?DATA-PROTECTIONISM AND BLOCKCHAIN: INCENTIVE OR HINDRANCE
Data-protectionism is gaining more prominence as people are increasingly using their digital identities to complete virtual transactions in every aspect of their daily lives. Our personal information, financial logs, images, texts and locations, all are accessible to anyone in the world, provided they find a way to do so.
Governments and legal authorities have started to step in to regulate data usage and storage in the virtual world. While many consider regulation necessary not only to ensure consumer safety but also to help technologies thrive with client-confidence, some provisions are feared to have direct repercussions on data-nexus technologies, especially blockchain.
Recently, the European Union (EU) started enforcing the General Data Protection Regulation (GDPR) to attain three main goals: “harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and reshape the way organizations across the region approach data privacy.”
The key features of the new regulation will transform data-usage in any digital venture; it introduces new technical and structural obligations to data-processing institutions, whether public or private and most importantly, it gives “data-subjects”- as in the individuals- the control over storage and use of their personal data.
For example, the regulation requires data-driven entities to implement data protection measures to ensure EU’s citizens’ privacy “by design”, frame risk-assessment measures, and for some companies to appoint “data-protection officer” to supervise the company’s compliance with the GDPR.
The officer can alert authorities whenever a risk to data privacy is detected, and hefty fines will be imposed on non-complying companies. At the same time, the new regulation gives data-subjects the “right to erasure”, meaning every individual has the right to request the deletion of personal data stored digitally. Furthermore, data-subjects have the right to ask for a copy of their personal information held by companies which in turn will have to inform data-subjects about how their information is processed, acquired and shared.
The GDPR, described as the most significant data-privacy regulation in the last 20 years, will export privacy standards worldwide, despite being EU-central. Multi-national companies who have operations in the bloc, like Facebook, Google, Amazon, and many others, will have to comply with the regulation. Also, any country looking to sign a trade deal with the EU will have to respect the GDPR. Argentina, Japan, Columbia, and various countries are looking into following EU’s path into data-protectionism.
Impact on Blockchain Operations
At first, it might appear like regulations and blockchain are at clash. However, they both share the end-goal: data protection. One of the most attractive features of blockchain is security; the technology’s philosophy is built on allowing users who do not know or trust each other, share important data in a way that is difficult to attack or manipulate (learn more about how blockchain works here). In fact, governments and administrative bodies are embracing the concept of blockchain for its two attractive advantages: security and efficiency.
For example, a new bill was recently passed in Vermont allowing blockchain usage for land and other public records. In 2017, Nevada was the first state to ban imposing taxes on blockchain operations, helping to create a legal foundation for the use of blockchain-based documents and contracts. In the same year, Arizona passed a law that recognizes blockchain signatures and smart contracts. Dubai leads the most ambitious initiative to fully adopt the technology and become the first blockchain-powered government by 2020.
It is worth mentioning that the legal debate is still in its early stages as the world is still trying to understand what blockchain is and how it operates. Some opinions believe blockchain as an algorithm, technical structure, and technology cannot be regulated; however, entities that use blockchain technology and are engaging with real data-subjects will be the real target of any laws. Others state that any data-protectionist regulation will clash with the essence of blockchain; for example, the “right to erasure” stipulated by the GDPR is conflicting with the technology’s architecture where transaction records cannot be changed or deleted.
Some initiatives are looking into ways to reconcile regulators with the technology. For example, researchers and analysts from the Imperial College of London, Cornell University and GitHub are working on the “Teechain” project, which is essentially a blend of trusted hardware (TEEs) and blockchain; it relies on a structure where the data privacy can be protected from outside threats and stored off-chain without access to the underlying blockchain.
The consensus is that blockchain is an innovative technology and has the potential to generate positive change across many industries, some believe that blockchain is a security solution to the growing concerns over data privacy and ownership. At the same time, governments and regulators must address the concerns and protect the rights of the communities they serve as the digital revolution is changing the world as we know it.
The debate is now focusing on whether there is a way to reconcile technology advancement with legal complexity to protect privacy without hindering the high-tech progress. One hopes that the answer reflects the old saying; necessity is the mother of invention.