Kevin Phillips is the founder and CEO of IDU Holdings.
IIt is inevitable that in times of rapid innovation and change, the world begins to escape from itself. Things like laws, regulations, infrastructures and mentalities always need a little time to reach the forefront.
This is not new: when the motorized cars hit the streets for the first time, they had to be preceded by a servant who waved a red flag to warn other road users of the imminent arrival of the car.
So yes, the first cars only moved at a man's pace, despite their clear advantage in the speed department. Even without being slowed down by the flag-bearer, motorists had to wait for asphalt roads to replace the roads slammed by the horses' hooves, in addition to the addition of new road signs, traffic lights and appropriate road rules, to really start thriving.
Today we see this happening again with, for example, attempts by the London taxi industry to regulate Uber in order to "level the playing field", instead of rethinking the way it has been operating over the last 150 years.
In my opinion, we are reaching a similar turning point, in which the promise of blockchain could be canceled, or strongly delayed, by recent progress in the protection of personal identification information.
On the one hand, you have the blockchain and its promise of a better, disintermediate database infrastructure that could fuel everything from smart contracts, to medical records, to voting, to, I'm sure, a myriad of other skills that we have not even thought about it yet.
The key to the utility of the public blockchain is its capacity for disintermediation: it does not need a central control authority to work. And, secondly, its immutability: it can not be changed.
These two characteristics mean that it can conduct faster, cheaper and more reliable transactions between people who do not need to know, love each other or trust one another. Think about the value of corruption-proof contracts for one thing: spending and misappropriation of funds would be a thing of the past.
But what happens when the irresistible charm of the blockchain collides with the unmovable object of your right to oblivion?
This right is explicit in the General Data Protection Regulation of the European Union (GDPR), which every South African company dealing with clients in the European Union must respect and is implied by the law on the protection of personal information (POPIA) ), which states people can request that their personal information and records be corrected or deleted.
I had a problem with POPIA and GDPR before, wondering if they are going to hinder data driven innovation. Now I wonder what POPIA and GDPR mean by blockchain. The right to oblivion implies that, under certain circumstances, people can ask companies to change or delete their personal identification data. At the moment it is not clear what it means to cancel, especially in a digital context. Does it mean to completely erase or simply make it inaccessible?
The fact is that resistance to change is incorporated into the public blockchain and, indeed, is one of its very interesting features. So, how does a request for cancellation or modification of personal identification information take place? Do all nodes on the blockchain agree to modify the block, reset their chain and then adjust all the subsequent blocks?
Blockchain can conduct faster, cheaper and more reliable transactions between people who do not need to know, love each other or trust one another.
In principle, this could happen, but it would be a long process and will put the chain out of use for the duration. And what about subsequent blocks that contain information based on data in the first block that has now been changed? Or a computer that was part of the original chain, but has since been released for any reason?
It would be impossible to track them down to see if the data is still lurking somewhere on their hard drive. And what if the network of blockchain nodes simply refuses? There is nothing in them for them, after all, and it goes against the spirit of the blockchain, which is a fiercely protected thing.
So, who will be the POPIA or GDPR regulators if there is a violation? Who are the controllers and data processors now?
Of course, authorized private blockchains are a slightly different topic as it may be easier to obtain consent from nodes for deletion. But again, this starts to influence the value of the blockchain and its immutability and decentralized nature, as well as raising issues related to governance and audit trails.
This is a clear example of how regulation and security are very often lagging behind in innovation and, if we are not careful, can block it or stop it altogether.
There is no doubt that we must protect personally identifiable information, but at what expense? How long should we slow down the traffic instead of concentrating to restart the rest of the world?