Blockchain and GDPR - a Call to Arms!

in busy •  4 months ago

TL;DR

When it comes to job-creating innovation, Europe needs all the help it can get. Buckling under already heavier regulation than other jurisdictions, any additional one could be the proverbial "straw that breaks the camel's back".

Blockchain and GDPR could have coexisted peacefully. But any new and complex regulation gives lawyers a weapon to hold both existing organizations (the juiciest target) and innovators (collateral damage) to ransom.

While there are blockchain-friendly lawyers (especially when on the payroll of technology firms), the legal profession has a strong financial incentive to wield that weapon when holding (incumbents as well as) innovators to ransom with an innocent sounding "It depends, it's a case by case decision" which often translates as "Pay up to have me advise you how to do it to stay compliant." With no guarantee of course that, later on, a Court will not find that you were still not compliant ...

Not to mention that there are also lawyers genuinely averse to this technology. And that, for lawyers employed by the public sector, natural risk adversity combines with the hard-wired satisfaction all humans enjoy when exercising power. The power to say "No, you are not allowed to do that".

636626065281696625.gif
source

It is my conclusion that blockchain innovators' only recourse is to unite and devise a coherent, coordinated response. That could be either:

  • a provoked landmark legal challenge that would provide clarity for the industry, or
  • a plea with the legislators to define in law a "blockchain domain" and adapt the GDPR to accomodate the existence of said domain.

Legal context

"As men, in their natural state, regardless of all religion, know not, in their disagreements, other laws than those of beasts, the right of the strongest, the establishment of societies must be seen as a kind of treaty against this unjust law; a treaty aiming to establish, among the different parties of mankind, some sort of balance."

Analysis of Montesquieu's The Spirit of the Laws by M. D'Alembert
source




The **Regulation (EU) 2016/679 of the European Parliament and of the Council** of 27 april 2016, also known as the "General Data Protection Regulation" (or **GPDR** in short) has entered in force on May 25th, 2018.

I wanted to write my personal analysis of what GDPR means for blockchain innovators. And maybe I'll do, given enough time. Take this text as an "immediate response" and "work in progress".

A visionary law

When we consider the way our societies are transformed and impacted by the advance of information technologies, the GDPR stands out as the most advanced and visionary pieces of legislation our representatives have put forward.

In an era when "Data is the new oil" the overall context is detailed in the regulation's "recitals" (of which there are 173 ...)

recital.PNG

Data Protection: A fundamental right but not an absolute right

The protection of natural (note: not "legal", i.e. companies) persons in relation to the processing of personal data is a fundamental right (recital (1)), following from the Charter of Fundamental Rights of the EU and from the Treaty on the Functioning of the EU (TFEU).

GDPR is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons (recital (2)).

Why is important to stress that out ? Because of the "Spirit of the Laws". Laws are crafted by the legislator, after consultations with the subjects of the future law, with a purpose. Only part of that overarching purpose can ever be captured in the Letter of the Law. When the law is followed and applied, all the actors must keep in mind and respect the Spirit of the Law

Legal systems

There are fundamental differences between the legal systems of Continental Europe, based on the Roman law and influenced by the Napoleon's Code, and the Anglo-Saxon "common law" system that is in force in the UK and the US.

In the former, the Legislator has purpose and intent - consequently the Spirit of the Law proceeds from those. The Judiciary applies the law by looking at the Letter and the Spirit (as it can be inferred), both proceeding from the Legislator.

In the "Common law" system the Spirit of the Law is something on which the Judiciary has a say, and which evolves with each actual application. As judgements are incorporated through "precedent", the Judiciary partakes in the legislative power ...

The much higher power the Judiciary branch (and all the legal profession) has in the Anglo-Saxon legal system when compared to the Continental system is plain for anyone to see: from lawyer salaries to the widespread litigation, everything sets the US and UK apart from Continental Europe.

Let it be said that I strongly believe the GDPR is a Continental law and should be interpreted as such.

The 4th recital

The fourth recital of the GDPR is probably the most important to keep in mind when making sense of it:

The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity.

Unequal fight

Blockchain is a complex, revolutionary technology. GDPR is an almost unprecedented legal attempt at regulating a relatively new domain. It is a complex piece of legislation. As a consequence, interpretation requires not only a bright legal mind but also one with a deep understanding of technology.

