Interesting considerations are raised when immutable, decentralized digital records are crossed with variable, regional requirements for individual privacy
Specifically, how may privacy on public ledgers be implemented in the face of overarching requirements stipulating 'personal ownership' of data
The Other Fruit® has a simple answer as it pertains to the individual; anonymize publicly accessible entries allowing only self-selected recall and disclosure. For a government perspective we turn to Anne Toth of the World Economic Forum
GDPR is a unified privacy regulation that largely harmonizes the various and disparate legal frameworks that cover the more than half a billion European data subjects, or as I prefer to call them, people. GDPR gives specifically articulated rights to people over their data so that the phrase, “you own the data about you” has meaning.
These rights are enshrined in European law but making them actionable has not been simple. Adding complexity to the task is the fact that technology has a habit of changing quickly. It’s well known that technology often leapfrogs ahead of existing regulatory frameworks, leaving legislators and regulators to play catch-up. Consider the example of blockchain.
Blockchain has existed as a concept since 2008 but it has only recently exploded into public consciousness through valuations of cryptocurrencies like Bitcoin. Many technologists believe that blockchain will be more transformational than the internet itself.
But whilst many people equate blockchain with Bitcoin and cryptocurrency, they are not the same. “Blockchain is a cryptographically-secured transaction record that’s created without a central authority,” explains the World Economic Forum's Head of Blockchain, Sheila Warren.
Blockchain data can't be deleted. So will its applications be illegal?
Because blockchain relies on a distributed ledger system that is decentralized and immutable, it's intended to be a permanent, tamper-proof record that sits outside the control of any one governing authority. This is what makes it such an attractive and useful technology. But because data stored on the blockchain, including personal data, can't be deleted, there is no way to exercise the right to erasure that people are granted under GDPR. Blockchain is not designed to be GDPR-compatible. Or rather, GDPR is not blockchain-compatible the way it is written today.
While European policymakers were debating and finalizing aspects of GDPR, blockchain wasn’t on most people’s radar. This is yet another example of where regulation is addressing a problem in the rear view mirror rather than looking at the road ahead. This is the nature of most traditional regulation and illustrates how quickly technology shifts, pivots and morphs at a speed much greater than laws and regulations are designed to move. In this case, while we wait for the rules to play catch up, the question we have to ask is whether existing blockchain applications that store personal data are now rendered illegal in Europe until this is sorted.
Policy needs to be as flexible as technology
Government regulation has a critical role to play in creating accountability, ensuring responsible use of data and providing enforcement mechanisms to penalize bad actors. I am not arguing against regulation, nor am I arguing against GDPR. I am arguing instead for a layered and cooperative approach to policy making. We need future-flexible frameworks for governance that allow us to realize the benefits of data and technology while minimizing harms. This is much easier to say than to do.
If our collective goal is to ensure a future where we cure cancer in our lifetimes through better medical research, improve infrastructure and service delivery in connected cities, increase crop yields to feed more people, better understand and predict extreme weather patterns, create durable digital identities for refugees and people who have no documentation of their existence, provide more immediate disaster relief in times of crisis - then we will need to use data more than ever to realize these benefits.
Governments must work in collaboration with civil society, academia and the private sector to co-develop policy with a process that is as dynamic as technology. Policy makers and the regulatory processes they use need to be reimagined to be as nimble as the technology they seek to regulate, in order to help create the future we all want to see | May 26th 2018, Anne Toth from the World Economic Forum"
The clear statement that blockchain was 'not on the radar' during the redrafting of GDPR regulations is both completely understandable and likewise a testament of centralized bureaucracy's changing role. Tamper proof and decentralized capacities of secured information storage imparts authority on technology and activities themselves. This authority may be absent any authorized recording by one institution or body
Until recently trust or credibility was mainly solely granted by what could be classified as verified cores. Commonly these included government departments and large corporations. A person's travel document has been issued by this government, their credit card by that bank and so on
In what is still an emerging mindset today, with decentralized technologies such as blockchain, referencing any one verified core becomes conversely undesirable. Exactly as is the case with cryptocurrencies, assets may no longer require centralized seals of approval. The price of Bitcoin is not controlled by any one bank and a person owning their private digital keys for a blockchain entry may circumvent any one nationalized authorization
In this conversion a case for true democratization of government activity may better be made, in so far as allowing public accountability of their presently often obfuscated operational rationales
Government and technology are steadfast facets of daily life. It could not be reasonably predicted that either will disappear. Should technology, as per Toth's quotation, be outpacing laws and regulations would not the realistic approach be utilization of technological developments in a restructuring of centralized operations? Taking that technology is pivoting, morphing and shifting faster it seems either a curtailing of technological development by government or the guidance of regional centralized structures by technology are the two likely conclusions
Throughout this transitional phase TOF® again enacts and promotes selective use. Assurances and securities of decentralized technologies may be enjoyed through anonymized implementation. At no detriment to either established process, private entries may then be disclosed ad-hoc to centralized institutions at the participant's discretion. Existing and burgeoning distributed ledger technologies inherently contain this capacity
To presume nefarious private use is a delusion. In tandem with understanding, it is a far more justifiable blanket statement that people act to achieve what they have defined as being in their best interest. And in a treatment of participants as conscious individuals, for centralized bodies to impose possibly arbitrarily formalized restrictions in the name of continuing an established status-quo would be to ensure non-adherence
Propositions of centralized institutions curtailing 'bad actors' references their preceding structure. With decentralized, immutable and securely stored data surely activities may now be judged by more than any one source. Implementing decentralized technology, 'bad actors' face larger public accountability. Like formal centralized definitions of laws and regulations, existing centralized controls can be outpaced by technology's actual use