The word "trust" is loaded with many meanings. There's personal and intimate trust. When we say we trust a friend, we mean that we trust their intentions and know that those intentions will inform their actions. There's also the less intimate, less personal trust -- we might not know someone personally, or know their motivations, but we can trust their future actions. Blockchain enables this sort of trust: We don't know any bitcoin miners, for example, but we trust that they will follow the mining protocol and make the whole system work.
...
What blockchain does is shift some of the trust in people and institutions to trust in technology. You need to trust the cryptography, the protocols, the software, the computers and the network. And you need to trust them absolutely, because they're often single points of failure.
When that trust turns out to be misplaced, there is no recourse. If your bitcoin exchange gets hacked, you lose all of your money. If your bitcoin wallet gets hacked, you lose all of your money. If you forget your login credentials, you lose all of your money. If there's a bug in the code of your smart contract, you lose all of your money. If someone successfully hacks the blockchain security, you lose all of your money. In many ways, trusting technology is harder than trusting people. Would you rather trust a human legal system or the details of some computer code you don't have the expertise to audit?
Tag: Blockchain
Simon Sapin (Twitter)““Blockchain is a technology in search of a problem to solve, pushed by ideology into areas where the unsolved problems aren’t technological” https://t.co/z52cF0AUQI”
Blockchain and individuals’ control over their personal data
Blockchain challenges the European data protection law at its very foundations. Blockchain is a peer-to-peer technology with a distributed community and fragmented actions, while the GDPR’s obligations are conceived for centralized architectures where there is a clear distribution of roles and activities. In particular, under the GDPR’s approach, data controllers and data processors are those actors who have to comply with this legislative framework, bearing responsibilities in case they do not. However, blockchain is a technology whose core aspect is the absence of a middleman, namely a controller. Peer-to-peer design challenges the application of traditional legal regulation and questions who must comply with the GDPR and, thus, who has to be held liable for the processing and protection of personal data through the implementation of adequate technical and organizational measures as the principle of accountability calls for (Art. 5(2), GDPR).102
This study by Roberta Filippone analyses blockchain technology through the lens of the individuals’ control over their personal data, to assess whether blockchain can empower the individuals’ control in compliance with European data protection law.
Blockchain challenges the European data protection law at its very foundations. Blockchain is a peer-to-peer technology with a distributed community and fragmented actions, while the GDPR’s obligations are conceived for centralized architectures where there is a clear distribution of roles and activities. In particular, under the GDPR’s approach, data controllers and data processors are those actors who have to comply with this legislative framework, bearing responsibilities in case they do not. However, blockchain is a technology whose core aspect is the absence of a middleman, namely a controller. Peer-to-peer design challenges the application of traditional legal regulation and questions who must comply with the GDPR and, thus, who has to be held liable for the processing and protection of personal data through the implementation of adequate technical and organizational measures as the principle of accountability calls for (Art. 5(2), GDPR).102
This study by Roberta Filippone analyses blockchain technology through the “..lens of the individuals’ control over their personal data, to assess whether blockchain can empower the individuals’ control in compliance with European data protection law”.
The study looks at two potentially competing initiatives, the General Data Protection Regulation (GDPR) which is intended to give individuals the right to control how data about them is collected and used, including a right to have that information erase, and blockchain technology which may require the collection and long term retention of personal metadata to provide transparency and non-repudiation.
… the blockchain’s ledger is characterized by its immutability, meaning that every purchase, transfer or vote become part of a permanent record from which data cannot be erased.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
However, I think the GDPR provides and escape hatch:
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
I think all five of those can be applied to making the argument that the right to erase does not apply to blockchain technology used for financial transactions, identification, public records and smart contracts.
We are living in interesting times!
