Online consulting, as a specific form of digital services, can be described as an exchange of information between at least two parties via digital channels based on natural and/or artificial intelligence. On the level of content, the counterpart takes care of a (e.g. physical) problem of one or more clients individually in order to improve the (e.g. health) state. Such a consultative institution can be a human being on the one hand, and a digital counterpart, such as an artificial intelligence in the form of an algorithm (e.g. a bot), on the other.
2.1 Data Security and Data Protection
The handling of data in communication and storage, especially against the background of individual problems, is highly relevant. Discretion can, for example, be ensured by a self-imposed duty of confidentiality, the existence of which and the mandatory compliance with which should be publicly communicated. Ultimately, this is a way of establishing anonymity towards third parties. It appears useful if those seeking help always have the same contact person, although complete digital documentation in the form of a customer administration—for example, by means of a personalised e-filing system (also known as EHR systems, electronic health records; Ströher and Honekamp 2011; Karg 2013)—provides the possibility that colleagues can also offer their help in an emergency. Furthermore, several consultations are often necessary to solve a problem and a future request for help can be based on the solution history of the respective client. Availability can be controlled via cloud applications and the allocation of appropriate access rights to the personal e-file. While this dimension focuses on the management of an organisation, the protection against manipulation, disclosure and loss of relevant data mainly concerns the underlying IT infrastructure. Privacy is an essential umbrella for both aspects: on the one hand regarding the consultant/intermediary–client relationship, and on the other hand of course regarding to data security and data protection (Grimm and Bräunlich 2015). While data security should protect data, privacy protects people. Data security concerns the protection of data against abuse, falsification and loss or non-availability. Data protection concerns the use of personal data by authorised persons. Data protection is primarily of interest from the perspective of the data subject, while data security is primarily considered from the perspective of the data processor and owner (Bühler et al. 2019). Data security is thus aimed at IT systems and therefore at the technical component of digital services, while data protection refers to stored content and hence the legal component. The latter is usually regulated by specific directives such as the European Data Protection Regulation (GDPR) and must be implemented by intermediaries or organisations involved in online consulting. The former, however, requires consideration because of the relevance of blockchain technology for digital consulting platforms.
In order to securely archive long-term data in digital form (Hackel and Roßnagel 2008), it is possible to work with local systems, i.e. software installed on local computers and/or storage on individual data carriers. Modern working environments, on the other hand, use certain cloud systems as a de facto standard. The advantage is, above all, the ability to work independently of time, location and device, as well as collaborative work due to the constant availability of the owing to its storage on servers that are usually provided externally. These are usually operated in computer centres, which in turn are specialised in their operation, administration, security and access protection as a business model. Hardware acquisition and maintenance are therefore no longer necessary if external services are used; the services provided can be easily adapted to the organisational development and, if necessary, several existing or new company locations can be easily integrated; SaaS models for, for example, specific CRM systems for documenting customer contacts also allow reliable cost calculation based on monthly invoices. The only requirement for its use is sufficiently fast Internet access. Employees are then given access to the files relevant to their work, which can sometimes also be edited collectively.
The points mentioned above already show that not only clients must have confidence in the provider in order to use it, but also the management of the organisation itself must trust in cloud providers with regard to data security, sovereignty, access and processing as well as storage location, maintenance, failure protection and so on (Walterbusch and Teuteberg 2012; Buch et al. 2014; Backhaus and Thüring 2015), which provide and ensure the technological basis for the work on the client. In addition, dependence on the cloud or SaaS provider also has a significant impact, as non-compliance with data protection and security standards ultimately falls back on the institution. This can not only result in image problems but also sometimes lead to immense downtime costs in the event of the cloud provider’s insolvency.
The current practice of data processing and the reasons mentioned above motivate entrepreneurs and their teams, as same as individuals to think about alternatives and/or possible solutions. Trust in centralised systems can be created, for example, through anonymisation (e.g. through onion routing, as in the TOR service), encryption technologies (Schulz 2016; Petrlic 2017), digital signatures (Kumbruck 2000; Bertsch 2002), VPN connections and/or legally and audit-proof archiving (Hackel and Roßnagel 2008). In addition to these instruments, the blockchain also serves to increase not only data security, but also data protection, as described in the following section.
2.2 Foundations, Advantages and Disadvantages of Blockchain Technology
The technological basis of a blockchain is formed by the so-called data blocks: each block contains at least one data record (e.g. digitally recorded contents of a consultation), a timestamp (date and time of the conversation), transaction data (in the form of addresses of the parties involved, e.g. from consultant to client) and a cryptographically secure, so-called hash value of the previous block as well as the verification sum of the entire blockchain. The hash value is a character string of a certain length that acts as a check value: the blocks that build on each other are cryptographically linked using the hashes to form a chain (e.g. to map the course of a consultation over a longer period of time). This is where the name of the technology is derived from (Swan 2015; Mougayar and Buterin 2016) (Fig. 1).
