How blockchain flies in the face of privacy law

"The technology seems to be moving faster than the regulators," James Ferguson, head of Americas at Intertrust Group, writes.

We know an increasing number of countries are adopting data privacy regulations like GDPR or data civil rights. But we also see a vast expansion across all industries and jurisdictions of technology like cloud storage and intelligent automation that are challenging data protection officers’ and controllers’ implementation of these new privacy acts.

Does new technology preclude our ability to meet local regulatory requirements?

The answer is twofold. Both the regulations and the tech advancements seek to protect and control data, yet the regulations contradict the modern technology architecture that makes cross-border and cross-jurisdiction business easier than before. The concept of a sovereign country is by definition the opposite of a distributed ledger in blockchain.

The agility of bitcoin or the very introduction of cryptocurrency, for example, whirls us into the clouds, literally. This intelligent automation enhances the processing, control and storage of data, but does it meet regulation requirements? Both regulation and tech build-out must be considered in tandem.

The nimbleness of automation and access to global data challenges local jurisdictional requirements. While tech advancements are inevitable and hurtling through virtually all industries, the market approach varies from company to company. Adoption is based on the maturity of companies, budgetary limits and diverse implementation of privacy rules globally.

The technology seems to be moving faster than the regulators.

In the US, more states are responding to their constituents’ demands for more substantial privacy rights, hence some advocates are reaching for digital civil liberties. In California for example, the state’s first law protecting online privacy is taking effect in January, which will likely cause a ripple of similar legislation across the nation. In Europe, states are working to simplify and demystify the interpretations and reporting requirements of GDPR.

With blockchain, the cloud, AI and IA becoming common nomenclature, how do these technologies conform to security requirements? Do they contradict one another or define each other? Can they really morph?

Global B2B businesses are answering these questions and defining technology architecture that both protects and is evolving. As fund services providers, for example, we think a minimal, viable product is the answer. Uniting/merging cloud and blockchain with client-centric software begins to tackle these complex questions. Our strategy is the recognition of finite details of localized data privacy requirements coupled with an investment in careers and advancements in technology.

This accelerates the marriage between security regulation and tech advancement, irrespective of where the client is in the world or what the local regulatory requirements may be. Acknowledging nuances of local and global data privacy requirements while investing in the discernment of new technology helps accelerate the marriage between privacy protection and advancement.

Personal data and globalization have always been in play, but access to the internet has accentuated the need for management and security. The pros and cons exist for both enhanced privacy law and enhanced tech, but these can only be balanced with local understanding and a focus on the future.