Inevitably innovation challenges the typical
ways of doing things and regulation always seems to lag progress. How can we
balance protecting personal identification information with the opportunities
offered by blockchain?
There’s no doubt that 2018 was the year that
the protection of personal information became front of mind, whether through
data breaches, Facebook sharing information for dubious purposes, or the
implementation of the General Data Protection Regulation (GDPR) in the European
Union and the still pending roll out of the Protection of Personal Information
Act (POPIA) in South Africa. Depending on your perspective, 2018 was when we
finally started ensuring companies take their responsibilities seriously, or
the year we started breaking things and stifling innovation by trying to
protect personal information in inappropriate ways. (It’s probably a bit of
both.)
Take POPI and blockchain, for instance.
Blockchain is the distributed ledger technology that underlies cryptocurrencies,
but also can be used to power many other things. For instance, Malta is looking
at a blockchain-powered land and health registry. And Estonians can log into
their blockchain-based healthcare registry and see exactly who has accessed
their details.
The savings alone that blockchain offers are
staggering. Goldman Sachs estimates that the securities industry could save $11
- $12 billion in fees by using blockchain to remove errors in the clearing and
settlement of cash securities. And we have only started to scratch the surface
of what blockchain technology will allow us to do. It’s useful to think of
blockchain as an operating system, like Microsoft Windows or Apple OS. The
really exciting stuff is what people will develop on top of it.
A fundamental feature of a blockchain, what
makes it so useful for storing important records, is that it can never be
erased or rewritten. But wait a minute, what about the right to be forgotten,
to have personal data deleted, especially from the internet? This is explicit
in GDPR, which any South African company dealing with customers in the European
Union has to comply with, and implied by POPI, which says that people can
request their personal information and records be corrected or deleted.
Does this mean we have to choose? Remain stuck
in the past and miss out on the promise of what blockchain will enable for us
and our customers, or risk the fines threatened by POPI and GDPR and the brand
damage associated with non-compliance? Alternatively, do we water down
blockchain technology, and its capabilities and promise? Can you imagine if almost
40 years ago, we severely constrained an aspect of the brand-new Microsoft
Windows interface manager? What would we have missed out on? Let’s not do that
with blockchain, either.
Blockchain
101
Unlike central registries controlled by a
single authority, say a bank, blockchain ledgers are spread out over a number of
anonymous computers, connected on a peer-to-peer basis. The people involved
don’t have to know, or even trust, each other. Transactions are announced to
the group and recorded by everyone. At set intervals a section of the ledger,
called a block, is locked irreversibly using cryptography and information from
the previous block, and added to the blockchain. Working on the principle that
the majority is honest, if any copy of the block on the network doesn’t match
that of the others, it is replaced with information the majority agree on. In
other words, the longest block is the true one.
As published in ASA Magazine December/January 2018
No comments:
Post a comment