Posts

Right to Be Forgotten and the immutability of Blockchain

Sending Medical Test Results to Patient

Dr. John Smith wants to send Mark Douglas, his patient, the results of a medical test that Mark has done in the medical office. As Mark is very busy in his work, he can’t go to the DR’s Office. Anguished he asks the Dr to tell him the results over the phone, but the doctor refuses kindly, telling him that he can’t do it because the GDPR prevents him from doing so. But he proposes to send the results through MARAChain, and that he would have them on his computer or smartphone in seconds. Mark accepts.

Dr. John asks Mark for his email address in order to send Mark the results through MARAChain. Dr. John fills in the recipient email field with Mark’s email, uploads the results of his medical test to MARAChain, and proceeds to send it to Mark. Mark receives an email indicating that he has a document waiting to be read at MARAChain. He clicks on the verification link, and access the document, confidentially, privately and verified. Dr. John Smith receives a notification from MARAChain, informing him that Mark has accessed the document.

HOW DOES MARACHAIN COMPLY WITH THE GDPR?

MARAChain acts as a Central Bank, where there are as many security boxes as there are documents transferred. Each security box has 3 security locks, which only 3 keys can open.

  1. MARAChain key, generated by the software and inaccessible by the staff.
  2. Sender Key, created at the moment of the user’s registration.
  3. Recipient key, created at the moment of the user’s registration.

These keys are unique and non-transferable, and always identify its bearer user.

In the previous example, when Dr. John click on the submit button, his “Digital Me” accessed the Bank of MARAChain, searched, in the list of accounts, to the Mark Douglas ‘s “Digital Me”. When he was not there, he asked MARAChain to create it, giving him Mark’s email address. Once Mark’s account was created (along with his security key), Mark’s and Dr. John ‘s “Digitals Me” accessed the Safe. MARAChain gave them a new Security Box where the three introduced their respective keys. When opening the Box, Dr. John’s “Digital Me” introduced his document, and proceeded to close the box. At this time, MARAChain wrote a unique security code in the box and stored it in the Network of Distributed Nodes of MARAChain. Then MARAChain sent an email to Mark Douglas informing him that he has a document in MARAChain.

In order for Mark Douglas to access the document, he must access MARAChain, and his “Digital Me” search Dr. John’s “Digital Me” to, together, go to the Safe, and open the box with the document sent.

RIGHT TO BE FORGOTTEN APPLICABLE BY THE GDPR

MARAChain is developed with Blockchain technology, which disables the elimination of data stored in the database. Instead, in order to comply with the GDPR, MARAChain creates a system of security keys that identify the user. If a user requests to apply his “right to be forgotten” or requests the deletion of the data stored in MARAChain about his person, MARAChain will informe him that this will cause his user, in MARAChain, to be eliminated. When the User is removed, the User Identification Key is destroyed, which makes it impossible to access of his documents. This will be done as long as the transferred documents can be disposed of in accordance with current legal regulations.

If the User were to register again in MARAChain, the system would give him an identification key, different from the previous one, so he could not access the documents prior to his new registration. In this way, MARAChain allows the destruction of access to documents once the Right to Be Forgotten has been requested, maintaining the Immutability of the Blockchain.