDM (APEX Transactional Data Management) System. This involves storing “transactional data”, which refers to the data of the consumer/user, in off chain nodes that run parallel to the APEX Network blockchain while logging the cooperation between parties on chain to ensure accountability. These are what we have referred to as Data Cloud Nodes. The ATDM runs on the APEX VM (our virtual machine, or smart contract system). However, ATDM functions like a program or smart contract itself that would require oracle like data connectors to connect to the relevant data points off chain.

Ok, so the data of stored off of the actual blockchain on data nodes and not directly on the public ledger. What makes the ATDM different from a typical decentralized cloud like storage solution, though?

Since the ATDM protocol is smart contract based, it is predefined with a set of non alterable rules. Since that is the case, it makes a good argument that implementation of this protocol can be used to enforce GDPR rules. The legal implications of this protocol and its effectiveness in each legal jurisdiction may vary, though it is a significant upgrade from an opaque enforcement process that is hard to audit.

Sounds good, but — there’s always a but. In your words — why do we need this storage solution when there are trillion dollar companies who are running huge centralized storage solutions collecting user data from all of us already?

Hah — well that’s exactly why we need this actually. The 21st century digital economy is transforming society and business right before our eyes. There has been a ubiquitous saying that “data is the new oil” of the 21st century, driven by a proliferation of data and AI. In an increasingly tech-driven landscape, a phenomenon that goes hand in hand with this trend is also the concept of a “winner take all” economy. An easy example if you look at companies like Google and Amazon that use economies of scale and the internet to become near monopolies. In this type of environment mainly the tech monopolies and their associates benefit, leaving the working-class behind, unable to capitalize from the value of data (especially their own data) and AI. We will see a trend of consumers demanding to take control of their own data and reap the value from it — this trend is not exactly what GDPR is trying to achieve, but it is a “problem” that fits in the same bucket.

Thanks Jimmy. Yeah, a large part of our existing community would agree with you there, we have had discussions about privacy and data monopolies in the past. Now, there’s a long way to go from thinking about the solution to actually implementing it. How far have you guys actually come?

We have actually already implemented prototypes in two of the pilots and are currently testing the system for robustness. We are still trying to perfect the off chain data connection aspect. The problem we are working on currently is how to ensure maximum privacy while at the same time maintaining the performance needed for enterprise level applications.

Ok, good to know that it’s currently being tested, means it’s gone beyond the pure “thought” stage so to speak. In the past there was talks of integrating blockchain services with existing APEX Technologies products, is this still on the table?

Yeah definitely. The general technical route is clear, but we are working on improving some aspects as I mentioned above. This development cycle will take another couple of months, but we expect to roll this out as a part of the APEX SDK for our enterprise client base by March 2020 enabling them to experiment with the protocol, and it will also be available to be a part of / plugged into NEXUS. Considering the synergistic effects with our CDP products, completion of this module will make APEX Network one of a few real, commercially viable public chain projects.

Good stuff, looking forward to that! You mentioned the off chain aspect and the data nodes running parallell to the blockchain. They are however smart contract based, and will be communicating with the blockchain. How does this impact upgradability — can features be expanded, or will it be static once launched?

Good question. Since how we fetch the data from off chain sources can be abstracted from the APEX VM and the rest of the blockchain, updates to the Data Cloud nodes will not necessarily require a hardfork. We will try to ensure that the on chain portion is ready ASAP — the bulk of the logic is off chain for this module, and that is a benefit to implementation flexibility.