The second generation blockchain technology enables not only financial transactions, but document storage and identity management. This presentation presents how to achieve ti using Billon's distributed ledger technology with hybrid private blockchain in its core. With Billon's technology it is possible to create a distributed database meeting EU regulatory requirements for durable medium and GDPR.
3. Billon is a technology company that created the first licensed e-money
system based on blockchain and DLT
Billon was established in 2012 in Warsaw. We
opened our London office in 2015 and US office in
2017.
Billon’s technology is a DLT that uses hybrid
private blockchain. This system is provided to
banks so they can issue e-money. The technology
meets EU legal requirements.
Our most recent accomplishments include FCA
approval for our e-money tech, EU funding to
pursue our e-money solutions, and a research
grant.
We are patenting several of our architecture
solutions, for example one that solves a key
challenge of GDPR.
100% of capital is from people working directly or indirectly
with the company
4. „A firm must meet five key eligibility criteria to use the sandbox. The firm must:
• Be an in-scope business
• Demonstrate a genuine innovation
• Deliver a consumer benefit
• Demonstrate a need for the sandbox
• Be ready for testing „
5. Billon’s areas of expertise
Payments and payouts
based on e-money (
Durable media –
meets all EU
regulations
Identity management
DLT
11. The terms „durable medium” is regulated by the EU laws:
▪ Directive 2011/83/EU on consumer rights
▪ Directive 2007/64/EU on payment services in the internal market
▪ Directive 2008/48/EU on consumer credit agreements
▪ Directive 2002/65/EC concerning distance marketing of consumer
financial services
Durable medium as a legal requirement
12. According to Directive 2007/64/EU on payment services:
„Information should always be provided on paper or on another durable
medium, such as printouts by account printers, floppy disks, CD-ROMs,
DVDs and hard drives of personal computers on which electronic mail can
be stored, and Internet sites, as long as such sites are accessible for future
reference for a period of time adequate for the purposes of information and
allow the unchanged reproduction of the information stored”.
„durable medium” means any instrument which enables the payment
service user to store information addressed personally to him in a way
accessible for future reference for a period of time adequate to the
purposes of the information and which allows the unchanged reproduction
of the information stored.
Durable medium as a legal requirement
13. ▪ Dispute between Austrian Consumer Information Association and BAWAG
PSK Bank
▪ BAWAG provides on-line banking services.
▪ „Notices and statements (including account information, notices of
changes) shall be received by a customer by post or electronically by
making them retrievable or transmitting them by means of e-banking”. In
practice: notices were sent to inbox account within the e-banking service.
▪ Association claims that the clause is not valid.
BAWAG case (C-375/15)
14. ▪ Article 42(1) of Directive 2007/64 on payment services: „Member States
shall require that, in good time before the payment service user is bound
by any framework contract or offer, the payment service provider provide
the payment service user on paper or on another durable medium with
the information and conditions specified in Article 42”.
▪ Article 36(1) of Directive 2007/64 on payment services: Member States
shall require that before the payment service user is bound by any single
payment service contract or offer, the payment service provider, in an
easily accessible manner, makes available to the payment service user the
information and conditions specified in Article 37.
BAWAG case (C-375/15)
15. ▪ Eventually, the following request was submitted to the ECJ for
preliminary ruling:
Is Article 41(1) in conjunction with Article 36(1) of Directive 2007/64 to be
interpreted as meaning that information (in electronic format)
transmitted by the bank to the electronic mailbox of the customer as part
of the [online banking website e-banking], so that the customer can
retrieve this information by clicking on it after logging into the online
banking website e-banking, has been provided on a durable medium?
BAWAG case (C-375/15)
16. Art. 41(1) and 36(1) cover two types obligations:
BAWAG case (C-375/15)
• Obligation to provide requires
active behaviour of the bank
• Obligation to make available does
not require active behaviour
• It cannot be reasonably be
expected of payment service user
that they should regularly check
communication on e-banking
website.
• Active behaviour may consist in
sending communication with
information referring to e-banking
website. Sending e-mail to mailbox
in e-banking website does not
count.
• Information must be stored for
future reference for an adequate
time
• Information must be stored
unchanged
• Any possibility that the payment
service provider or another
professional to whom the
management of site has been
entrusted cound change the
content unilaterally must be
excluded.
(1) to use durable media (2) to inform customers
17. ▪ DM can be any instrument (no specific technology suggested);
▪ DM should store information (immanent feature of technology);
▪ Information on DM should be available for a reasonable time, also after
termination of a contract;
▪ Some information stored on DM should be actively provided to customer;
▪ Unilateral changes made by service provider are not allowed and it should
be a part of technology (processes and contracts are not good enough).
Durable medium as a legal requirement
19. ▪ Billon's design is based on the second generation blockchain technology
that enables the electronic recording and reading of data published by the
service provider issuing the document.
▪ The system is a type of special, distributed and cryptographically secured
database. Data is immutably saved outside the infrastructure of the
service provider publishing the document.
▪ Once an entry is made in the distributed ledger and accepted by the
network, it is then replicated and transferred to other users. The
blockchain technology-based network is public and self-organizing.
▪ The published document cannot be read by anyone other than the
publishing service provider and the client to whom the document is
addressed.
Billon durable medium
20. ▪ ONLY the User and Service Provider can read the private content of the
data
▪ ANYONE can confirm the data is unmodified (but not read the private
data inside)
▪ NO ONE (including Billon) can modify or delete data once it is published
▪ Billon provides this data security through a platform based on advanced
cryptology.
▪ There are no administrators or policy-based system management. Data is
persisted in encrypted form into a distributed database where it is
directly accessible to the user and outside the control of any one party,
guaranteeing access.
▪ Once published, the data is fully auditable by the user, the service
provider, and by independent auditors. Any attempt to modify published
data is automatically detected by the system and reported.
Billon durable medium
23. ▪ Nodes do not know how many nodes are in the system and where they
are located
▪ Only blockchain address can identify where fragments of documents are
located
▪ Except for publisher’s node and a client, other nodes do not have enough
fragments to create a full document
▪ Except for publisher’s node and a client, other nodes do not know how to
connect fragments
How documents are further secured
24. ▪ Client may read a document by connecting to any node using app or
website (external and administered by service provider);
▪ Service provider may establish a duration period for each document; once
the term expires, encryption key for the document is destroyed;
▪ Nodes verify and approve any modification of a document; any
unauthorized change is detected and rejected by the system (via HASH);
▪ System stores all versions of a document;
▪ System fully integrates with all possible forms of active B2C
communication (e-mail, SMS, app, etc)
Functional features of Billon Durable Medium
25. ▪ Nodes do not hold personal data (even if the encryption key is broken or
stolen, it is not possible to obtain even one personal data)
▪ Personal data is processed only within the publisher’s infrastructure;
▪ Data portability is secured on the level of bank’s existing infrastructure;
▪ The right to be forgotten is exercised by patented solution which is
related to the irreversible deletion of encryption key
▪ Other rights under GDPR are also secured by irreversible deletion of
encryption key (right rectification, right to restriction of processing, right
to object, etc).
Compliance with GDPR