Using Blockchain for Consent Management

Policy changes (GDPR) now require that companies track when consent was given, by whom, for what, and if consent was revoked. This consent evidence needs to be auditable to demonstrate compliance with the GDPR. Companies face considerable fines for not complying with GDPR requirements. Existing ledger-based approaches are prone to manipulation/tampering/loss/corruption that limits their reliability and trust. A secure, tamper resistant, auditable, reliable consent management system is needed.

One application of Blockchain technology is to provide a tamper resistant distributed ledger. A technology solution built on top of a public blockchain (e.g. Ethereum) would allow ledgers of consent to be reliable and tamper-proof, while also facilitating transparency and auditing. This solution would include APIs and web-based widgets that can be integrated into existing products. It would provide granular consent management (granting, re-granting, revoking), consent analytics (numbers consenting, revoke rates, etc.), and exportable audit reports. There already exist consent lifecycle management solution (e.g. http://www.janrain.com/blog/consent-lifecycle-management-crucial-gdpr-compliance-customer-data/ ), but few (none?) offer a distributed tamper-proof and verifiable solution. This solution could also present end-users with a one-stop-shop to manage their consent across multi-vendor tools. Consent management is well established in the health care domain, but it is now of greater importance in education due to the changes coming in the GDPR (May 2018). Consulting on deploying best practices in consent may also be a revenue stream.

The value to customers is in compliance with their upcoming regulatory requirements under the GDPR. Failure to comply can result in significant fines in the case of a data breach. The solution could also aid customers in selling their products to end-users as there may be an increased level of trust and transparency. GDPR compliance is likely to become a requirement for large edtech contracts (e.g. government contracts). Effective consent management forms a key part of this compliance so there is value to companies in making their products competitive for such contracts.