The apparent incompatibility of blockchain technology with General Data Protection Regulation (GDPR), marks the entering the age of post-industrial proactive regulation that some identify with the age of Web 3.0.
On May 25 of this year, the ground-breaking data privacy regulation of GDPR came into effect. While it is an important step in the direction of regarding data not just a resource (“data is the new oil”, anyone?), but something intrinsically linked to its subjects, the regulation falls short spectacularly in capturing the reality it wants to regulate.
The limitations of GDPR have been noted by Anne Toth, Head of Data Policy for the World Economic Forum, a think tank responsible for organizing the annual gathering of world leaders at Davos. She discusses the contradiction of between GDPR and blockchain, and identifies a blind spot of policy-makers when it comes to understanding how the new regulation will affect a technology that “exploded into public consciousness” while “European policymakers were debating and finalizing aspects of GDPR.”
She identifies the root cause of this problem as being the general phenomenon when “regulation is addressing a problem in the rear-view mirror rather than looking at the road ahead.”
You may think this is nothing new. After all, many people believe we are unable to regulate the complex systems that surround us. Harvard historian Niall Fergusson, goes as far as to make the point that instead of preserving our civilization (and I would add our planet), the explosion of regulation contributes to its degeneration.
Anne Toth, as previously mentioned, concludes that “policy needs to be as flexible as technology” and calls for a “layered and cooperative approach to policy making.” While I agree with her that GDPR wouldn’t be the same if the regulator understood blockchain technologies, I think there is a deeper cause for this recurrent failure of regulatory policies to address the complex reality they intend to regulate.
I don’t believe the reason is simply that regulation is progressing slower than technology. This is certainly part of it, but I think it is a way to look at technologies simply as previous rather than latest, so the only thing we need to make sure of, is that we fix the inclusiveness of the policy making process to be more reactive to the technology changes. I think the key is a better understanding of technologies as language (our first social technology after all), as mediators of our understanding of the world. Only this approach could create a proactive regulation, the only regulation we know works, the regulation we find within the natural world. After all, we would not survive if our bodies didn’t regulate our body temperature!
Tech philosophers Mark Coecklbergh and Wessel Reijers conceptualized the theory of narrative technologies that comes to our rescue. They say that, “not only do humans make sense of technologies by means of narratives but technologies themselves co-constitute narratives and our understanding of these narratives.”
Based on this theory, the regulation of data as resource reflects the narrative of the Industrial Age, where the industrial ensembles, through the organizations that control them, are trying to unilaterally determine what a resource is and how it is processed and controlled. As mentioned in the linked article above, consider the case of the emerging data giants of the Web 2.0 age, who are effectively data monetization machines. This technology is narratively inflexible, generating passive-abstracting narratives leading to similarly inflexible and reactive attempts to regulate it. Hence the terminology of GDPR which appears to be reminiscent of the Industrial Age: data processors, data controllers and others.
But as Anne Toth has correctly identified, blockchain technologies are generating flexible, pro-active (or active-abstracting) narratives. The data is not simply a resource anymore, but something that is organic to an individual, an organization or a community.
Therefore, the conceptualization of data privacy looks different when we factor in the existence of technologies that make every data movement consensual as opposite to unilateral. For example, is a digital picture that I send to you regulated by our consensus or by your unilateral decision (to send it to a third party)?
Thus, blockchains make it possible for data to never really detach from the person and makes sure the data is always used for a pre-defined purpose. This is the idea behind the self-sovereign identity, new trust economy enabled by blockchains.
Without regulators learning the technology behind blockchain, GDPR will only be a victim of its own intent. Once this is changed, not only will blockchains not be blocked by GDPR but effective food safety, carbon cap and trade, and a transparent jewellery supply chain, will be regulations that can be effectively enforced, collectively marking the beginning of the era of proactive regulations.
Every industry experiences a productivity hit when discrepancies arise around financial settlements. In the supply chain, for example, processes that may even be part of an automated procure-to-pay workstream grind to a halt when an invoice and the related goods received documentation don’t match up. Even data-driven industries like telecommunications are affected, with hundreds of […]
The Adrienne Arsht Center for the Performing Arts of Miami-Dade County is one of the largest and most architecturally significant venues of its kind in the United States. Renowned architect Cesar Pelli’s preservation of the seven-story Art Deco tower from the former Sears store on the site is creating a thriving arts scene and entertainment […]
Blockchain struck society like a lightning storm on the plains. Fast and sudden. Over 10 years ago, a whitepaper was produced unveiling the technology and within seven years, families were discussing the topic over dinner, state legislators were passing bills, and CEOs were being asked for a “blockchain plan” by their Board. Some industries moved […]