Privacy Post: May 31st

Happy Wednesday privacy pioneers 👋

This is issue #5 of Privacy Post - the not-so-private privacy newsletter, where I share privacy news, knowledge, and technology happenings to keep you: professionals, amateurs, enthusiasts, and anyone looking to learn more, informed on the ever-changing privacy landscape.

✍ Today’s scribbles include:

• Knowledge topic 🧠 - How does data privacy fit into blockchain

• In the news 🗞 - GDPR's birthday, Meta fined $1.3B, AI news

• Meme Post 🤣

In this post, I’m strictly speaking about blockchain technology as opposed to use cases such as NFTs and cryptocurrency.

The affair between blockchain and data privacy

What makes blockchain, blockchain?

In its most basic terms, it’s a system or shared database that records information that cannot be changed once verified as correct and placed in the system or database.

Virtually anything of value can be tracked and traded on a blockchain network, reducing risk and cutting costs for all involved. The technology can record information about cryptocurrency transactions, NFT ownership, milk sources (thank you, Nestle), or DeFi smart contracts.

For the folks who like visuals…

So how does data privacy fit into this?

Blockchain technology offers protection capabilities and helps solve many of the issues data privacy targets:

Third Parties

• One of the main concerns with data privacy is the involvement of numerous third parties in the management and storage of sensitive information. With blockchain technology, there is no need for intermediaries such as banks or other financial institutions. The decentralized nature of blockchain ensures that all participants have access to the same information and that no single entity has control over the data. This eliminates the need for third parties, reducing the risk of data breaches and unauthorized access to sensitive information.

Fraudulent Activities

• Blockchain technology provides an immutable and transparent ledger that can help to prevent fraudulent activities. Each transaction recorded on the blockchain is validated by a network of participants, making it virtually impossible to alter or manipulate the data. Additionally, the use of smart contracts can help to automate the verification process, ensuring that only authorized parties can access and modify data.

Auditable

• Another key advantage of blockchain technology is its auditable nature. Every transaction recorded on the blockchain is time-stamped and verified by a network of participants, making it easy to track and audit the movement of data. This level of transparency and accountability is essential for businesses that must comply with regulatory requirements or for those who want to demonstrate their commitment to data privacy and security.

Power Outages

• Power outages can cause significant disruptions to data management systems, potentially resulting in the loss or corruption of critical data. However, blockchain technology is designed to operate in a decentralized environment, making it less vulnerable to power outages and other network disruptions. With blockchain, participants can continue to access and verify data even in the event of a power outage, ensuring that critical information remains available and secure.

While these are all great and dandy, as you know things never go off without a hitch in the tech world. The issue is there are instances where blockchain concepts clash with data privacy principles and regulations.

Typically businesses, hospitals, governments, individuals, and those who handle personal data are regulated via laws and other reporting bodies. The data on a blockchain is not exempt.

The issue is data privacy and protection laws and regulations are not composed with blockchain in mind. Many of the fundamental blockchain concepts and characteristics don’t fit in the “normal” data principles or data lifecycle that regulations were based on. It’s like eating one Oreo and then trying to stop yourself from eating the entire container. It just doesn’t work or make sense.

Clashing concepts between data privacy regulations and blockchain technology:

Accountability

• Regulators face a challenge in enforcing actions against contributors of public blockchains. Public blockchains are decentralized (meaning not one entity is responsible), span across various borders or jurisdictions, and comprise a large number of individuals who have the ability to make updates on the blockchain. Since responsibilities are spread across an unassociated community, it is difficult for regulators to hold any single individual or entity accountable.

Immutability

• As discussed earlier, information published to a blockchain cannot be deleted, but most modern privacy legislation grants individuals a “right to be forgotten”. How can an individual or data subject exercise their right to be forgotten when the information recorded on a blockchain’s ledger is permanent?

Transparency

• The very basis of trust in blockchain results from the transparency of the ledger. With the ability for any participant to review transactions in real-time, it creates trust in the information on the public blockchain. Although, it also means that information is accessible to unknown actors who may use it for unknown purposes. This raises the question of how entities can protect data subjects' information while leveraging blockchain for transactions or data storage. How can entities appropriately protect data subjects around how their information may be used or disclosed?

My question is: how do we get to a point where lawmakers can understand the underlying tech and create helpful and protective forward regulations? The rate of law vs. the rate of tech advancements is VERY mismatched. AI is going through a similar situation at the moment as well.

Whatever happens, as blockchain becomes more widely used and understood, the key will be to balance the capabilities and principles of blockchain technology with user rights and the legal implications.

In the news…

• Meta was fined an epic $1.3B (or 1.2B euros) for breaking the GDPR and ordered to stop sending EU data to the US. Read more

• Sam Altman, the CEO of OpenAI, has restated the company’s commitment to providing services in the European Union (EU) market, even in the face of potential challenges related to the proposed Artificial Intelligence Act. Read more

• Facial recognition technology was used at a Beyonce concert in Wales, continuing the debate on widespread surveillance, the tech’s racial biases, and human rights implication. Read more

• The GDPR turned 5 on May 25th. The IAPP wrote up key indicators tracking total fines, enforcement actions, and consumer trust. Read more

Meme Post

Thank you for reading. I really appreciate you. But, by this point, you’re probably about finished with your morning coffee and I’ve gone on for too long.

See you next week. If you want more, be sure to follow me on LinkedIn (@annapeterson).

😄 This newsletter is a place for all to learn about data privacy, question the technology we use, and understand how it fits into the world we live in.

Disclaimer: The thoughts and ideas of Privacy Post are my own and not of my employer.