October 5, 2023

Mitigating Platform Risk While Ensuring Data Privacy

Luke Lamey

In 2015, Twitter closed its Firehouse API, killing hundreds of third-party vendors relying on Twitter data for their core business. In 2021, the Hong Kong government forcibly closed the Apply Daily Newspaper, leaving over 9 million readers unable to access the pro-democracy news outlet. In 2023, Argentina dramatically raised its interest rate to 118%, leaving Argentinian citizens helpless as they watched their purchasing power evaporate overnight.

What do the Twitter Firehouse API, the Apple Daily Newspaper, and Argentinian interest rates have in common? All three of these scenarios are examples of platform risk: the risk that a user faces that a platform’s services may drastically change at any given time. A business has platform risk when they are heavily reliant on a single third-party platform for its operations, sales, or engagement. An individual has platform risk on a central bank when they are adversely affected by changes in monetary policy. Any shift in policy, algorithm, pricing, or any sudden change in deeply centralized systems can expose individuals and businesses to platform risk, creating a profound impact on personal and commercial livelihoods.
The promise of Web3 and blockchain technology is to mitigate platform risk by eliminating centralized points of failure. Bitcoin mitigates financial platform risk by fixing the money supply; no centralized party can drastically and unexpectedly devalue BTC holders. Arweave mitigates publishing platform risk by providing readers with immutable and permanent data storage; no centralized actor can revoke or restrict access.

As new use cases for Web3 emerge–particularly in decentralized identity, decentralized social media, and decentralized science–there is a growing tension between mitigating platform risk and ensuring data privacy and compliance. For example, Article 44 of GDPR requires companies to know the geographic location of where their user data is stored. It is nearly impossible to reconcile requirements like this with decentralized blockchain platforms where node operators can and should be able to operate anywhere in the world.

The Tradeoff: Platform Risk and Data Privacy + Compliance

Decentralized platforms are forced to make an inherent tradeoff between decentralization and data privacy. As more nodes are added to a network, it becomes harder to enforce protections around data privacy and compliance. Understanding this tradeoff, we can create a two-dimensional framework for evaluating Web2 and Web3 platforms: platform risk mitigation and data privacy + compliance.

The mental model for this framework is simple: centralized platforms have a high degree of platform risk but can better enable data privacy and compliance because they have a high degree of control over who, where, and how their data is stored. Decentralized platforms have a lower degree of platform risk but struggle to enable data privacy and compliance because they have less or no control over the parties that store the data. As companies move left on this graph, they decentralize their data storage and reduce their platform risk. As companies move up on this graph, they ensure data privacy and compliance for their users.

The Decentralization Line and Web3 Limit

Understanding the tradeoff between platform risk and data privacy, we can plot Web2 and Web3 platforms along this spectrum. On the bottom left is Bitcoin, an open and credibly neutral platform that has proven over a strong history to have eliminated most, if not all, of its platform risk. On the top right is a platform like Telegram, a highly centralized, privacy-protecting platform largely controlled by one billionaire.

Plotting these platforms along this spectrum, two trends emerge:

  1. The Decentralization Line: The first trend is the Decentralization Line - this is the limit Web2 platforms can reach, but not cross, to mitigate platform risk. To cross the Decentralization Line, companies must provide a cryptographic guarantee that their platform risk has been mitigated, which would require adopting blockchain technology.
  2. The Web3 Limit: This is the limit Web3 platforms can reach when it comes to reducing platform risk and enabling data privacy/compliance. The more nodes added to the network, the harder it is to guarantee data privacy.

The key difference between the Decentralization Line and the Web3 Limit is that the decentralization line is fixed; no “Web2” platform can cross the decentralization line without becoming a “Web3” platform. However, the Web3 limit is dynamic, and as new innovations emerge in the blockchain industry–such as decentralized databases, modernized BFT consensus protocols, and advances in homomorphic encryption–the Web3 limit can begin to shift up and to the left.

How Kwil Expands the Web3 Limit

Kwil’s decentralized database networks are among the technical innovations that are shifting the Web3 limit up and to the left. Networks on Kwil are separate, homogenous, byzantine fault-tolerant database networks that use SQL to store and retrieve data. Projects and platforms can fine-tune their nodes to configure where exactly along the expanded Web3 limit they need to be.

For example, a DID project may have stringent data compliance requirements regarding who and where user data is stored. With Kwil, they can create a strict node operator whitelist, enforcing that only certain parties can participate and validate the network. This ensures that the DID platform mitigates platform risk for its end users while upholding its data privacy and compliance requirements. Alternatively, an IoT platform may have less stringent requirements around who can validate their data, allowing anyone to participate in and validate their network, thereby moving lower and to the left on the diagram. (p.s. Kwil is actively enabling the compliant DID use case with the idOS Network).

Regardless of the specific platform risk and data privacy requirements a particular platform needs, Kwil brings a unique offering to the market: allowing platforms to choose where along the two-dimensional spectrum they wish to fall. Kwil offers a variety of whitelisting, token-gating, and authentication that allow platforms to create and tailor a decentralized database network that custom-fits their needs.

How to get started?

Dedicated Kwil networks are ready and able to serve a variety of novel and innovative use cases of decentralized technologies. Regardless of your use case, Kwil unlocks the ability to turn the dial on the platform risk and data privacy spectrum, enabling your product to expand beyond the current Web3 limit.

Kwil dedicated networks are currently in pre-release but are available to partners and Kwil clients. To launch your own Kwil network, set up an onboarding call with our team here.

Other Resources:

Kwil Networks Overview: https://docsend.com/view/anxkwdjkm73psanx

Kwil Pre-Release Docs: https://prerelease.kwil.com/docs/introduction/