How the paradigm is shifting as regulations and technology evolve
By William Cheng and John Frank Weaver
published:
Blockchain technology and its derivatives, such as bitcoins and smart contracts, have made headlines over the past two years.
Securities regulators and tax authorities have endeavored to articulate the way cryptocurrency transactions should be characterized and dealt with within existing frameworks. The same surrender of paradigms with the blockchain could soon reach the world of data privacy and information security as privacy regulations and blockchain technology continue to evolve.
What exactly is blockchain technology?
In simpler terms, a blockchain network is a distributed ledger (ie a decentralized database) with lots of bells and whistles. Being distributed / decentralized means that the data does not live in one place and there is no single owner or administrator. Instead, data is replicated and synchronized in multiple locations across the network.
Instead of an automated clearing room for electronic transfers, there is the bitcoin, where a transaction is validated by checking its parameters against the records dispersed across the bitcoin network. Instead of an escrow agent, there are smart contracts, through which transactions can be executed automatically when certain conditions occur.
An important feature of the technology is that records can not be changed effectively.
Its characteristics make blockchain technology an excellent choice for data security because it can improve the confidentiality of data and transactions because encryption is critical to the blockchain.
An intelligent contract or other blockchain-based application could, for example, allow verification and execution of the conditions and parameters of a transaction without disclosing the underlying material data. Blockchain can also improve data integrity because the records are immutable and can not be changed once they are on the blockchain – not even from the original creator of the record. Finally, because records are distributed and decentralized, there is no single point of failure.
But the design features of a blockchain network that make it such a useful tool for data security actually make it problematic for privacy. This becomes evident after considering how any blockchain application can meet the requirements of the General Data Protection Regulation of the European Union (GDPR) and the California Consumer Privacy Act of 2018 (CCPA).
The GDPR, which entered into force on 25 May and the CCPA, which will not enter into force until 1 January 2020, ensures that people maintain a certain level of control over their personal data and personal information, but blockchain applications are intended to to prevent people from modifying the information contained in their digital records.
For example, Article 16 of the GDPR grants each identified or identifiable natural person the right to obtain the correction of their personal data held by a natural or legal person who makes decisions about the processing of personal data of an interested party . However, in a decentralized blockchain network there is not necessarily a clearly identified controller for a data subject to be contacted to enforce this right.
Article 17 gives the persons concerned the right to oblivion or, in other words, the right to require a controller to delete all personal data. In the blockchain context, this is not necessarily possible when no block in the chain can be deleted. Furthermore, article 18 gives the data subjects the right to restrict the processing of their personal data, but this may limit the functionality of the entire blockchain.
The CCPA could pose similar problems. According to the law, a consumer has the right to instruct a company not to sell personal information to third parties, meaning that a company that seeks to sell a blockchain network will have more difficulty removing individual blocks from each chain .
The difficulties posed by the GDPR and the CCPA are not necessarily insurmountable and, in fact, some of the limitations of the laws can create exceptions useful for blockchain applications. However, if you are using or considering the use of blockchain technology, you should be aware of the requirements imposed by the new and pending privacy laws.
William Cheng and John Frank Weaver are lawyers in the privacy and data security study group at McLane Middleton, P.A. Weaver can be reached at [email protected]. This article was previously published on NH Bar News.
[ad_2]Source link
