More than a year has passed since the General Data Protection Regulation (GDPR) entered into force in Europe. Meanwhile, cyber-attacks putting personal data at risk continue to be a concern. How to protect personal data, and how Europe can commercially exploit and be at the forefront of this new field, remain open questions.
Recently, we met Christian Junger, co-founder and CEO of MADANA - an innovative European startup that makes use of GDPR-compliant and distributed-ledger technologies to develop new business models - to discuss where Europe is going and what issues it is likely to face in the near future.
Tell us about MADANA. What made you decide to found the company, and what is the philosophy behind it?
I have a longstanding interest in distributed ledger technologies (the concept behind blockchain systems), and during my studies at the RWTH Aachen University I co-founded one of Germany’s first bitcoin and blockchain meet-up groups, to further explore their exciting potential. Whilst blockchain is a truly revolutionary concept, in my view it is just that – a concept and not a stand-alone technology with direct use cases. Blockchain should rather be used and implemented as backbone technology in different infrastructures.
In Aachen, the idea behind MADANA – Market for Data Analysis – was born. MADANA aims to give back control of data to data producers whilst providing a secured and GDPR-compliant data transmission system.
So, you mean that the aim is to help people retain control over their data, and to provide a viable commercial product that nevertheless keeps data secure: how exactly do you do that?
The analysis process matches encrypted datasets with encrypted algorithms. The analysis takes place within a trusted execution environment (TEE), which is a standard part of hardware chips present in all technological devices. It is mathematically proven that no party can take a look inside, and hence tamper with, the analysis process. All of this is made possible through the combination of our three main technological components: asymmetrical encryption, trusted execution environments and blockchain technology. In turn, our technological approach involves three groups of participants:
- data producers (end consumers, devices, machines, etc.)
- data analysis buyers (individuals, companies, institutions)
- what we call the plug-in providers, who want access to the data for further analytic purposes (data scientists, analytics companies, etc.).
The whole process is initiated when the data analysis buyer sends a request with a concrete offer for the insights that they need. This request alerts the data producers holding the required data and asks their consent to lend the data for analysis purposes.
Once consent is given, the data, encrypted by the data owner with a specific private key, is transferred into our APE (Analysis Processing Entity) and matched with the algorithms from the plug-In providers.
The matching, decryption and processing of data and the analytics scripts happen in a one-time set up enclave within TEEs – the tamper-proof environments I mentioned earlier. Once the analysis is complete, the whole enclave, including the raw data and analytics scripts, is destroyed. Only the insights, also in this case encrypted with the key of the buyer, are released to the buyer.
Our technology can connect to any data silo, such as edge and cloud computing, or any kind of existing server. What we do is that on a metadata level we create “ontologies”, which allow the plug-in providers to create algorithms. The algorithms, in turn, are used within our system to run secured analysis on encrypted data, without any need to access the raw data itself.
Blockchain is used to ensure the securisation and encryption of most of the technical aspects , such as logging of processes, attestations of TEEs and more. However, we have an incentive aspect for the data producers, MADANA PAX, a cryptocurrency that we offer to data producers as a further secure method for financial transactions in our model.
Personal data protection and proper reuse of data for businesses are at the core of the development of a digital single market. How can we make sure Europeans and European businesses have the confidence to invest in new technologies, expanding their uses in data-hungry fields like Internet of Things, connected cars, eGovernment and eHealth, knowing that their data will be kept safe?
I believe that any company that deals with data needs to keep three priorities in mind:
- Ensuring that the owners and producers of data retain control of it
- Implementing systems for secure data analysis that are based on complete trust and without fraudulent loopholes
- Creating fair and incentive-based digital economic spaces, which will in turn encourage customers to happily provide their data.
What we offer at MADANA encompasses all of these points and is applicable within a wide ranging set of industries. To see how it works, imagine the following scenario: a drug research laboratory needs sensitive research data from a competitor in order to make a breakthrough, using the data with an algorithm that they would openly disclose, which would be run within the MADANA system. Now, the competing company can rest assured that their research data would be used for this purpose alone, as the raw data set would not be transmitted. The competing company could charge a fee for the specific insights generated by the analysis, and monetise data previously considered too sensitive to sell.
What about the GDPR? Is it a step in the right direction towards a proper data management market?
One of the key concerns for any company operating today is how to meet the requirements of the GDPR. MADANA does so by not storing customer data, and releasing only the results of the analysis to the buyer. The raw data is destroyed, once it has been used for analysis.
The concept of “privacy by design” plays a huge role at MADANA, thus we have created a decentralized system with consent management. These patented analysis processes secure a just one-time analysis on the provided data and make sure that the data can’t be breached, leaked and resold behind the users back. The Right to Access is at all times provided since the data producer is at all times in control of his or her own data.
Because the data producer’s data is only being “rented” for an analysis and then deleted after the analysis is done, the Right to be Forgotten is achieved.
That said, while the GDPR was a great first step, a lot of work remains to be done in order to create a digital data market in Europe that is secure against data breaches. In our opinion, Brussels needs to put more focus and effort into privacy preserving technologies or, as we at MADANA call it – PrivTech!
Perhaps we may need more regulation on data, but investment in enhancing the secure data infrastructure industry cannot be neglected. I feel that it is far too hard to receive funding for deep tech startups in this field. Data privacy and transparency are key values for which Europe is known; we should play to our strengths and collaboratively push PrivTech forward. A crazy future filled with drones and robots is before us, and other world regions are already ahead of us in many technological fields, so we need to remember what we stand for and start protecting our data and privacy now. This is why MADANA sees itself as a secure bridge and gatekeeper of European data.
Cybersecurity is of great concern in many sectors, not just tech companies but also service providers, manufacturing industries, and governments. How do you see this major challenge for Europe at MADANA?
As privacy is our core business, we see cybersecurity challenges as opportunities. PrivTech is a whole new industry that is currently emerging within the big data and data analytics market, and it is in my opinion the only way for the success of future tech companies in Europe. Nevertheless, we have to change the old-fashioned mindset within our political system and start investing today into our tomorrow. We need real technical solutions which mathematically prove and promise data privacy: there can be no room for legal or technical loopholes. The EU and Europe as a whole need to invest more into technological approaches, such as MADANA. Only this way we will finally be able to put a stop to breaches of Europeans’ data.
Christian Junger is the CEO and Co-Founder of the German blockchain start-up MADANA. His blockchain career began back in 2013 during his studies in Finance and Entrepreneurship at the RWTH Aachen. In 2013 Christian co-founded the Bitcoin Aachen Meetup as one of the early blockchain pioneers in Germany and was an early supporter of Lisk, one of the world's first ever created public blockchains and cryptocurrencies. In addition to leading MADANA, Christian speaks as a German blockchain expert at many conferences around the world and is an advisor of various political groups and institutions based in Europe.