On a general note, European regulation known as General Data Protection Regulations (GDPR) affect the companies adversely and makes it harder to do business within the European Union, however, there are some unprecedented benefits as well, how companies are affected with these GDPR regulations we can extract from the leading blockchain experts, below are the thoughts of some leading blockchain experts which would explain the notion of GDPR and its effects on the companies operating in the EU.
Katherine Noall, CEO of Sphere Identity, a global self-sovereign digital identity management platform:
“A year on, GDPR has been a great start for improving the data protection rights of citizens in the European Union, especially in its improvement of existing data protection directives by adding clear requirements for breach reporting and fines. However, while these fines to date show protection for those citizens within the EU, the protection of their global data rights has yet to be demonstrated. Aside from this, one of the crucial aspects that need to be improved upon is the process of breach reporting––this needs to be more automated with the initial assessment being carried out by technology. While we will probably not reach a state where data breach fines are printed at the rate and ease of speeding tickets, a move in this direction is needed if the legislation is to work.
As a whole, GDPR compliance is more than just about technology, it touches every business process and person. It is no longer sufficient to appoint a Data Protection Officer and be compliant, but instead requires a willingness to make major changes and perform ongoing monitoring and optimization.”
Simon Harman, Co-Founder and Project Lead of Loki, a privacy foundation which allows users to transact and communicate privately over the internet, said:
“While proactive regulation may well have a part to play in protecting individuals online, emerging technologies may grant a more practical way of regaining control over the flow of information online. The rise of blockchain technology in recent years has shown only some of the potential of distributed networks and decentralization. By eliminating the need for central servers and service providers, these technologies have the potential to remove the control of consumer data from the hands of third parties and service providers, meaning compliance with forward-thinking regulations like GDPR is simplified, and consumers have greater certainty about their digital lives.
If protecting data privacy is something which has been recognized as a priority by consumers, it is time for the technology community to consider more innovative solutions that can address a challenge this complex, and to discuss data privacy in a new light. We should move away from the assumption that consumers are incapable of protecting themselves and give them some options to control their own digital lives by harnessing the power of existing and emerging security technologies. Through clever user experience design and a minimal amount of consumer education, it is possible for the average user – not a government or corporation granting them ‘digital rights’ – to empower themselves to protect themselves online.”
Matt Luczynski, CEO and Founder of Travala.com, the leading blockchain-based hotel booking platform, said:
“In recent years, the collection and use of data to tailor service offerings based on consumer habits have been a growing phenomenon. As online service providers handle high volumes of personal data every second, ranging from names, email addresses, credit card details, passport information, and even biometrics, how they handle this data is vital. In businesses where data is willingly exchanged for greater customization, GDPR presents an opportunity for newcomers and established industry players to demonstrate a commitment to their consumers. By remaining compliant, online service providers can espouse greater responsibility, transparency, and accountability in how they manage sensitive consumer data, leading to enhanced consumer confidence and brand loyalty.
However, it’s crucial to remember that remaining lawful is a two-way street––European regulators need to ensure that they’re providing enterprises with the necessary resources to stay compliant. Regulations will need to keep apace of new innovative models of data analysis and data gathering, along with emerging technologies such as AI and blockchain, as they gain prominence across multiple industries.”
Tara Annison, Technical Product Manager of the PR9 Network, a real-time institutional trading and settlement platform for blockchain-based assets held in cold storage, commented:
“Ahead of the implementation of GDPR last May there was a lot of fanfare surrounding the paradoxical relationship between blockchain and GDPR, however, the two are not as incompatible as many people first anticipated. It’s still early days and, as we know, the law of the land moves slowly so I would caution against any blockchain-specific amendments to GDPR at the moment as more time is needed for the regulation to bed in and for technologists to explore it fully.
Over the last 12 months data breaches, security scandals, and hacks have dominated the headlines, resulting in the public beginning to sit up and take note as to how our data is harvested and used. What we’re starting to see now is data owners asserting more control over their own data — just this week the first major legal challenge against the use of facial recognition technology was mounted by a man in the UK and I suspect this will begin to emerge as a wider trend throughout technology, rather than a blockchain-specific one.”
Jehan Chu, Co-founder and Managing Partner at Kenetic and Co-founder of Social Alpha Foundation, a not-for-profit grant making platform focusing on social impact initiatives and projects, said:
“User data is the new oil and every person in the world is a massive fountain of value. But as we have seen with the recent Instagram hack, the largest companies are woefully unable to secure our data and protect our privacy and value, and GDPR is simply an attempt to band-aid the gaping wound of data exposure. Blockchain technology is the tool to give users control over their own data, and the ability to restrict, share or monetize it as they choose. While the technology is nascent, it is clear that secure, transparent but privacy – enabled blockchain solutions is the ultimate direction companies like Facebook will rely on to avoid major hacks in the future.”
