Chainsaw is a so-called layer-2 blockchain. In concrete terms, this means that we operate one of the fastest blockchains on the market, using the public blockchain (Bitcoin) as an anchor. But why use a blockchain?
Why use blockchain technology in a consent solution?
Blockchains are specialized databases whose main characteristic is immutability. By design, the modification or deletion of a data is impossible.
They are therefore drivers of trust.
As a reminder, each block is cryptographically attached to the previous one, so the modification of a transaction present in a block would require the recalculation of all the child blocks. The more transactions there are, the more robustness increases.
The notion of proof in the context of the RGPD
The RGPD creates a new constraint to the notion of proof, recently recalled by the CNIL with the publication of its new guidelines.
Indeed, if the legal basis sought is consent, then the controller must prove that consent has been obtained, prior to the processing of the personal data.
The use of a blockchain makes it possible to meet this legal constraint, on a large scale and in a way that is infinitely more secure than the mechanisms of code sequestration or screenshots.
Our technical answer to these issues of scale and proof is Chainsaw, our private layer-2 blockchain.
We benefit from the speed of execution of our proprietary technology and a time-stamped anchor in public blockchains.
Consents are stored in this system, but the user ID is inferred upstream in order to comply with requests for the right to be forgotten (if it was agreed that the consent data was personal data not exempt from the right to be forgotten).
Strength of evidence
Thus, to change a single transaction and thus a fingerprint of a consent, one would have to :
- Hack our user/transaction blockchain matching database
- Recalculate the set of child blocks of the transaction in Chainsaw
- Emerge a Bitcoin majority fork with enough transactions to rewrite the Chainsaw prints.
We also keep a history of changes to the user's consent.