Compliance and right to be forgotten - blockchain: interview to Raffaella Aghemo by Marco Santarelli
The new technologies, extremely effective but equally pervasive, among which, the blockchain, do you think represent a threat to our privacy?
All new technologies maximize their effectiveness, invading our personal spaces: in this way they anticipate and convey our desires and make our life easier, but as always there is a price to pay!
Shall we briefly explain how the blockchain works?
I read, somewhere, this analogy that seems to me to clarify the mechanism at best: let’s assume a series of boxes, equipped with a lock to close them, whose key is kept in the box next to the one to which the lock belongs, and so on: in this way you create a concatenation, and if you break a box, or tamper with a lock, the chain breaks!
Why is the blockchain so scary?
Everything that represents a breakup needs time to be accepted. Indeed, it would seem that the transparency and immutability of a blockchain is not compatible with the principles, enshrined in the GDPR, of confidentiality and data minimization!
The blockchain technology, especially in its original and pure meaning, according to Satoshi Nakamoto’s design, public and permissionless, disintermediating and decentralizing, opens the door to the process, makes it transparent, no longer modifiable or manipulable, and this total “sincerity”, let’s face it, is frightening!
Already from a different point of view, in a private or federated (or consortium) blockchain, although less revolutionary, the problems would be minor.
The blockchain represents a new Internet?
The blockchain technology will not replace everything that exists today, but it will improve what currently needs to be updated, improved, “aged”, implemented.
Blockchain technology, so innovative and disruptive compared to the past, represents, like the Internet in the 90s, a general purpose technology (GPT).
In the 2017 World Economic Forum Report, it was said: “The Internet is entering a second era, based on blockchain. The last decades have brought us the Internet of information. We are witnessing the rise of the Internet of value”.
After the GDPR, you often hear about privacy: will a blockchain “alliance” ever be possible — privacy?
Blindfold technology from the beginning, it risks suffocating it rather than improving it.
Internet, at the beginning, posed similar problems, creating a patina of fear and distrust, towards every operation, which was exclusively regulated in cyberspace: only later on, technologies and intermediaries (Paypal, Ebay, just to name two), have “dropped” the initial general problems, to circumscribed and specific cases, followed by updated solutions. For developers, it is difficult to foresee all the possible applications of a new technology.
As Brian Behlendorf said, a leading figure in open source software:
“The space is still so young that the desire for standards, even if well positioned, risks hardening the projects that have just come out of the lab”.
In conclusion, the GDPR gives rules for the respect of privacy, but is absolutely agnostic about the technology to achieve it!
Isn’t the immutability of the blockchain an open challenge to the right to be forgotten?
Block technology cares about the confidentiality of participants, but on the possible deletion of data, there is still a lot of work to be done.
The GDPR, in art. 17, establishes the right of the data subject to obtain the deletion of their personal data when the purpose for which they were collected has ceased to exist, or when their consent has been revoked.
While on the one hand, the attention to confidentiality on blockchain is guaranteed with a double cryptographic system (two keys, one public and one private), however, abstractly, “punctable”, on the other hand, the need to delete data requires the implementation of an additional level. A solution, in this sense, has been devised by BCDiploma, a French reality, which registers the diplomas on the Ethereum blockchain, devising a cryptographic system with three keys, instead of two. In substance, three keys are generated, one goes to the student, the persistent key to the school and the permanent key to the educational institutions, so that if the student wants, in the future, to exercise the right to oblivion by asking for the persistent key to be deleted, this information will no longer be accessible to third parties!
The blockchain safeguards the data on the system, much more so than applications or software we use on a daily basis (whatsapp’s end-to-end encryption is an example), and behind these new terminologies, we are all convinced that we have fulfilled our duties of privacy vigilantes.
So we can promote the blockchain?
This new technology, paradoxically, can help to implement privacy, through, for example, a mechanism of self-sovereign identity: if until now, the identity of an individual is established through an identity document, issued by a trusted central government authority, from tomorrow, by managing the digital identity on a decentralized system, it will be possible to notarize it, for the occasion and the required purpose, giving people back full control of their personal data!
The blockchain therefore has a multitude of possible applications, we are a long way from fully discovering its potential.
Giving the right “trust”, to a system that bypasses the “trust”, and replaces the “trust” itself, is the best look we can turn to the future!
Originally published for the column La Vite di Archimede by Marco Santarelli, on Il Resto del Carlino, La Città, an interview with Raffaella Aghemo on the effects of new technologies on our privacy, with an in-depth look at the blockchain that dispels doubts about its use and its effects on the right to be forgotten.