Blockchain technology is changing the way we conduct business, from making payments to conducting transactions to entering contracts. Blockchain enables end-to-end decentralized, user-centric services that can create a shared secured ledger for recording a history of transactions. Blockchain’s importance lies within the integrity of the data that is secure and encrypted and thus can only be modified by unilateral arbitration. Governments have begun to embrace blockchain as a means for electronically for highly sensitive and secure data.
In addition Government agencies thus have been pressuring that technology companies consider consumer privacy while designing their technologies. The European Union’s General Data Protection Regulation that took effect in May 2018 and the California Consumer Privacy Act that takes effect in January 2020 require that controllers and processors of personal data provide more notice of and transparency in their data collection practices. They also ushered in a new wave of data privacy rights to give individuals more control on how their data is collected, used, sold, and disclosed.
These two trends are on a collision course in that the decentralized nature of blockchain and distributed ledgers is viewed as incompatible in many ways with the principles of transparency and control that are the hallmarks of recent privacy legislation. However, with the proper approach by both industry and regulators, these technologies can comply with and even enhance most of the protections contemplated by the new privacy regulations.
At the most basic level, blockchain is a series of blocks of data that are secured and connected using a cryptographic hash. The cryptographic hash is a mathematical algorithm that maps the data block to a unique string of bits (a hash value) that serves as a form of fingerprinting for that data. Each block of data includes a hash of the block that precedes it thereby creating a continuous chain. The data in any block of chain cannot be changed without changing all the hashes in the chain.
One of the more well-known implementations of blockchain technology is the distributed ledger, which is a database that is maintained independently by multiple participants through consensus and across multiple points (nodes) on a network. All files in the distributed ledger are timestamped and given a unique cryptographic signature. All of the participants on the distributed ledger can view all of the records in question. In this way, it provides a verifiable and auditable history of all information stored on that particular data set.
What is unique about the use of blockchain and distributed ledgers is that the network has no central authority; in addition, the data on the network is shared and immutable. This is in contrast to traditional forms of ledgers and databases that are typically maintained in a centralized database that lives in a fixed location and is operated by a particular entity. As discussed below, most data privacy laws were written based on more traditional forms of centralized databases. The challenge for companies implementing or using blockchain technology or distributed ledgers is applying those laws in a sensible and reasonable way to the new forms of databases created by blockchain technology.