Building upon the California Consumer Privacy Act (CCPA), on November 3, 2020, Californians voted to approve Proposition 24: the California Privacy Rights Act (CPRA). The CPRA does not replace the CCPA but rather adds to and modifies the language of the CCPA to strengthen consumer privacy rights and perhaps, in the future, form a basis for General Data Protection Regulation (GDPR) data transfer adequacy. While the CPRA is a landmark legislative accomplishment for privacy rights, it creates new problems for blockchain-based technologies, particularly those provisions regarding the right of correction and principles of data minimization and storage limitation.
A blockchain is meant to be a permanent and immutable ledger of data. Thus, by its very design, it stands in conflict with laws that require the deletion or altering of data. Starting with a traditional blockchain architecture, a blockchain is a distributed ledger that is stored by all participants, often called nodes, in a network. Every transaction is processed at every node in the network, thereby eliminating the need for a central authority. This ledger records each transaction, and the information associated with each transaction in blocks of information, such that whenever a new transaction occurs, and is validated by a majority of the nodes, a new block is added to the chain and replicated at every node. In this manner, the chain has every block strung together from the first block to the most recent.
The New Right of Correction vs. the Old Right of Deletion
Residents of California enjoyed a right of deletion under the CCPA which required businesses to honor citizens requests for their private information to be deleted. The CPRA builds off that right and now gives consumers the right of correction, which allows consumers to request rectification of their private information. However, this presents a unique problem for blockchain-based technologies, which were already having difficulty complying with the CCPA’s right of deletion.
Compliance difficulties for blockchain technologies are a result of the system’s core architecture. By design, a blockchain is resistant to modification of its data. This is because once recorded, the data in any given block cannot be altered retroactively without alteration of all subsequent blocks. There were several less-than-ideal solutions to this problem, such as deletion of the private key, the encryption of payload data, etc.—all of which are inefficient erasure techniques that render information inaccessible, but increase storage requirements.
Unfortunately, these data erasure solutions are no longer viable under the CPRA because they provide no way for information to be modified. It is unclear if traditional on-chain storage blockchain models can ever be compliant with the CPRA in its current form. Instead, these models may have to shift to an off-chain storage architecture, discussed more below.
Data Minimization and Storage Limitation Requirements
In addition to the right of correction, the CPRA added the principles of data minimization and storage limitation to the CCPA.
The data minimization principle states that a business’s collection, use, sharing and retention of consumer private information must be “reasonably necessary and proportionate” to achieve the purposes for which the private information was collected. Blockchain technologies may be unable to comply with this principle because they typically have a plurality of nodes, each of which stores the entire blockchain. The automatic replication of blocks containing personal information across all nodes is a further sharing of private information that likely is not necessary to achieve the purpose for which the private information was collected (be it a specific financial transaction, degree verification, etc.). Said differently, the sharing of the private information is necessary at least once for verification purposes, but the continued replication of this data across all nodes is not.
The CPRA also added another principle from the GDPR, the storage limitation principle. The storage limitation principle prevents businesses, from retaining private information for longer than is reasonably necessary to accomplish the disclosed purpose for which the private information was collected. However, traditional blockchain technologies, which are meant to be permanent and immutable ledgers, typically cannot be compliant with this principle because, by design, they retain every block of information added to the chain.
A Potential Path Forward: Going Off (the)Chain
The CPRA gives citizens greater control over their private information and is a step in the right direction for consumer privacy rights. However, blockchain is an important tool for data security. As such, it is important to try to find a way for them to coexist. One possible solution is to an off-chain model. Since a traditional (on-chain) blockchain strings together every block that is added to the chain, the problem of scalability arises—as the chain size increases problems arise with storage size and costs, transaction speed, etc. In order to address this problem, off-chain designs were created. An off-chain system still maintains a digital ledger in the form of a blockchain but can have the storage, the computational aspect, or both in a hybridized model, off-chain. As an example, an off-chain storage model with on-chain computation generally works by storing the bulk of the information off-chain in a third-party storage node. The location of this data and its hash are retained on the blockchain. The hash acts as a fingerprint (a unique identifier of the data), or evidence of the data that is stored on the third-party storage node. When the data is requested, the hash is verified to ensure the data has not been changed or modified then the data can be distributed. This provides numerous benefits, such as increased transaction speed, lessened node storage requirements, and reduced transaction costs.
However, since off-chain storage models use third-party storage nodes, off-chain models could potentially provide a solution to these new issues created by the CPRA. Private information can be deleted or modified because it is not stored directly on the chain and therefore does not require modification of the entire chain to change information associated with one block. Instead, the information stored on the third-party node is modified and the hash is changed to reflect the modification. Additionally, under an off-chain model, data is not replicated across every node because not every node is a storage node.
However, these benefits do come at a cost: reduced information durability due to the introduction of a third-party node for storage, verification, or both, depending on the system architecture. For example, in an off-chain storage blockchain, the hash or data fingerprint, can show if the data retrieved from the third party has been altered; however, it cannot prevent it. It is merely an indicator. In contrast, if the data is stored on-chain, durability is guaranteed because the information is replicated across every node. This durability and the lack of a need for a central trusted authority provide a strong basis for ensuring that on-chain storage blockchain models continue to have a place in the consumer landscape, too. Thus, rather than abandoning on-chain storage models in favor of off-chain ones, the best solution may be to advocate for modifications to the CPRA that allow for both to exist.