LUT University leads a new research project to create knowledge on responsible blockchain service design
Blockchain, the technology enabling for instance the cryptocurrency bitcoin, carries great potential for creating smart services. There are, however, some paradoxes between the General Data Protection Regulation (GDPR) and blockchain technology. New co-creation project at LUT University addresses these issues by creating new knowledge on responsible design of blockchain services.
Blockchain is a shared and synchronized digital database for storing information. The database is not controlled by a single entity but maintained by multiple actors. Once a piece of information is recorded in the blockchain, it cannot be changed or deleted. Therefore, blockchain based digital services help establish transparency, accountability and trust.
However, blockchain services face severe challenges to comply with the GDPR recommendations.
“As per recommendations of the GDPR, there should always be a nominated data controller who the data subjects, like each of us as consumers, could contact and address issues concerning the recorded data. However, as the blockchain is maintained by multiple actors, the allocation of responsibility and accountability is much more complex”, explains Najmul Islam, LUT University’s Associate Professor of Digital Transformation (tenure track).
Another key characteristic of the GDPR is the recommendation for data modification and deletion. “The right to be forgoOen is an example of the key principles in the regulation. Blockchain data, however, cannot be modified or deleted”, Islam elaborates.
Islam leads a recently started a co-creation project BlockValue, funded by Business Finland, that addresses issues on blockchain service design.
“By bringing together expertise from software researchers, service designers, end users and legal experts, we are creating new knowledge on the design of responsible blockchain services”, says Islam.
As an example of the intended outcomes, Islam mentions describing what kind of service architecture is needed for GDPR compliant services.
Business Finland’s Digital Trust Finland program helps Finnish companies to build global business on digital trust and security.
“Sustainable, transparent and secure digital solutions and integrity of data should be researched and developed not only from technology perspective but also from legal and user-centric angles. This is why the LUT driven co-creation project is a valuable addition to the porUolio of digital trust focused innovation projects in Finland”, says Kirsi Kokko, Head of Digital Trust Program at Business Finland.
One of the project’s business partners is Joisto Group Oy, a document storage software developing company with experience on GDPR compliant services. Joisto has developed a blockchain enabled archiving product for the business-to-business (B2B) sector, the Joisto Blockchain Archive.
The product is an archiving solution where fast processing and handling of large amounts of data is required, and where proof of integrity for each archive in the blockchain is provided.
“We have solved the basic problems related to GDPR in the B2B solution in one way. However, in further development, we will focus on bringing consumer solutions to the market, and the GDPR must be considered differently”, says Tommi Hänninen, CEO of Joisto.
When discussing the projects research focus with LUT, Hänninen quickly found a collaborative interface.
“Co-operation with LUT provides us significant and extensive academic research knowledge and skills. We, on the other hand, can give LUT’s research team a concrete use case, against which to test ideas, concepts and theories”, Hänninen concludes.
Najmul Islam, Associate Professor of Digital Transformation at LUT University, Najmul.Islam@lut.fi
Kirsi Kokko, Head of Digital Trust Program, Business Finland, email@example.com
Tommi Hänninen, CEO at Joisto Group Oy, firstname.lastname@example.org