IOTA – Where is the data – Who owns the data?
At Hannover Messe 2018 (Hanover Fair 2018, HMI18) we, the team from the Fujitsu Industrie 4.0 Competence Center, were able to successfully demonstrate an audit trail using the IOTA tangle for the first time. This showcase was very well received and it ranked among the top list of videos dealing with HMI 2018 topics.
I experienced the high level of interest in IOTA at the Fujitsu booth for myself, witnessing how people were eager to learn about the opportunities for usage beyond cryptocurrency in the form of a distributed ledger platform that can safely store audit trail transactions across multiple organizations, companies, product owners etc. in comparison with a traditional database based solution bound to a single organization.
However, there was one question that popped up very often that made me stop and think and that is also the reason why I am writing this blog entry: Where is the data stored?
The background of this question is the concern expressed by many companies that they need to follow a lot of regulations regarding data storage. For example a company could be obliged to store certain data within the country where it operates. A GDPR regulation could also force that same company to delete personal data on request in order to preserve the right to be forgotten.
All of these requirements somehow contradict the idea of an immutable distributed ledger platform that might be shared globally (and with good reason). But what if we could open up a whole new perspective in relation to this question? Let’s instead deal with a different issue: who owns the data?
In traditional IT environments personal data is stored and managed by organizations in such a way that individuals have no ability to control it, eventually leading to the host of regulations that companies are currently facing. But how would the situation change if an application existed that would store personal data in a distributed ledger platform like IOTA under the full control and ownership of the individual person? Could such a scenario change the way we address the deeper motivation behind those data protection rules and solve the supposed contradiction between applicable laws and distributed ledger technology?
You could take this discussion one step further in the direction of machine data. What would be the prospect of having machines own their data across their lifecycle, independently of the individual owner? Of course we all know that, from a legal perspective, it is not currently possible today for a machine to be the real owner of its data, but the concept remains interesting and could open up new opportunities for a concept where at least the data is permanently linked to a machine, irrespective of its current owner. All this could be possible with a distributed ledger platform but the key requirement is that we also need to change the way we look at these new technologies.