Every time we register for any internet service we sign a rarely-read contract giving permission for our digital identity to be supervised and analyzed, handing over our data and allowing it to be used practically without constraint. The problem is obvious. We accept certain services without taking into account the use of our personal data or, what comes to the same thing, without asking ourselves where this data is being stored, who has access to it and what it will be used for.

To look at this problem the Polytechnic University of Valencia (Universitat Politècnica de València: UPV) has put on a conference focusing on privacy, data protection and cybersecurity. Two top experts in this matter took part in this event, namely Ricard Martínez, Director of the Digital Transformation and Privacy Chair of Valencia University, and Carlos Sahuquillo, GMV’s Cybersecurity Consultant.

Among other issues Ricard Martínez looked at how we are affected by the Europe-wide General Data Protection Regulation (GDPR) and its consequences for the development of personal-data processing algorithms. His speech stressed the importance of design-up protection, highlighting some glaring privacy faults in the design stage, mainly to do with social media.

Carlos Sahuquillo then took up the cue to put forward the case of car satnavs as another obvious example of how privacy and security are all too often overlooked in the design and set-up phases. In these situations measures are not normally taken until a vulnerability- or legal-problem crops up. Car satnavs, in particular are not GDPR-compliant since they do not eliminate phonebook data and messages received from Bluetooth-enabled handhelds.

Sahuquillo also explained what Blockchain is and how a digital identity network could be created with this technology to access all the services that need our data without necessarily needing to sign up first. This would involve a sort of shared digital-data repository based on Blockchain technology, so we could then ensure the traceability, integrity and confidentiality of all stored data.

After both speeches the conference wound up by discussing whether Sahuquillo’s proposed network could be GDPR-compliant and what GDPR tweaks might be needed to ensure Blockchain meets all current requirements. For example, by Blockchain’s very nature, this idea would not comply with the GDPR’s “right to be forgotten”.