Dave Hodgson, Director, and Co-Founder of NEM Ventures, the venture capital and investments arm of the NEM blockchain ecosystem, said:
“One year later, I believe the benefits of GDPR will continue to make waves on a global scale. In fact, a lot of companies that do business within the EU and UK are compliant anyway, so it is highly likely something similar will evolve in different regions over time. For example, the Protection of Personal Information Act in Japan is already moving toward GDPR with a formal agreement with the EU, New Zealand is matching it’s Privacy Act to GDPR through an adequacy approach, and Canada has implemented the Data Protection Regime. In the blockchain space, self-sovereign identity has given increased capabilities to individuals for controlling and revoking access.
While GDPR may seem onerous to some companies to implement, it is there for the protection of individuals and I believe that over time, most other markets will realize the importance of protecting personal data, and will follow suit to mirror the EU and UK.”
Richard Williams, Information Security Manager of the Solve.Care Foundation, which aims to revolutionize the administration of healthcare and other benefit programs globally, said:
“GDPR gave new recognition to the value of personal data and enforced compliance by companies holding said data. As blockchain is essentially an immutable digital ledger, we knew it was critically important to avoid storing personal identifiable information (PII) or healthcare data on the blockchain due to this immutability and to ensure GDPR and HIPAA compliance.
A business’ guiding principle should always be protecting and securing user privacy on its platform. A year on, GDPR should naturally resonate with any company using blockchain and I believe the introduction of the legislation has ushered in a new era of privacy.”
Jonathan Rouach, CEO and Co-Founder of QEDIT, an enterprise solution for preserving data privacy using Zero-Knowledge proofs, said:
“The European Commission has only issued roughly €56 million in fines this year, making it clear for all that the past year of GDPR has really been about raising awareness of data privacy issues, particularly in emerging technology, where privacy concerns are a rising trend. In order for GDPR compliance to be achieved, the European Commission must allow flexibility for the development of innovative solutions to privacy issues. In its latest report about Blockchain and the GDPR, the European Commission noted Zero-Knowledge Proof as one of the more robust approaches.
The key to the future of GDPR compliance will be allowing companies to find ways to preserve the privacy of sensitive data while also pursuing enriching opportunities for collaboration with other enterprises in an increasingly digital world. The past year has built an awareness that the future of emerging technology must be compliant, and innovations to make this a reality is taking place today. We are likely to see stringent regulations mirroring GDPR across the APAC and MENA regions. We expect the European Commission to allocate more resources to keep European leadership in this space.”
Hon. Albert Isola M.P., Minister for Commerce of Gibraltar, said:
“Within the past year, GDPR legislation has transformed the priorities of big tech, placing everyday people at the center and making Europe a global leader in the path to data privacy. GDPR’s success lies in its empowerment of institutions and enterprises to take ownership of their actions and their handling of data. Regulation in the tech sphere must be supportive enough to allow innovation and creativity to flourish, while still outlining the law in a clear and comprehensive manner.
The evolution of this industry is an achievement which should be reflected on a global scale, holding borderless technology to the same standards of consumer protection around the world. Regions such as the US, MENA, and APAC boast enormous technological innovation and have had their share of data privacy concerns and crises. The reaction to these issues must be swift, efficient, and supported by regulation.”
Mateusz Tilewski, CTO of the Concordium Group, the world’s leading ID/KYC-ready business blockchain network, commented:
“The General Data Protection Regulation (GDPR) has set a new, unprecedented global standard for data protection. While much has been made of the incompatibility of GDPR with blockchain-powered businesses, they both have the same aim of putting control back into the hands of users and ensure we have a say in how our data is being used and stored. With that in mind, there is no reason why blockchain networks cannot comply with the European Union’s GDPR rules. We are living in a world where privacy is a huge concern for consumers, and regardless of what industry you are operating in, blockchain or otherwise, giving users control over their own personal data is of the utmost importance. From a blockchain perspective, ensuring that identity management is built in at the protocol level and zero-knowledge proofs are used to replace anonymity with privacy is key in overcoming the shortcomings of classic blockchains. These privacy features will allow identifiable parties to do business in private, instead of anonymous parties doing business in public, which is the case with most current blockchains.”