Data Protection Restrictions Pose Challenges To Blockchain Startups In Green Energy

By Rishma Banerjee

Blockchain is getting more and more use cases with every passing day, and one industry, where blockchain has made a huge impact is in renewable energy. Through startups like WePower and Poweledger, consumers are able to get access to cheaper energy by connecting directly with renewable energy producers, who sell energy directly through tokenized energy auctions.

These blockchain companies have also partnered with Silicon Valley Power to track the solar energy production and use in Santa Clara parking garages and tokenize the use of the energy in the garage’s electric vehicle (EV) charging stations. These stations plan to sell EV tax credits to fossil fuel producers as an incentive to lower their carbon emissions and promote cleaner energy usage.

All of these initiatives require huge amounts of data collection, which is not uncommon in today’s world of SaaS-based products and social media platforms. However, data privacy a massive challenge that blockchain companies like WePower and Power Ledger will have to deal with is data privacy, and reconciling with the fact that one of the technologies primary value propositions (the ability to create a permanent record of information stored on the ledger) is fundamentally incompatible with new EU and American (particularly California) regulations that grant consumers of technology platforms the “right to be forgotten.”

General Data Protection Regulation and the California Consumer Privacy Act

With the implantation of the General Data Protection Regulation (GDPR) in May 2018, The European Union is spearheading much of the world’s regulations around this concept of the right to be forgotten.

California’s own law; the California Consumer Privacy Act (CCPA) is set to go into effect in 2020.

The fact that the state of California has already passed this law presents a big challenge for Blockchain energy companies that favor California due to its status as not only the fifth largest economy in the world, and its focus on adopting lean energy solutions such as wind and solar.

According the CCPA: 

“Any for-profit company, regardless of location, that collects the personal information of California residents is required to comply with CCPA if that company satisfies one of the following criteria: (1) has annual gross revenues in excess of $25,000,000 as adjusted, (2) annually buys, receives, sells, or shares for commercial purposes the personal information of 50,000 or more consumers, households, or devices or (3) derives 50 percent or more of its revenues from selling consumers’ personal information.”

The Silicon Valley Power project operates by collecting and storing data from transactions made at electric vehicle charging stations in order to count low carbon fuel standard (LCFS) credits. Based on the laws outlined by the CCPA, the project may have to start deleting that data in 2020.

Perhaps the only way forward for blockchain projects that require data collection is to develop rules that allow users to allow only the most relevant parts of their data to be made available to businesses, while the rest is kept anonymous. For example, the only relevant information a gambling company would need from a user would be their age and what country they reside in. When registering for the service, users would be able to anonymize everything else about them.

In addition to this, service providers that require KYC compliance could benefit by purchasing “access rights” to the encrypted references to users data. This is otherwise known as an attestation, which is simply a reference to a person’s data on the blockchain that can be used to verify relevant truths about the person without ever seeing their full details.

Instead of a financial service provider requiring a user to enter their name, social security number, or other pieces of sensitive information, they could simply purchase the rights to the encrypted version of that information from a bank or government agency that has gone through the process of validating that the encrypted data contains accurate information about the person signing up to the financial service.

The service can then answer questions as to whether the person is over 21, or whether they have a healthy credit score simply by getting confirmation from the validators of the real data, rather than looking into the specifics of the users personal data themselves.

In the case of Silicon Valley Power, the team would have to develop a way to link clean energy transaction history to the vehicles themselves, as opposed to their owners. That way, the data stored on the blockchain would be nothing more than the vehicle’s serial number.

Then if the vehicle owners wanted to claim credits, they could sign in anonymously and provide some type of “proof of ownership” for the vehicle to a Bank or California Government agency. The agency would then be able to validate that the user is the owner of the vehicle, and could share that information with Silicon Valley Power, who would then grant the anonymous user (represented only by a series of numbers) access to the credits.

This is just one example of how information can be exchanged between entities without needing a full picture of who the user is.

What is important is that regulators must remain flexible and educated about the capabilities of emerging technologies like blockchain. Without a nuanced understanding of the innovation, regulators may feel as though they are faced with the difficult choice of deciding whether to purposely violate the data protection of citizens, or enable technologies that will promote the use of renewable energy and save the environment.

A more sophisticated understanding of blockchain technology allows one to see that the decision doesn’t have to be so black and white.

By allowing users themselves to establish access rights to all or certain parts of their data,  employing the use of encryptions, and by working with third-party validators (such as banks or government agencies) companies like WePower and PowerLedger could execute their goals to develop renewable energy marketplaces while also remaining compliant with the reasonable and highly warranted policies outlined by the CCPA and GDPR.