The IoT x.0 phenomenon and blockchain

It is difficult to correctly define the Internet of Things (IoT) phenomenon, as evidenced by numerous contributions on the subject. Today we are witnessing a profound evolution of IoT to the point of qualifying it as an ecosystem. In recent years, developments in this phenomenon have been evident, which probably became known starting from Nabaztag and communications from various sensors (meters) installed in different parts of the world. Today, however, the phenomenon has evolved and spread so much, also with the development of applications that, on the one hand, have favored the M2M system and on the other have had direct effects on daily life, to the point of affecting lifestyle (smartphones themselves with their applications).


In 2009, with the intuition of Rob Van Kranenburg, the Council of The Internet of Things was founded and officially presented in Brussels on December 4, 2009: my intervention was on “legal issues”.

The Council is composed of individuals who wanted and want to share experiences in various IoT sectors.

Recently, the Council, due to the evolution of the IoT phenomenon, while maintaining its own identity, was renamed “Next Generation Internet”.

The IoT phenomenon has therefore profoundly transformed, becoming an ecosystem due to technological evolution and the development of numerous applications. We talked about “smart” phenomena, but today it is probably preferable to call them “smart-X” precisely because of the ever-increasing development of “intelligent” solutions (smart city, smart grid, smart car, smart contracts, etc.).

A closer look at IoT therefore allows for an analysis of the phenomenon from which an indisputable interaction between solutions and environments emerges, making a qualification in terms of “ecosystem” or even better “digital ecosystem” more appropriate.

One wonders whether it is possible to describe this evolution with a numerical classification (2.0, 3.0, etc.).

In the opinion of this writer, this type of classification is reductive and risks profoundly limiting the phenomenon that is under the push of rapid evolution. An ecosystem like that of IoT feeds and evolves continuously depending on, on the one hand, technological development and, on the other, due to changing business and personal needs. There are obviously risks to security and personal data, even if the prevalent use of technologies attracts more attention to security profiles rather than personal data protection and privacy.

Blockchain

In this context, described very briefly, there is an emerging phenomenon which is that of “blockchain” (chain of blocks).

Blockchain is essentially a database with particular characteristics, in which each record consists of a node (which in turn contains information) and the individual nodes are linked (hence chain of blocks) to each other in such a way that they cannot be modified and therefore cannot compromise the entire chain. If this chain (blockchain) is replicated on multiple systems, we speak of a distributed database.

Blockchain is also qualified as a “ledger” since it is associated with the recording of individual transactions (of each node) in the context of Bitcoin or cryptocurrencies. In fact, blockchain was initially used, and therefore known, because it constitutes the technical infrastructure of Bitcoin, the cryptocurrency, usually associated with illicit operations as it constituted the payment method for ransom requested during cyberattacks known as “ransomware”.

However, bitcoin and more generally cryptocurrencies, have acquired a sort of negative connotation mainly due to the lack of specific legal regulations. In reality, cryptocurrencies are also subject to evolution (also technological) and their already wide diffusion will lead to the adoption of specific legal norms.


Blockchain requires very high computational power, so much so that a few years ago it was estimated at 2 to the 192nd power. In a very simplified way and without pretense of detail, especially technical, blockchain can be schematized in the following terms. In each single node there is a header that usually contains the following fields:

  1. Version
  2. Nonce
  3. Previous block header hash
  4. Block header hash
  5. Timestamp
  6. Difficulty

The indicated information is all important for blockchain, but the most relevant are the Nonce which constitutes a number, a sort of “index”, which unequivocally identifies the block, the “Previous block header hash” which is the hash fingerprint of the previous block, and the “Block header hash” which constitutes the hash of the node. For the generation of a new node, the algorithm must identify the hash of the previous node and generate that of the node being created.

This evidently, on the one hand, justifies the computational power required for such operations and on the other represents the high level of security that prevents (but not in an absolute sense because nothing is secure in IT) the compromise of the single block and, therefore, of the entire chain. As mentioned, this is a purely descriptive and not technical explanation of blockchain.

Among the platforms that allow structuring applications for blockchain, the one currently gaining the most traction is Ethereum.

Blockchain as a service

The albeit brief description of blockchain and the applications that have been developed to date and those that are still in the planning phase allow us to qualify blockchain as “blockchain as a service”, due to its potential to be enslaved to the provision of the most disparate services.

As will be seen later, the potential related to the development of blockchain applications denotes its evolution from a technical structure underlying cryptocurrencies to a true IT infrastructure usable for the provision of services.

This represents a central point, a nodal point, since the development of blockchain applications for the provision of services currently constitutes one of the most important sectors of the well-known Industry 4.0 and therefore one of the most important business areas. The potential of blockchain has been absolutely understood by IT giants (IBM and Samsung Electronics) who have undertaken the development of important projects such as ADEPT (Autonomous Decentralized Peer-to-Peer Telemetry).

Blockchain applications

It has been said that blockchain, in its declination of “blockchain as a service” allows the development of numerous applications, also for the provision of services. The development of applications that use blockchain may not exclude the use of Artificial Intelligence (AI) with further enormous potential both for industries and for users who will benefit from the services provided. What applications based on blockchain can concretely be developed or have already been developed? Below are some application references, but it should be noted that the scenario is very broad.

