Blockchain’s Impact on Platform Data Security

The platform business model has become a dominant force in today’s economy, as companies like Uber, eBay and Airbnb have disrupted their respective industries through eliminating barriers to entry and increasing ease of transactions.  Platforms have certainly added value and efficiency to their markets by empowering previously untapped populations of suppliers and facilitating interactions. However, one major flaw of these intermediaries is their failure to protect users’ private data.


Significant data breaches have become almost commonplace over the last few years, and several major platform businesses, including the likes of Facebook and Uber, have compromised massive amounts of personal information.  This past September, the New York Times reported that Facebook suffered an attack on its computer network that exposed the private data of nearly 50 million user accounts.  News of this breach broke on the heels of last year’s disturbing discovery that Cambridge Analytica had harvested the personal information of millions of people’s Facebook profiles without their consent and used it for political purposes.  As NPR reports, Uber spent $148 million trying to cover-up a 2016 data breach that gave hackers the private information of 57 million individuals, including 600,000 drivers-licenses, representing another egregious mishandling of user data on the part of platform businesses.


Due to the scope and frequency of these data breaches, consumers have begun to demonstrate more distrust towards companies that request access to their personal information.  A 2017 Pew survey found that 64 percent of Americans personally experienced a major data breach and just 25 percent believed businesses handle their sensitive information responsibly.  Pressure for legislative action has mounted in response to these fears, as several states have passed laws such as California’s Consumer Privacy Act, which mandates companies to inform consumers of what data they collect and who they share it with.  Still, however, the federal government has not passed any significant consumer protection bills to establish privacy rights and penalize data misuse.  Furthermore, people appear to continue using platforms even after these data breaches occur, as over 60 percent of respondents to a Hubspot survey following Facebook’s most recent breach claimed they would continue using the service as usual.


Although there appears to be limited incentive for platforms to improve their data privacy standards, the rise of secure blockchain-based applications as an alternative to existing intermediaries could provide the necessary motivation.  Blockchain technology allows for peer-to-peer interactions that are recorded on a decentralized, immutable public ledger.  Distributed or Decentralized Apps (“Dapps”) leverage this technology to create a platform interface that directly connects service providers and consumers without the governance of a centralized authority.  Unlike Uber or Airbnb, no singular third-party entity is necessary to establish trust in the purchases that occur on platform because blockchain technology utilizes advanced computing protocols to enforce contracts and maintain a record of transactions.  As a result, Dapps provide a similar function to existing intermediaries. In fact, their decentralized nature ensures a far less risk of compromising users’ private information.


Confidentiality of participant data is central to blockchain technology.  Although all agreements are filed in a public ledger, the records only refer to participants using their public key, which keeps their true identities confidential.  The smart contracts that govern interactions are also encrypted so they can be executed without revealing their underlying substantive information.  Blockchain networks are also far less susceptible to attack than the systems platform that businesses use to upload and process their users’ data.  For Dapps, there is no central point of attack for hackers to target since records are decentralized, and it is virtually impossible for anyone to modify or falsify transactions due to the complex computing processes used to construct the ledger.  Dapps’ lack of centralized control also ensures no underlying incentive to collect and share users’ private information with third parties, which is a legitimate concern given the actions of some of today’s most successful platform businesses.


Developers are already creating Dapps to rival traditional platform businesses.  As the Foundation for Economic Education reports, a blockchain based ride-sharing application called Arcade City launched to compete with Uber and Lyft in 2016 and has since expanded to 27 U.S. cities and over 155 countries. Beenest, Airbnb’s blockchain counterpart, was founded in 2018 and undercuts its main competitor’s commission prices on user transactions.


While these interfaces benefit from a lack of central authority with regards to protecting data, there are certainly disadvantages to decentralized platforms.  For instance, Dapps will struggle to limit the influence of bad actors who will be difficult to monitor given the encrypted nature of blockchain technology.  Accumulating vast amounts of personal data on users also allows platforms to enhance their curation algorithms, and Dapps will not be able to leverage this useful information.  Furthermore, decentralization often allows suppliers to set their own rates and accept various forms of payment which benefits them but may complicate the interface for consumers.


Even so, Dapps still pose a credible threat to platforms due to consumers’ growing concerns about their data privacy.  It is clear that many individuals have lost confidence in businesses that accumulate private information including many of today’s most influential platforms.  While many have continued to participate in these platforms despite data breaches, Dapps offer secure and functional alternatives that will likely attract portions of the user base.  As a result, these intermediaries will need to re-asses their data protection strategies in order to compete with blockchain technology’s superior data security.  Platforms may not be able to prevent 100 percent of data breaches, but they can improve the transparency with which they handle private information to foster more consumer trust.  Businesses can self-impose regulations like those specified in the California Consumer Protection Act which ensures the consumers receive full information about what data is collected and with whom the information is shared.  Instead of forcing users to concede permission to all of their information in order to access the interface, platforms can allow users to opt-in or out to specific parts of the agreement to accommodate individuals who care more about privacy.  Regardless of what specific actions platforms decide to take, the emergence of Dapps as competitors clearly raises the stakes for preventing another major data breach headline.