When it replaces current privacy laws in May, the much-hyped GDPR will usher in an age of unprecedented personal data protection, with one catch: it might already be out of date, thanks to Blockchain and its innovative approach to security. A clash between these two giants is brewing – can their differences be resolved in time?
As you’ll recall from last week’s musings on Blockchain, the Bitcoin progenitor is now standing on its own two feet, serving as a viable security solution for the Internet of Things, as well as being put to work by companies for a series of interesting new applications. The potential which Blockchain holds could revolutionise technology and security as we know it, putting the innovation in an exciting position.
But much like Sampson’s strength-giving hair, Blockchain’s greatest strength – the ability to function as an immutable, distributed ledger of information which cannot be altered – could also end up being its weakness as May draws ever nearer.
GDPR vs Blockchain: Why the Clash?
As I’m sure you’ll be aware, we’re mere weeks away from GDPR coming into effect, bringing with it a whole raft of new privacy laws to obey. Chief among these stringent rules is the obligation to grant individuals the right to be forgotten – that is, to ensure requests for personal information to be deleted are carried out.
What has started to occur to many within the industry is that, by its very design, Blockchain puts itself at odds with GDPR. That’s because the data-holding blocks in a chain (as mentioned above) cannot be edited – therefore, individuals can’t have their information deleted or altered as per GDPR guidelines. Not to mention the difficulty faced in holding contract with every member of a decentralised Blockchain network, and the impossible task of identifying who is liable in such a setup.
These incompatibilities pit the two security titans against one another, with innovative businesses exploring Blockchain’s potential finding themselves trapped in the middle. But how does this have the potential to be harmful?
The EU Left Behind
For some reading this, the solution might seem simple: follow GDPR’s lead and abandon Blockchain. This late in the game, however, it would be far too great a disadvantage to snub Blockchain in favour of GDPR, due to the system’s potential and GDPR’s EU-centric existence.
GDPR exclusively covers the processing and security around the personal data of every individual in an EU member state, whether the processor is based in the EU or outside of it. That still leaves a lot of the world free to carry on using Blockchain to facilitate IoT technology, implement smart cities, supercharge automation, and push the boundaries of 21st century security without being limited by GDPR.
Whilst the world continues to embrace what Blockchain has to offer, it’s entirely plausible that the EU would find itself outpaced and falling behind because of its own security guidelines. As for Britain, with Brexit still some time away and our hands tied by GDPR, we could find ourselves left in the dust by international competition.
Quelling the Clash
Despite the obvious difficulties, observers primed for a showdown between Blockchain and GDPR could find themselves disappointed, thanks to proposed solutions from across the industry – it doesn’t have to end in tears after all.
One such workaround, offered up by Andries Van Humbeeck – Blockchain consultant at The Ledger – is the idea of storing personal data in one location and only adding reference to the data to the Blockchain. Although Van Humbeeck recognises that such a solution lessens the efficacy of Blockchain, it’s an approach which satisfies the obligations of GDPR whilst allowing for continued participation in Blockchain.
Meanwhile, Gregg McMullen of the Interplanetary Database Foundation (IPDB) – a project to create a hybrid Blockchain database – has put forward his organisation’s proposals to resolve their differences. One such solution is to ‘blacklist’ information, preventing it from being served even if it isn’t deleted. Similarly to Van Humbeeck’s idea, IPDB have also tinkered with the idea of not putting personal data on the Blockchain, instead using ‘hashes’ of information to verify data whilst still enabling deletion.
McMullen’s compromise has the potential to work out best for both GDPR and Blockchain, as it still allows for Blockchain’s USP of being able to verify data using a network, whilst keeping businesses on the right side of GDPR.
Compromise and Thrive
It’s clear from listening in on the industry’s commentators that although we can expect some difficulties, GDPR by no means spells the end of Blockchain; after all, it’s a highly adaptable technology which has evolved from establishing a decentralised currency to being entrusted with private data in a number of different settings across the globe.
Blockchain and its supporters cannot, however, be expected to be the only party who works to establish a relationship between the two: EU officials must better prepare legislation to tackle real-world technology and its development and applications if we’re to avoid further clashes.
Maybe, with better harmony between those in power and tech innovators, Blockchain and GDPR can resolve their differences after all – a lesson we could all do with learning from time to time. But for now, we’ll have to wait until May to see how the relationship between these two security titans actually unfolds, and who will come out on top when the dust settles.
Keep up to date with Kaleida’s blog for more insights and news around Blockchain, IoT, and much more. To find out more information about Kaleida’s work as a bespoke software development house, feel free to explore our case studies page, or get in touch with our team directly.