6.3
Outline of MTI's solution
The crux of MTI's solution is MTI's adapter, a middleware
application for interfacing with certain blockchain
networks. MTI's adapter is suited for use in a wide
variety of supply chains, including in international
freight and shipping. It enables systems currently in
use in the shipping industry to interface with one or
more blockchain networks. Each network can be run by
different industry players and can use different underlying
blockchain technologies (such as IBM's Hyperledger
Fabric, Activeledger, Corda, Quorum etc.). There is thus no
need for every player in the industry to use one particular
network, as multiple networks can operate in parallel.
Each shipping industry player can aggregate their multiple
networks and existing shipping industry systems in a
single place using MTI's adapter.
To drive commercial adoption of its adapter, MTI plans to
establish, together with a consortium of industry players,
one such blockchain network for use in international
shipping. This network will likely be built on Hyperledger
Fabric and will be a private, permissioned network.
In line with the GDPR principle of data minimisation,
the network will store on the blockchain (on-chain) only
information that everyone on the network has the right
to view. Where a transaction involves information that
only some participants have a right to see, that private
information will be hashed and the hash will be added
to the blockchain. The underlying private information
will then be sent, via a side channel peer-to-peer
network, to those participants with a right to see the
information. This focus on privacy by design means
that information that should not be visible to everyone
is kept off the blockchain (off-chain) and is only stored
locally by those participants with a right to access the
information. Any person who has a copy of the off-chain
private information can run the hashing algorithm over
it and compare the result to the hash stored on-chain to
verify that it has a true copy of the private information
associated with the transaction recorded on the ledger.
This also ensures all information associated with
transactions on the network are fully auditable.
6.4
What personal data may
be processed?
The personal data likely to be involved in MTI's solution
are not likely to be particularly sensitive. They would likely
be limited to:
• names of people signing certain shipping documents;
• business contact details of certain people involved in
the shipping process, such as phone numbers or email
addresses; and
• photos of shipping cargo that may incidentally include
recognisable individuals or other personal data.
MTI's solution intends to use the side-channel model
described above for all information that should not be
freely visible to every participant on the network, which
will include all personal data. This includes using the
side-channel model to restrict the visibility of free form
comments. There will, of course, always be the risk that
some personal data is not properly confined to the side
channels and finds its way on to the network, and we
therefore consider how MTI may ensure GDPR compliance
given this possibility.
40 I GDPR and the Blockchain