Cere Network’s crucial head start on complying with data protection regulations

7 min readApr 30, 2021

Introduction

The usage and protection of personal data and privacy have come into the focus as increasingly sophisticated. Users demand transparency on how their personal data is being used and safeguarded by institutions and businesses alike.

This heightened regulatory scrutiny of personal data usage is a macro trend that will persist in the foreseeable future, and it’s one that enterprises should take heed.

Cere Network, as an enterprise-focused, decentralized, interoperable blockchain network, is uniquely positioned to play a crucial role within the data protection and regulatory framework space for its enterprise clients through the Cere Decentralized Data Cloud (Cere DDC), as well as other related products.

Data Protection Regulatory Framework

Europe has taken the lead in regulating the protection and usage of personal data with the ratification and implementation of The General Data Protection Regulation (GDPR) in 2016.

GDPR has served as the model for other countries or regions in implementing their own versions of a data regulatory legal framework, such as in California with the California Consumer Protection Act (CCPA).

More recently, the EU is proposing another major piece of data protection legislation that seeks to further define a standardized framework for sharing and re-using personal data with trusted tools and techniques, as a part of its greater data strategy. The new framework seeks to boost data reuse to support a new generation of data-driven services powered by data-hungry artificial intelligence, as well as encouraging the notion of using “tech for good” by enabling “more data and good quality data” to fuel innovation with common public good, such as better disease diagnostics, and improving public services.

The Cere Solution

How can Cere Network help enterprise clients streamline and operate within these data regulatory frameworks?

As an enterprise-focused, and cloud-native platform, Cere Network takes data governance seriously — the process of managing the availability, usability, integrity, and security of the data in enterprise systems, based on internal data standards and policies that also control data usage. Effective data governance protocols on Cere ensure that data is consistent, trustworthy, and doesn’t get misused or compromised.

More specifically, Cere DDC empowers enterprises with the tools they need to participate in the data economy, such as managing the availability, usability, permissions, integrity, and security of the data in enterprise systems. We see the following areas as specific ways in which Cere Network and Cere DDC can help enterprise clients adapt to these new data protection regulatory frameworks.

Trustless Data Sharing

One of the emphases of the new EU landmark data protection legislation is in how data is shared across multiple relevant parties. The proposal envisages a framework enabling the sharing of data that’s subject to data protection legislation — which means personal data; where privacy considerations may restrain reuse — as well as industrial data subject to intellectual property, or which contains trade secrets or other commercially sensitive information.

Cere will natively implement a number of multi-party computing techniques such as federated learning to allow decentralized collaboration without exposing privacy-regulated customer data to the party analyzing (part of) the data. Federated learning is a machine learning technique that trains an algorithm across multiple decentralized devices or servers holding local data samples, without exchanging them. This stands in contrast with traditional, centralized machine learning techniques where all the local datasets have to be uploaded to a central server, potentially exposing sensitive information.

Federated learning techniques adopted by Cere allow multiple distributed peers to build a shared, robust machine learning model, without sharing any sensitive personal data, allowing businesses to leverage the latest machine learning techniques, and be in full compliance with regulatory oversight.

Public Sector Data Reuse

The EU data protection proposal outlines clear guidelines on how data is to be reused in the public sector:

“for public sector bodies there may be technical requirements (such as encryption or anonymization) attached to the data itself or further processing limitations (such as requiring it to take place in “dedicated infrastructures operated and supervised by the public sector”), as well as legally binding confidentiality agreements that must be signed by the reuser.”

Cere DDC can help enterprise clients in the public sector meet these new regulatory requirements. Customer data stored on Cere Network is fully encrypted through secure RSA encryption, and partitioned per enterprise entity with a state of the art identity management system. Application data is associated with anonymous, randomized IDs, non-identifiable personal information. Only users and entities with the associated private key can decrypt and deanonymize their own data.

Any public sector data that has been boarded onto the Cere ecosystem, such as the Cere Data Science Marketplace will automatically be encrypted and anonymized. This will facilitate the compliant reuse of these data, and allow the Cere Network Hub to connect the previously isolated data silos in a compliant and secure fashion.

Control Over Personal Data

The proposed new framework calls for companies and institutions to provide citizens with an organized way to share their own personal data for a common/public good, such as aiding research into rare diseases or helping cities map mobility for purposes like monitoring urban air quality. Through these personal data spaces, consumers will gain more control over their data and decide on a detailed level who will get access to their data and for what purpose.

As mentioned before, customer data on Cere Network is fully encrypted and anonymized, and Cere is fully devoted to giving full control to consumers on how their data is stored and accessed. Cere Network will implement a Decentralized Data Viewer application, where customers can access a portal to view and manage all the relevant data that has been collected. Through the Decentralized Data Viewer application, customers will have the final authority on their own data and can export, delete, authorize, de-authorize the use of their data at any given time, and these changes will be automatically propagated upstream throughout the whole network.

Within the Cere ecosystem, customers will be able to set the levels of access for different types of entities, such as private for-profit businesses, or “data altruistic” institutions that want to access differentially private, aggregate data for medical research or consensus purposes. These organizations can be represented as side chains on the Cere Network, and their access to customer data can be seamlessly integrated within Cere DDC and other platforms within the Cere Network.

Neutral Data Mediators

The proposal calls for the creation of neutral data mediators to facilitate fair and lawful data sharing. These data brokers or intermediaries ensure that data sharing will be conducted in a way that consumer rights are protected and that they have choices. One of the proposed data mediators is the European Data Innovation Board, which would try to knit together best practices across the Member States — in what looks like a mirror of the steering/coordinating role undertaken by the European Data Protection Board.

Cere Network is structured in a way to work well with these data mediator entities, and in fact, operates in a similar neutral data mediator role within its ecosystem in the Cere Foundation.

The Cere Foundation is a non-profit organization founded by a consortium of long-term Cere stakeholders. The Cere Foundation positions itself as the mediator between enterprise interests and Cere community interests and ensures that potential conflicts and competing interests are resolved in a balanced and sustainable fashion. In order to serve this mission, the Cere Foundation has two arms of operations: one for serving the needs of the Cere Core DAO that serves everyone in a decentralized and trustless fashion, and one arm for fostering enterprise partners and addressing their specific needs.

The Cere Foundation will serve to mediate any potential conflicts of interests in data usage between its enterprise clients, and the consumers within the Cere ecosystem. It can also act as a front-line liaison entity for interfacing with other neutral data mediator entities on behalf of Cere Network, providing a structured way to have mutual feedback to and from the outside organizations.

Conclusion

As new data protection regulatory frameworks are proposed and implemented globally, Cere Network seeks to leverage the latest advancements in trustless and decentralized data processing and custodianship for its enterprise clients, and thus addressing the critical issues of data privacy, data security, and data access within compliance of the regulatory frameworks.

About Cere Network

Cere Network is the first decentralized data cloud platform in alignment with Polkadot, optimized for service data integration and data collaboration. While most enterprise blockchains are simply distributed ledgers, the Cere DDC platform is built from the ground up to power the new generation of first-party customer data ecosystems. Harnessing similar goals to cloud platforms like Snowflake, Cere’s DDC platform is delivering on a new decentralized level of data privacy, data agility, and data interoperability.

Cere Network is founded by former executives from Amazon, Twitch, D-Link, and Bebo. Cere is backed by Binance Labs, Arrington XRP Capital, Fenbushi Capital and Neo Global Capital, among others. The company is headquartered in San Francisco, with offices in New York, Amsterdam, and Berlin. More information about Cere Network: