There is no single model for blockchain systems. Unlike the Internet, blockchain has no single set of standards, meaning that the technology can be deployed in an almost infinite variety of configurations. Each project will therefore have to be analysed on its own distinct merits.
Private vs. public blockchains
From a privacy perspective, it matters greatly whether the blockchain is generally accessible or only accessible to parties that are members of a closed group.
For instance, this may influence the assessment of whether data is transferred to countries that do not ensure adequate protection.
On another level, it is possible that each party to the blockchain network only has “access” to part of the information stored via the blockchain.
As each party has its own copy of the entire blockchain, restricted access is achieved via encryption.
Depending on how this is given substance, it may help to ensure compliance with the relevant privacy requirements.
Similar to debates in the cloud industry, blockchain will raise the questions of whether making a copy of a hash in, for example, Singapore means that data has been “transferred” to Singapore for purposes of data protection law. In some sense, data put on a public blockchain is similar to data posted to the public internet.
The reasoning in the CJEU’s Bodil Lindvist case (C 101/01) may apply to the question of transfer.
The CJEU held that it cannot be presumed that the word “transfer”, which is not actually defined in the Directive, was intended to cover the loading by an individual of data onto an Internet page.
There have recently been some experiments made on public blockchains by introducing “off-chain” mechanisms to store the confidential information separately on another system with access control restrictions.
To protect data and manage storage on the blockchain, some solutions use only a hash of personally identifiable information (PII), which serves as a reference point and link to an off-chain PII database.
Storing information “offchain” provides privacy of the transaction details.
The “off-chain” system can be set up to restrict access to the transaction details to authorised parties only.
However, storing information “off-chain” also negates a number of the advantages of using blockchain.
The blockchain can no longer be a single, shared source of truth and in most cases both counterparties will be required to maintain their own records.
Unlike “off-chain”, which generally stores the chosen information on a traditional network, but at the expense of the benefits of using a blockchain, a “sidechain” is a parallel blockchain.
It sits alongside the primary blockchain, serving multiple users and generally persisting permanently.
The degree of confidentiality and privacy provided for transactions that take place on sidechains depends on what technology the sidechain uses.
These sidechains are independent.
If they fail or are hacked, they won’t damage other chains.
So damage will be limited within that chain.
This has allowed people to use sidechains to experiment with pre-release versions of blockchain technologies and sidechains with different permissions to the primary blockchain.
Non-permissioned vs. permissioned blockchains
With non-permissioned blockchain applications, all parties are in principle free to add information to the blockchain.
With permissioned blockchain, on the other hand, access is restricted.
In this way, trusted intermediaries are reintroduced into the system, which impacts the allocation of control over it.
The party that determines the means and the purposes for the processing should ensure that the privacy rules are taken into account, meaning the choice between non-permissioned and permissioned control also influences which parties should comply with what privacy requirements.
Hyperledger is a hub for open industrial blockchain development; it is not a company, a cryptocurrency, or a blockchain.
Hyperledger provides technical knowledge, software frameworks and contacts to industries and developers.
The platform aims to “create an enterprise-grade, open source distributed ledger framework and code base” as well as creating, promoting and maintaining an open infrastructure.
Hyperledger incubates and promotes a range of business blockchain technologies, including distributed ledger frameworks, smart contract engines, client libraries, graphical interfaces, utility libraries and sample applications.
One of the distributed frameworks is called Hyperledger Fabric (“HLF”), which is an open-source project within the Hyperledger umbrella project.
HLF is a modular, general-purpose, permissioned blockchain system, which can also be seen as a distributed operating system for permissioned blockchains. (Source: www.hyperledger.org)
R3 is the largest consortium of global financial institutions working on developing commercial applications for the distributed ledger technology.
R3 has its own proprietary ledger that can be used to develop applications, and it also supports an infrastructure network for financial services firms and technology companies wanting to build their own ledger-based applications and services.
The blockchain technology that R3 is currently developing is a distributed ledger platform designed specifically for financial services, called Corda.
The Corda network is permissioned, with access controlled by a doorman.
Communication between nodes is point-to-point, instead of relying on global broadcasts.
Each network has a doorman service that enforces rules regarding the information that nodes must provide and the know-your-customer processes that they must complete before being admitted to the network.
Zero knowledge proofs
A zero knowledge proof (“ZKP”) is a cryptographic technique which allows two parties (a prover and a verifier) to prove that a proposition is true, without revealing any information about that thing apart from it being true.
A zk-SNARK (zero-knowledge Succinct Non-Interactive Arguments of Knowledge) is a ZKP that proves some computation fact about data without actually revealing the data.
Zk-SNARKS are the underlying cryptographic tool used for verifying transactions in Zcash.
This is done while still protecting users’ privacy.
Zcash can be described as an encrypted open, permissionless, replicated ledger.
It is a cryptographic protocol for putting private data on a public blockchain. Zcash uses zk-SNARKS to encrypt all of the data and only gives decryption keys to authorised parties.
Previously this could not be done on a public blockchain because if everything was encrypted it would prevent miners from checking to see if transactions were valid.
However ZKPs made this possible by allowing the creator of a transaction to make a proof that the transaction is true without revealing the sender’s address, the receiver’s address and the transaction amount.
ZKPs and blockchains complement each other – a blockchain is used to make sure the entire network can agree on some state that may or may not be encrypted, whereas ZKPs allow you to be certain about some properties in that state.
For more news and analysis that is tailored to you, as well as access to Hogan Lovells' cutting-edge interactive Lawtech tools, register for free on Engage.