The entirety of these signed and sealed blocks is called a blockchain. It is stored on several network computers or nodes; thus, it is decentralised and hence a neutral system of information processing (Burgwinkel 2016). To participate in the blockchain, a software access, the so-called wallet, is required. Access is gained via digital keys: the public key is comparable to the international bank account number (IBAN) known from the banking sector, and the private key is like the secret personal identification number (PIN). The public key can, therefore, be easily communicated to third parties as an address for transactions, while the private key serves as an access password to the wallet and for transaction verification: in order for the participants in the public blockchain to agree on an identical version of the same block, a consensus must be reached—for this purpose, there are various mechanisms for signing or creating blocks.Footnote 2 This process is called mining. Those actors who are involved in this process are called miners—in the above metaphor, these are, so to speak, the accountants of the blockchain.
The advantages offered by blockchain are numerous. First, the technology creates a new level of transparency, as all transactions can be monitored. Furthermore, the code of the blockchain is often freely available. Decentralisation ensures that each participant (e.g. consultants and clients involved in the network) has equal rights and always a synchronised, validated and up-to-date version of the blockchain. This also means that decisions (e.g. on code updates) must be made by a majority. By storing the blocks in the distributed network, the verification of the transactions by numerous nodes as well as the cryptographic encryption and the complex consensus mechanisms, a high degree of integrity and manipulation security is generated in a blockchain (Hooper 2018). This makes it highly reliable and trustworthy (e.g. for verification to a third party, such as a health insurance company).
Decentralised data processing with many replications also leads to a high degree of reliability (Burgwinkel 2016). This redundancy is thus effective protection against attacks and data loss. Furthermore, the interlinking of the individual data blocks with the help of transparent hashing in the distributed network ensures good traceability of the permanently traceable transaction history (e.g. in the form of a medical history; Consultancy UK 2017). The blockchain also enables transactions to be processed faster and more efficiently than previous methods. This can lead to an increase in quality at lower costs compared to other IT systems. The technology also ensures disintermediation, i.e. the streamlining of value chains, which can prevent dominant market positions (Song et al. 2016). Particularly, (fee-based) intermediary players are affected, which could be eliminated by using a blockchain (Düring and Fisbeck 2017).Footnote 3
However, the advantages are also countered by several disadvantages (Cap 2019; Kossow 2019). Currently, the scaling of blockchains is problematic: since each node of the network has to store all data, large amounts of data of several terabytes can accumulate in a short time, especially with numerous transactions (e.g. payments), as the blockchain increases in size with each block. It is therefore difficult for many new users to join a blockchain at short notice. With the current broadband and storage capacities, participation is therefore difficult, especially for private individuals, or involves great demands on the technical infrastructure. Ultimately, this also limits the lifetime of a blockchain if the expansion of memory and network speed is lagging behind the resource requirements of a blockchain, and thus successive nodes will disappear, since for instance the expensive hardware is no longer affordable.
Concerning the transactions, there are two noticeable features in particular: on the one hand, the actual transaction must also be signed and synchronised, which is why a blockchain has a significantly lower performance about the speed of the transactions compared to a classic database, which only stores the final state and not the entire transaction history as does a blockchain. It should be mentioned, however, that the difficulty of capacity and confirmation delays is an increasingly less weighty argument against the blockchain, mainly due to the lighting network.Footnote 4 On the other hand, revising transactions is virtually impossible—the stability postulated above as an advantage is thus also a weakness. This applies in particular to public-permissionless blockchains (see the following subchapter, in particular, Table 1); in blockchains with a restricted consensus, this may be possible because the group of validators is clearly defined and they can decide on a rollback by majority vote (Baumann et al. 2017). The above-mentioned advantageous transparency ensures, especially in the case of public blockchains, that everyone can use the public key to view the transaction history—i.e. income, expenses and prices—via an explorer, which is not desirable for every potential participant and is therefore disadvantageous at the same time. This is particularly relevant for automated big data analyses, for example, regarding systematics of transaction flows. An additional problem is access to the blockchain: if a user loses the private key required for validation, he also loses irretrievable access to his wallet and thus to the blockchain (Dasu et al. 2018). While this problem mainly affects individual participants, another problem arises on a collective level: if the actors involved in a blockchain do not have a consensus on the future of a blockchain project since the majority decision process can sometimes be difficult for actors unknown to each other due to a lack of trust (which is why majority voting is both an advantage and a disadvantage), it can lead to the so-called forks, i.e. to splits and thus fragmentation of one and the same blockchain. This can lead to uncertainty among users, as they may then no longer know which blockchain is the one with the more promising future. Another difficulty can be the integration of a blockchain into existing IT infrastructures. This applies equally to hardware and software at the technical level and change management at the employee level.
Table 1 Types of blockchain technology