  • Cryptocurrencies - It has been said that blockchain has enabled the development of Bitcoin and other cryptocurrencies (a non-exhaustive list is available on this page). The usefulness of a cryptocurrency is clear: cost reduction, elimination of intermediaries, simplification of operations, transaction security.
  • smart contracts and “smart” phenomena - It is possible to develop applications for smart contracts. These are not true contracts, as they are considered from a legal point of view, but operations that are executed automatically when a certain condition is met. Imagine the electricity or gas supply contract; when a certain condition occurs (e.g. consumption reading) a payment is executed. Smart contracts are currently still connected to the concept of financial transaction and not, therefore, to other automatisms but there is no doubt that applications can be developed that implement the scope of use. One of the important aspects is constituted by the security of operations (transactions) which would prevent any compromise of operations.
  • digital identity (eID) - The identity profile can also be addressed through blockchain. It is often not simple to identify a person, especially when this must be done virtually. In Italy there is SPID (Public Digital Identity System) regulated by Legislative Decree 82/2005 (CAD - Digital Administration Code). However, blockchain allows the development of applications through which to simplify the identification of a subject and allow access to such information securely. We are not talking about a database of the resident population, such as the Resident Population Registry (ANPR), but of technological solutions that allow authorized and pre-authorized subjects to have certainty about people’s identity. In more practical terms, some companies (e.g. for credit provision or services) need to identify the natural person with certainty. A blockchain-based application can allow this.
  • immigration - The immigration phenomenon is current and emerging. In this case too, blockchain can be useful. It is evident that immigrants are not registered and this creates identification difficulties for each of them. Blockchain-based applications have already been developed that allow managing immigrants’ identities. Such a solution would greatly facilitate the activities of public bodies, PA, NGOs, etc.
  • document preservation - Document preservation, besides being an obligation (cf. CAD), can undoubtedly constitute added value. Blockchain allows the development of applications for preservation.
  • E-Government and digital PA - Blockchain can also constitute added value for PA and for its digitalization process. Application areas are easily imaginable and among these there is certainly a use in the field of Telematic Trial (PT). Today PT is based on different platforms based on jurisdiction (currently for civil, administrative and tax). Blockchain can certainly serve to develop applications to simplify some aspects and to attribute greater guarantees both in terms of security and regarding the information acquired.
  • Interaction between applications or services - Blockchain applications are not independent of each other, but it is possible to establish an interaction between them. Imagine identity management and payment systems management. This is already possible today in some sectors. The combination of various blockchain-based services is certainly another central point of blockchain.

Blockchain, personal data protection and privacy

Blockchain is certainly an innovative and important phenomenon but not exempt from profiles related to legislation on personal data protection and privacy. The issue is particularly important not only nationally. In fact, confidentiality and personal data protection are fundamental rights provided for in the Charter of Fundamental Rights of the European Union (articles 7 and 8).

Beyond the consideration of these principles, one cannot disregard European Regulation no. 679/2016 (General Data Protection Regulation -GDPR) which will be applicable (it is already in force) from 25/5/2018 in every Member State and the Code on personal data protection (Legislative Decree 196/2003).

This regulatory framework requires some reflections regarding the protection of individuals’ personal data in blockchain. Among the fundamental pillars in the field of personal data protection emerge information to the data subject and their consent. Blockchain, as it was conceived, is structured on trust. We speak of web of trust (WoT) in cryptographic systems like GPG.

In reality, for an effective application of blockchain in all sectors, one cannot disregard the rules on personal data protection and, at the same time, it must be evaluated how these rules can be respected. The profiles related to personal data protection are known to technicians and scientists who have dealt with blockchain. These aspects, however, have only been addressed in terms of security, increasingly raising the security measures of the IT infrastructure, often through the use of cryptographic algorithms.

However, the concept of security is different from that of personal data protection and, therefore, it is not legally correct to address the problem in this way.

Being a relatively current phenomenon, there are no “recipes” or pre-packaged solutions. It is always necessary to carry out case-by-case evaluations in order to identify the correct methods for finding so-called compliance solutions.

The use of appropriate policies is fundamental, but these should be accompanied by other solutions, so that the protection of the individual’s personal data is guaranteed. The data subject must be previously informed about the processing of their personal data and be able to freely express their consent. The development of blockchain applications must take into account the principles contained in Article 25 of the GDPR which regulates data protection by design and by default. Each project relating to blockchain must be implemented so that adequate protection is guaranteed to the individual’s personal data. The GDPR is clear in the adoption of “technical and organizational” security measures suitable for addressing risks, of any Impact Assessment (Data Protection Impact Assessment) where applicable. An important screening is carried out during the audit at the end of which a sufficiently clear general picture is obtained. Subsequently, possible solutions are evaluated in accordance with current legislation. Security is a fundamental aspect but does not replace the obligations provided by laws on personal data protection. Last year (2016) the International Conference of Privacy Commissioners addressed the current theme of Artificial Intelligence (AI) and it is hoped that in the next session blockchain will also be discussed.