Blockchains should have ‘privacy by design’ for GDPR compliance Buidl from the ground up Story by 76 Shares
General data protection regulation (GDPR) and blockchain is one of the industry’s most contentious debates at the moment.
Some believe that public permissionless blockchains cannot be GDPR compliant, and that private blockchains might be the answer to blockchain’s regulatory woes. Even so, private blockchains bring into question the very meaning of what a blockchain is. There is no simple answer.
Dutch blockchain startup, LTO Network, hosted speakers from Barclay’s bank, Cambridge Computer Lab, and Queen Mary University to take on some of these challenging questions at Hard Fork Decentralized last night.
The overarching sentiment from the evening? That we should probably be trying harder to get our heads around making blockchain a legally compliant technology that can be used in a broad range of public service settings. Blockchain design from the ground up
According to Barclay’s Intrapreneur, Julian Wilson, we need to “reconfigure our approach and way of thinking” when building blockchains. We should not be using blockchain‘s as bolt-ons or additions to current business models, but entirely re-imaging our business models built around a suitable blockchain – assuming that a blockchain is the best solution, that is.
In some cases building a blockchain purely for the sake of it is the worst thing a company can do. For a bank that has over 300 years of history, like Barclay’s, it is not as simple as just moving current banking process over to the blockchain. Hundreds of years of evolution can’t simply be unpicked and put onto an off the shelf solution, blockchains need to be bespoke.
Particularly when there are know-your-customer (KYC) policies required by law, not all blockchains would satisfy these laws, thus specialist blockchains need to be created. Indeed, to make a blockchain legally compliant, it should be built with the law in mind, and not the other way around. Blockchain as a crypto-legal puzzle
Researchers from Queen Mary University believe that solving the blockchain GDPR crypto-legal puzzle is actually quite simple.
Fundamentally, it can be solved by balancing blockchains design with legal requirement from the ground up. “To solve these design puzzles we must use creative solutions that support regulations by design,” said Dave Michels from Queen Mary University.
Michels described one solution to the GDPR crypto-legal puzzle, the right to be forgotten. In this case Michels believes that transaction data could be encrypted with a private key to generate a cipher text which can be stored on the blockchain in an immutable fashion. If one wants to be forgotten, deleting and removing the key makes the transaction data stored in the cipher text unreadable, but does not break the chain of records stored on the blockchain.
The issue however, is this creates a new challenge of where and how to store these private keys, in some cases it can lead to a point of centralization.
If this is the case, it challenges the notion of whether decentralization is the best choice for the given application of the blockchain – taking us back square one.
Of course, these solutions are only applicable for GDPR, other nations will have different takes on regulation, so tackling blockchain compliance on a global level is even more difficult.
Indeed, there is not going to be an easy answer to the crypto-legal puzzle that blockchains present. But with legal researchers, bankers, and deveopers – like those at LTO Network’s talk last night – working to solve these puzzles I am sure that a solution will eventually be found. Whether or not that solution can be regarded as a blockchain is a whole other conversation.
Published December 14, 2018 — 11:59 UTC December 14, 2018 — 11:59 UTC Show comments.