Privacy implications of blockchain systems: a data management perspective

Abstract

PurposePrivacy scholars appear to struggle in conceptualizing blockchain from a privacy perspective: is it a privacy-enhancing mechanism like differential privacy, a privacy-intruding tool like third-party cookies or a technology orthogonal to the issue of privacy? Blockchain does not seem to neatly fit into any of these buckets that we traditionally use to gauge the privacy implications of information technologies. In this article, the authors argue that blockchain transcends the extant conceptualization of privacy because it modifies the nature of data flow upon which the modern concept of privacy is based.Design/methodology/approachThe authors introduce a conceptualization of blockchain as a new mechanism for data management. Then, following this conceptualization, the authors present a functional review of blockchain, summarizing the features it provides for the data it manages. This review sets up the discussion of how blockchain redefines data flow by separating the power of collection, access and query of data to different entities. After illustrating how this change regrounds privacy concerns in a blockchain system, the authors conclude with a discussion of the recommendations for future privacy research on blockchain.FindingsThe authors demonstrate that blockchain, by design, separates three core data-centric operations that are assumed to be inextricably linked in the canonical conceptualization of privacy: the collection, access and query of data. Collection means to capture and then store the data; access means to modify or augment the data and query means the ability to test or verify certain properties of the data (e.g. whether a bank account has a zero balance). Traditionally, any entities that collect data can evidently read, modify or query the same data as they wish. With blockchain, however, an entity that stores the data may not be able to modify the data, yet an entity that cannot even read the data may be able to verify certain properties of the data.Originality/valuePrivacy scholars appear to struggle in conceptualizing blockchain from a privacy perspective: is it a privacy-enhancing mechanism like differential privacy, a privacy-intruding tool like third-party cookies or a technology orthogonal to the issue of privacy? In this article, the authors aim to respond to this important question.