When technologists express themselves in the belief that they understand law (as is my case), the lawyers can simply shrug and ignore them. But the opposite could not be farther from the truth.

When lawyers, even those with the flimsiest grasp of technology, give an opinion, they can sink a business and potentially nip in the bud what has been called by some "the game changer of the 4th industrial revolution". Or at least prevent Europe from being in the lead ...

Because when confronted with an intractable situation, there are as always three possible responses:

  • freeze (give up attempting to innovate)
  • flight (to more forgiving jurisdictions, at least until you make enough money to afford the lawyers)
  • fight

EU Blockchain Observatory and Forum

The EU Blockchain Observatory and Forum organized today a workshop about blockchain and GDPR. My "take away" from a full day of heated debate is that ... while the legislator has probably never intended to ban blockchain (see "spirit of the law" above), some lawyers will clearly try to make the most out of the grey areas and apparent incompatibilities

It gets even more complicated when the regulatory bodies enter the picture. The national "Data Protection Authorities" were sending representatives to an arcane body cryptically called "Article 29 Working Party" (A29WP) which will now morph and become the EDPB (European Data Protection Board).

GDPR has been designed to be as independent of technology as possible, hence it leaves quite a bit of space for interpretation, which is sensible. Having an authority that continuously monitors technological development and interpolates the prescriptions of the law, and formulates opinons and recommendations is also a sensible thing.

The A29WP was that body ... which immediatly signals a problem ... because thereafter the same Data Protection Authorities (DPA) that are represented in the A29WP proceed to enforce its recommendations! In a way, the DPA are both "making the law" (technically "filling in the - numerous - intentional blanks in GDPR") and "enforcing that same law" (applying fines on the basis of the interpretations they themselves have decided)!

The Need to Act

My alarmed conclusion is that those who care about saving blockchain innovation in Europe, those who grew tired of Europe being yet again the laggard in advanced technologies, have only one choice. They cannot freeze, nor can they flee. They must come together and act quickly, before it's too late and "blockchain" becomes yet another area where Europe is a "rule taker", after Cloud Computing, Big Data / AI, and other advanced fields.

While the original intention of the legislator was no doubt to protect the EU citizens from "data predation" by quasi-monopolistic corporations, two side effects risk having terrible consequences:

  • the incentive structure of the legal profession is such that it's rational for them to use a new, complex law which maps awkwardly on a disruptive new technology as a "fee extracting tool": "You want to innovate? It might be possible to comply with GDPR... I can tell you how if you pay my fees ..." In Europe this is usually less of a problem than in the US because of the specificities of the legal system mentioned above, but with GDPR we are in virgin territory. Add here natural risk adversity and, for lawyers employed by the public sector, the mere feeling of power humans enjoy when saying "No, you are not allowed to do that".
  • the enforcement architecture puts too much unchecked power in the hands of the A29WP / EDPB. The DPAs are supposed to nominate both lawyers and technologists in this body but because of the structural social asymmetry of the two roles (an IT guy will often shake before a lawyer, never the opposite), the decisions are likely going to be made by the lawyers. Which would be less of a problem if blockchain technology was less complex and easier to grasp. The risk here is of "mission creep" and the DPAs starting to protect people against themselves, in the process condemning them to forsake the prosperity and abundance that blockchain technology could bring about.

Referring back to D'Alembert's quote above, currently I've seen no balance. What I sensed is a strong hostility to blockchain innovation

I want to finish on a positive note: I have received a fresh research paper (so fresh Google cannot find it yet) "On Blockchains and the General Data Protection Regulation" by Luis-Daniel Ibanez, Kieron O'Hara and Elena Simperl, all from the University of Southampton. I've only managed to read about half of it (it's heavy) but it seems really well balanced, which is a good sign after the depressing read by Dr. Finck

Other posts on blockchain technology that you might enjoy:

Other posts on the impact cryptocurrencies are likely to have on our societies:

  1. Help Yourself! (steemit for dummies) (in short)
    and in more detail in this post:
  2. Best way to Grow on Steemit
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

very cool i hope that all the good games will be on blockchain

·

I love games. Bring it on.

Congratulations! Your post has been selected as a daily Steemit truffle! It is listed on rank 10 of all contributions awarded today. You can find the TOP DAILY TRUFFLE PICKS HERE.

