Data Protection in an Industry Pushing Transparency

You may remember receiving a flood of emails regarding a change in privacy policy last spring. 2018 was a remarkable year for discussion of data privacy, the news flooding with GDPR updates as well as coverage of Mark Zuckerberg’s hearing over what Facebook was doing with user data. While there was ample discussion of these matters, the nuanced nature of data privacy leaves the average person unclear of its implications. A recent survey by OnePoll concluded that 48% of consumers don’t understand how organizations generally use their personal data. The Facebook trial, while a step forward for data protection, especially as it pertains to social media, was unfortunately overshadowed by the utter lack of education of the Congressmen interrogating Zuckerberg.

As more people have become conscious of how their behavior on the Internet affects ads they see and marketing communications they receive, the urge for the transparency and security of user data has become significantly more palpable worldwide.

As blockchain technology has gained in popularity, phrases like “public blockchains,” “open transparency,” and “distributed ledger,” are constantly emphasized in articles, keynotes, and white papers. Many mission statements urging for transparency and accountability in certain industries come from a place of frustration with middlemen that can control information and/or marginalize specific groups.

Both the grievances pertaining to data protection and transparency are legitimate. The question is, can positive strides be taken as it relates to both sets of issues, or do we have to decide between open, transparent, disintermediated blockchains and maintaining full control over our privacy?

Let’s back up a bit for a refresher on this past year. In May 2018, the European Union amended its General Data Protection Regulation (GDPR) for the first time since the early days of the Internet, with the goal of allowing users to easily control and understand how their data is being used and to hold organizations accountable for protecting their users’ private information. Users have the right to view and remove their data from silos, be notified when data breaches occur, and change how their data is being stored and shared. Failure to follow these regulations can result in a fine of at least ten million euro, and at most, 4% of the company’s annual income.

In bitcoin’s early days, the cryptocurrency was unfortunately associated with illicit activities, most famously on online black market Silk Road. Those that used bitcoin to purchase drugs may not have understood the public characteristics of the Bitcoin blockchain. Federal agents hired to take down Silk Road, Shaun Bridges and Carl Force, were diverting bitcoin seized from Silk Road to their personal accounts. While they used cutting edge encryption software to cover their trail, Federal Prosecutor Kathryn Haun had the immutable blockchain technology on her side. Haun explained to Quartz that she and her team of federal agents used wallet explorer blockchain.info to trace payments to these individuals. Haun explains, “A lot of criminal actors in the early days thought it was anonymous, but really it’s pseudonymous.” In other words, all of the bitcoin transactions are public and traceable — easily so if someone already has your wallet address.

How will blockchain technology come into play with data protection? You’re not the only one curious about this. So far, members of EU Parliament and the EU Blockchain Observatory and Forum, as well as the French Data Protection Authority have mentioned relationship strains between the blockchain industry and GDPR. Considering one of the most unique characteristics of blockchain technology is its immutable ledger, people have concerns about the implications of personal data being stored on a blockchain (especially a public one), forever. Issues with the GDPR updates arise, as individuals reserve the right to have their data erased from an organization’s database upon request, something not possible with technology that doesn’t erase but only builds upon itself.

This is not to say that blockchain technology is not safe or secure, quite the opposite; this technology is in the process of being applied to many different industries to provide security and transparency to organizations and individuals alike. Being a new technology, this industry is running quite differently than the European Union, and even the US’s SEC, is used to. There will likely need to be some give and take from both sides, but we will find out in a few years time just how well they can work together.