Today Fujitsu Laboratories announced a new product called ‘ChainedLineage’. If data comes from external sources, that doesn’t excuse a company from complying with privacy regulations like GDPR. The Fujitsu blockchain extension tracks the provenance history of data collected from multiple companies or individuals, including consent.
Historically data was processed and analyzed within single companies. But using API’s and blockchain changes that. To ensure data is reliable, it’s necessary to know whether it has been processed or analyzed and in what ways. In addition, there’s a need to understand the original data that was used and its source.
For example, if the use, content, or destination of data is changed, it may be necessary to get additional consent from the person providing the data. This depends on the regulations in each country.
A couple of weeks ago many were shocked to discover that Google had bought data from Mastercard. Moreover, they combined it with other data to report the effectiveness of adverts to their clients.
How it works
Fujitsu treats the data as a transaction and stores a hashed value or fingerprint on the blockchain. When a company receives data from another company it can check the hash to ensure it’s exactly the same. This provides traceability and detects if the data has been changed.
Secondly Fujitsu has a data exchange platform that grants access rights after confirming consent. If requests include demographic information such as age or sex, it’s possible to collect batches of information from people who have already provided permission to use their data.
The company plans to field test the technology this year and commercialize it in 2019.
Self sovereign identity
The Fujitsu technology helps corporates to ensure compliance with GDPR and Japan’s Protection of Personal Information. However, it still appears to assume that data can be harvested in bulk and stored centrally. In some ways it uses a new technology but thinks about the problem in the conventional way.
Whereas blockchain offers the promise of self sovereign identity where the data is not fully revealed. Companies can still get answers to the questions they need without individuals giving up their privacy.
