Blockchain is expected to emerge from the technological underground as companies adopt it as a compliance solution for tough new European data privacy rules.
Proponents have said distributed ledger technology (DLT) can ensure databases comply with the General Data Protection Regulation (GDPR), which comes into effect in the European Union on 25 May. Critics, however, argue the technology is incompatible with many of the regulation’s demands and may, in fact, render firms liable to non-compliance claims.
Better, Faster, Cheaper
Blockchain works by storing data in blocks, or information stores, hosted on a range of independent computers, all of which verify the authenticity of each other. In theory, it means only the data owner has easy access to that intel and disposes with the need for an overarching administrator. It’s a decentralised setup that lends itself well to the creation of cryptocurrencies and, say advocates, the secure storage of personal data.
“When it comes to personal data management, people want better, faster, cheaper and more secure – blockchain really does deliver on that and it’s relatively quick to implement,” said Loudon Owen of Toronto-based distributed data architects, designers and integrators DLT Labs.
“All databases are different, an extraordinary web of conflicting technology that functions on a day-to-day basis, and there is no simple unified way of accessing that data. Blockchain allows you to draw together all these different sources to give very simple clean access to this data irrespective of what legacy technology you have.”
GDPR will be enforced only by the governments of EU countries. But any entity or individual from outside of the bloc that does business with a European firm, or that has a European operation, will be obliged also to follow the rules. In this way, it’s widely expected that GDPR will very soon become the global norm.
The high level of security promised by blockchain’s advocates is touted an ideal solution to the regulation’s far-reaching demands on data privacy. It requires companies that use, gather and sell data meet a set of rigorous standards to ensure that information doesn’t fall into the wrong hands and isn’t used against a customer’s wishes.
Blockchain’s backers say its decentralised structure can ensure better access to private information and enable data to be stored more securely than in cloud-based systems.
“Consumers can control their information and only choose to share it with third parties temporarily or – even better – not at all, for transactional purposes,” argued Alastair Johnson, the London-based CEO of Nuggets, a company that’s developing a blockchain-based payment and identity management solution.
Right to be Forgotten
Nevertheless, critics warn against applying blockchain as solution to compliance. They have argued the technology’s failings would be most apparent in GDPR’s requirement that individuals retain ownership of their data and that they retain the right to have it removed from databases or destroyed on request.
“The irony is that GDPR and blockchain are, fundamentally, at odds with each other,” said Marshall Taplits, co-founder and CSO of NYNJA, a Hong Kong and US-based commerce and communications platform. “GDPR is all about protecting the individual’s right to control their personal data, and about the right to be forgotten. Blockchain is about making sure data is permanent and transparent fundamentally.
“The good news is that in general the blockchain community’s underlying values are very much in line with GDPR principles, so I believe there is a way forward.”
Yael Tamar, founder of New York-based Top of Blockchain said DLT’s suitability as a compliance tool was clouded by the fact they were never designed to hold personally identifiable information. Therefore, blockchain-based networks may be no more secure than other networks.
Other sceptics remain optimistic. Ian McClarty, CEO and president of Phoenix Data Center in Arizona, believes blockchain can provide all that companies need to comply with the new EU regulations. Whether it will be widely adopted for that reason, is another question.
“The privacy-by-design elements of blockchain provide an out-of-the-box compliance solution to the savvy CTO looking for a quick win,” McLartey said. “However, blockchain is a sea-change in the way authentication works and these sorts of paradigmatic changes in technological sophistication require time to gain market acceptance.”