GINETTE METHOT, VAULT ANALYTICS @GINETTEMETHOT Image Credit: Shutterstock / Hetmanchuk Serhiy Data, artificial intelligence, machine learning (ML), and deep learning (DL): These make up the zeitgeist of our current times. We read these words constantly. We also hear they will leave no area or industry untouched. But what about the arts? How have they influenced or […]
The General Data Protection Regulation (GDPR) in Euro land comes into effect on 25th May 2018. The new EU regulation GDPR has several requirements on Data protection, but few important guidelines very relevant to social networking & blockchain technology are listed below for academic discussion
- Business processes that handle personal data must be built with data protection by design and use the highest-possible privacy settings, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately.
- No personal data may be processed by ‘data controller‘ or ‘data processor‘ unless explicit opt-in consent taken from the ‘data owner‘. The data owner has the right to revoke this permission at any time.
- Data owner have the right to request a portable copy of the data collected by a processor and the right to have their data erased under certain circumstances.
- And many more requirements regulating Data management…
So how GDPR & Blockchain related?
In simple terms, Blockchain is a distributed database that maintains a continuously growing list of records which is called Blocks. Each block contains data, could be personal or financial or any data, that has a link to a previous block like a chain. By virtue of the design, each node in the blockchain has a copy of the data. Not just the block that node was processing, it would have the copy of all other blocks generated by every other node in the network. This is the exact way any Distributed Ledger Technology (DLT) using Blockchain would function.
Not just the cryptocurrencies, the large financial institutions & corporates started using blockchain technology in every possible way to innovate their service to go an extra mile. There is no doubt that the benefits are huge and this disruptive technology is rapidly transforming all old school business models. Greater transparency, more accurate and consistent than paper-heavy processes, improved traceability, increased efficiency, reduced cost, and the list goes on and on…
Then what is the concern now?
- Blockchain transactions are immutable. It is not possible to delete any information from a blockchain record. This may contradict the GDPR data owner’s right to erase specific personal data on the need basis.
- Each node in the blockchain has a copy of the data. This raises issues of complete erasure of data, the principles of minimal data and spreading data in the network.
- Depending on the type of Blockchain used, parties who were not involved in processing particular block, but as part of DLT Eco-system can decrypt the hash algorithm and gain access to data. This could lead to immense data privacy issues.
- Role identification as Data controllers or Data processors is difficult in any DLT framework. In many DLT systems, there are no central operators and administrators exists and the whole system functions with the peer-to-peer network environment. For example, Cryptocurrency #Bitcoin endured a hard fork event in Aug2017 and gave birth to Bitcoin Cash. Reasons might look like some sort of technological upgrade and certain enhancement in the product lifecycle. But deep inside, these hard fork incidents do reveal the lack of administration in the DLT platform. ie. a single or group of end users can get together and do enterprise level change in the product features and there is no central body to administer the product changes.
Blockchain adoption is on rising. Now #FinTech & #RegTech companies to start reviewing what data goes inside their blockchain capsule, consider reviewing demography of each node subscribed in the DLT. More and more regulatory sandbox frameworks are expected to come up. It is time to go back to drawing board and make Compliant Technology!!
Comments and suggestions are always welcomed 🙂
We all would have noticed every web page, every social networking apps prompting you to accept cookies policy or forcing you to review the privacy settings. You would be prompted with several links and contents to read which would be thicker than the Bible. We all can go thru that if we have time and energy, or simply press accept button and get on with your intention to visit that site or app 🙂
Question. Ever wonder why this wave of user consents taken from all web pages and apps? Is it something important which they forgot to ask you earlier? If yes, why now??
Some stats before we get to the topic. Everything on the internet is free of cost. Be it free email account with a lot of gigabyte capacity, social networking sites with automatic friends suggestion, productivity tools in the smartphone such as single email app to see all your emails in different domains. All these ultra-modern features given free of cost!
What about the cost to the company? According to 2012 statistics, 2.5 exabytes – that’s a billion gigabytes of data get generated every day in 2012. Google researchers in 2016 point that users upload over 400 hrs of video every minute, which means 1 petabyte – that’s 1 million gigabytes of data center storage capacity every day. In 2013 Facebook’s data center deploys 7 petabytes of storage every month. That is the size of Big Data rolling in the world wide web. Today in 2018, you get 1 terabyte cloud space for $1500 a month for personal cloud computing.
If everything is at a cost to run a business, then how are they offering free service. In any business model, be it traditional or new age, all business services are for some benefits. If ultramodern services are offered free of cost, then you need to understand you are the commodity. You are the Data. Your personal information, preference, social networking habits, what you share, what you like, your contacts in the email account, your contacts in the smartphone – all of that form components of data, which you are giving to the social networking company in return.
Now back to the topic. Regulators worldwide are closely working towards the development of personal data protection, and the urgent need for enforcing policies guiding data management. You may recollect Mark’s US Senate Committee hearing in Apr2018 & all those grilling questions from US Senators. In May2018, it was European Union’s turn. EU parliament members crushed Mark with harshest questions. On 25May2018 EU mandates GDPR – General Data Protection Regulation on data protection and privacy for all individuals within European Union.
To know more about the effect of GDPR on the first-day, read here Effect of GDPR on day1
Happy to hear comments and suggestion 🙂