This post intends to give the reader a perspective on how Jolocom brings trusted data sharing to the AGILE IoT Gateway (AGILE is a H2020 project). It should provide essential value to the user, not only but also in context of the internet of things, and not least to benefits from the EU’s General Data Protection Regulation (GDPR).
The original idea of the World Wide Web
To start with, the vision of Jolocom aligns with the original idea of the World Wide Web, which was distributed: everyone would have their own node (e.g. home page), everyone would share their content (e.g. blog posts), and everyone would own their own data. The web consisted of nodes connected through links with no center. Jolocom wants to help reclaiming this vision that everyone owns their own node (digital identity) and that every node can communicate with any other node, with no intermediation (e.g. centralized platform).
The dominating power of a few
Today a handful of companies dominate vast parts of the web’s activities – Facebook for social networking, Google for searching, Paypal for payments or eBay for auctions, Samsung/IBM for IoT – and they actually own the data their users have provided and generated. Ergo these companies have unprecedented insight and power over us. They can influence and nudge us without our knowledge, which gives them not only a huge competitive advantage, but also interferes with fundamental values of society and the right for privacy.
Social Linked Data (Solid) and Blockchain (Ethereum)
Jolocom uses a decentralized software architecture that is very promising. It was initiated by Tim Berners-Lee who invented the web and gave it to us as a gift, free and open source. His new project is called Solid (“social linked data”) and it allows you to own your own data, while also using it with only the applications you want to use. With Solid, you simply store your data in your own Personal Data Store (PDS; in Jolocom’s case: a Solid Server), which is hosted wherever you wish. At the core of Solid is the WebID, which Jolocom integrates with the Ethereum blockchain, to build a self-sovereign digital identity that allows you to represent yourself and to enrich your data with semantic meaning. Besides that and storing data, it also lets other applications ask for your data. Solid authenticates the DApps (Decentralized Applications) through Access Control Lists (ACLs) and if you’ve given access permission to the requester of the data, the Solid server delivers it.
Here’s a concrete example.You might store data from your IoT devices or sensors in your own PDS: the sort of data about yourself that would normally be uploaded directly from your IoT device to a third party. That way if someone built a new DApp, to offer specialized services to people, you could join it by using your WebID. To share information with others (individuals or organisations), you simply give them permission to access the appropriate information in your PDS. The data in your PDS would remain your own, in every sense of the word: fully under your control, stored where you choose, and usable only by an Organization’s WebID that you’ve given permission to.
The fantastic thing about Solid is that it does all this without having to centralize information in hands that we can’t- and too often also should not – fully trust.
General Data Protection Regulation (GDPR)
Users are becoming increasingly aware of the need and importance for strong data rights. Governments are slowly adapting to this, with the upcoming EU General Data Protection Regulation as the first move towards a market in which businesses will have to adapt with new business models and technical infrastructure. With the decentralized web as an answer to these needs, users will be able to use services they want to interact with, data will be stored in their own private location, and they will be able to switch between them. This will allow and encourage for a market with a significantly lowered barrier to innovate, one in which collaboration between players is much favourable over competition. Without the main competitive advantage of data, network effects and vendor lock-in will become virtually obsolete. We help businesses create and participate in collaborative decentralized ecosystems where the value generated by its services benefits the ecosystem as a whole.
GDPR compliance is now mandated by May 2018. This means businesses are now required to show exactly how the data they collect is used and enables them to freely take this data with them to different services.
Social Linked Data with its decentralized architecture has the properties to profoundly enrich trust, data portability, and privacy. At the same time it will step up usability to a whole new level for both the user and service providers, while simultaneously becoming compliant to GDPR.
Author: Joachim Lohkamp, Jolocom