Compliance and right to be forgotten - blockchain: interview to Raffaella Aghemo by Marco Santarelli

The new technologies, extremely effective but equally pervasive, among which, the blockchain, do you think represent a threat to our privacy?

All new technologies maximize their effectiveness, invading our personal spaces: in this way they anticipate and convey our desires and make our life easier, but as always there is a price to pay!

I’ll give you a very recent example: in this period of extreme emergency, it has become necessary to use “remote” tools, in order to allow a didactic and professional continuity, in otherwise “stationary” countries. One of the applications, which has received the most enthusiasm for videoconferencing and smart working, was Zoom, which integrates “remote” control over the participants. In what way? With the Zoom Desk Client, participants can share their screen, from PC or mobile, highlighting an “inactivity” that lasts longer than 30 seconds; or, again, you can monitor messages even directly between participants, which are saved and stored in a text file! Basically all personal data is collected and shared, for example with Facebook, if you use the platform to access the service. The privacy policy does more, wittily to the question if it sells personal data, it answers caustically “it depends what you mean by “sell””, suggesting that it does not share for compensation, but for free, for a pure spirit of data sharing! We accept too hastily “useful” tools that we pay the price of our personal data!

Shall we briefly explain how the blockchain works?

I read, somewhere, this analogy that seems to me to clarify the mechanism at best: let’s assume a series of boxes, equipped with a lock to close them, whose key is kept in the box next to the one to which the lock belongs, and so on: in this way you create a concatenation, and if you break a box, or tamper with a lock, the chain breaks!

Why is the blockchain so scary?

Everything that represents a breakup needs time to be accepted. Indeed, it would seem that the transparency and immutability of a blockchain is not compatible with the principles, enshrined in the GDPR, of confidentiality and data minimization!

The blockchain technology, especially in its original and pure meaning, according to Satoshi Nakamoto’s design, public and permissionless, disintermediating and decentralizing, opens the door to the process, makes it transparent, no longer modifiable or manipulable, and this total “sincerity”, let’s face it, is frightening!

Already from a different point of view, in a private or federated (or consortium) blockchain, although less revolutionary, the problems would be minor.

The blockchain represents a new Internet?

The blockchain technology will not replace everything that exists today, but it will improve what currently needs to be updated, improved, “aged”, implemented.

Blockchain technology, so innovative and disruptive compared to the past, represents, like the Internet in the 90s, a general purpose technology (GPT).

In the 2017 World Economic Forum Report, it was said: “The Internet is entering a second era, based on blockchain. The last decades have brought us the Internet of information. We are witnessing the rise of the Internet of value”.

After the GDPR, you often hear about privacy: will a blockchain “alliance” ever be possible — privacy?

Blindfold technology from the beginning, it risks suffocating it rather than improving it.

Internet, at the beginning, posed similar problems, creating a patina of fear and distrust, towards every operation, which was exclusively regulated in cyberspace: only later on, technologies and intermediaries (Paypal, Ebay, just to name two), have “dropped” the initial general problems, to circumscribed and specific cases, followed by updated solutions. For developers, it is difficult to foresee all the possible applications of a new technology.

As Brian Behlendorf said, a leading figure in open source software:

“The space is still so young that the desire for standards, even if well positioned, risks hardening the projects that have just come out of the lab”.

In conclusion, the GDPR gives rules for the respect of privacy, but is absolutely agnostic about the technology to achieve it!

Isn’t the immutability of the blockchain an open challenge to the right to be forgotten?

Block technology cares about the confidentiality of participants, but on the possible deletion of data, there is still a lot of work to be done.

The GDPR, in art. 17, establishes the right of the data subject to obtain the deletion of their personal data when the purpose for which they were collected has ceased to exist, or when their consent has been revoked.

While on the one hand, the attention to confidentiality on blockchain is guaranteed with a double cryptographic system (two keys, one public and one private), however, abstractly, “punctable”, on the other hand, the need to delete data requires the implementation of an additional level. A solution, in this sense, has been devised by BCDiploma, a French reality, which registers the diplomas on the Ethereum blockchain, devising a cryptographic system with three keys, instead of two. In substance, three keys are generated, one goes to the student, the persistent key to the school and the permanent key to the educational institutions, so that if the student wants, in the future, to exercise the right to oblivion by asking for the persistent key to be deleted, this information will no longer be accessible to third parties!

The blockchain safeguards the data on the system, much more so than applications or software we use on a daily basis (whatsapp’s end-to-end encryption is an example), and behind these new terminologies, we are all convinced that we have fulfilled our duties of privacy vigilantes.

So we can promote the blockchain?

This new technology, paradoxically, can help to implement privacy, through, for example, a mechanism of self-sovereign identity: if until now, the identity of an individual is established through an identity document, issued by a trusted central government authority, from tomorrow, by managing the digital identity on a decentralized system, it will be possible to notarize it, for the occasion and the required purpose, giving people back full control of their personal data!

The blockchain therefore has a multitude of possible applications, we are a long way from fully discovering its potential.

Giving the right “trust”, to a system that bypasses the “trust”, and replaces the “trust” itself, is the best look we can turn to the future!

Originally published for the column La Vite di Archimede by Marco Santarelli, on Il Resto del Carlino, La Città, an interview with Raffaella Aghemo on the effects of new technologies on our privacy, with an in-depth look at the blockchain that dispels doubts about its use and its effects on the right to be forgotten.

--

--

--

Innovative Lawyer and consultant for AI and blockchain, IP, copyright, communication, likes movies and books, writes legal features and books reviews

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

This Week in Signal Teams — Cardano, 0x, Orca

How Embracing Blockchain Privacy Solutions Can Be Profitable For Businesses

Who we are

Oracles in the Crypto World

How did we create HEROES TD?

Silvergate Capital: The First Blockchain Bank

Coslend Integrates with Flux Protocol

How Blockchain games are working towards being sustainable in the Long Run!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raffaella Aghemo

Raffaella Aghemo

Innovative Lawyer and consultant for AI and blockchain, IP, copyright, communication, likes movies and books, writes legal features and books reviews

More from Medium

Contributing to OPEN SOURCE projects

How Blockchain Is Changing Identity Management and Why It Is Better Than Traditional Methods

“Describe a recent advancement or development in the field of information systems that has…

The journey of WSO2 Updates