I upvoted your contribution because to my mind your post is at least 36 SBD worth and should receive 112 votes. It's now up to the lovely Steemit community to make this come true.

I am TrufflePig, an Artificial Intelligence Bot that helps minnows and content curators using Machine Learning. If you are curious how I select content, you can find an explanation here!

Have a nice day and sincerely yours,
trufflepig
TrufflePig

·

Thank you, your selection is worth more than 36 SBD to me given the brain energy I have expended already, and what I still need to expend on trying to get my head around GDPR and understand the ins and the outs of it ...

Decentralized blockchain is democracy software. Most govts and existing organizations dislike real democracy with its referendum consensuses.

So truly positive regulations are highly unlikely to be forthcoming in countries with established vested interests. Decentralized blockchain makes these vested interests, with established lobbies, irrelevant and obsolete. And it, like a new technology, eats the demand pie for their services. It's also neutral.

There's a conflict of interest. And if it's not decentralized, it's not a new technology, but simply surveillance. Which is per se harmful to science and innovation. Yet science and innovation is all that accumulates: binds time. Most plant and work surfaces depreciate and are replaced rapidly.

I refer to David Landes's thesis regarding why Europe had an industrial revolution and China did not. People simple walked two miles into another country when regulations due to vested interests prohibited this or that new technology. This or that new industry. Meanwhile the Chinese were unified for thousands of years. Neither area had better governments [LAN69, LAN98]. The same reason that in the 13th century made Europe weak to outside invaders made them technologically advanced world travelers and colonizers in the 16th century and the technology dominant powers by the 18th century [CIP65].

·

This is why I beleive it's important decision making be decentralised in Europe and the EU level comes only afterwards to harmonise best practices. The fly in the ointment here is the ECB which has huge dictatorial tendencies and tends to forbid innovation and experimentation. The fight will be long and hard.

Good read as always.
I am somehow more optimistic and I don't think that the GDPR will be the tool to wage wars. But again, I am not always right, and maybe too idealistic.
The system is not the best and having the rules and enforment made by the same organism is not the best, I admit, however, I think that the Blockchain will stop being a bad thing in a few years, and people will stop waging wars against it. Or maybe the banks will be threatened and the fight will intensify.

You have given me more reasons to stress :)
Thanks for the coverage! If you find anything else in the new paper just share the conclusions with us.

The weapon must have protection
It should not be carried by anyone
But must be under state control so that we protect citizens

You got a 36.02% upvote from @upme thanks to @sorin.cristescu! Send at least 3 SBD or 3 STEEM to get upvote for next round. Delegate STEEM POWER and start earning 100% daily payouts ( no commission ).

You got a 20.18% upvote from @postpromoter courtesy of @sorin.cristescu!

Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!

Congratulations @sorin.cristescu! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the total payout received

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

EU Bans Memes, Imprisoned Tommy Robinson. We want to #FreeTommy and free people from globalism, the NWO. EU imprisons people who say things the EU dislikes. I love Bitcoin and Steemit and hope for the best for our future, globally. GDPR seems dangerous.

·

EU doesn't imprison anyone, there are 0 (zero) prisons operated by the EU, imprisoning people is not part of the competencies of the EU. Tommy Robinson has been imprisoned by a Member State. I seem to know that that Member State is the UK, which is also on its way out of the EU. Never heard that the EU bans memes, that sounds like a really stupid thing to say.

·
·

Why is the UK still in the EU even after Brexit vote? It is because the EU refuses to let the UK leave. The EU tells the UK what to do. The same kind of people in the EU are also in the UK government, meaning they might as well be one and the same, directly and/or indirectly.

·
·
·

The UK is still in the EU because it officially notified that it wants to go out on March 29, 2017 and by treaty it will only be out on March 30, 2019. Nobody in the EU refuses to let UK go, au contraire, many people count the days they still have to wait. The UK govt has proven during the past 18 month to be a strong contender for the title of "most inept government in the EU". Then again, it has been democratically elected by the British people.

·
·
·
·

The EU is unelected and the people of Europe did not vote to enter into the EU many years ago and Soros and Rothschild and others are behind the EU an UN and other things as they divide and conquer like in how Rome fell.