Blockchain could revolutionise almost every industry. But does it need to be controlled to ensure it protects people’s privacy and data?
Blockchain is touted as the solution for everything from managing electrical grids to forming a new religion, and like any innovation, it’s caught the attention of regulators. That shouldn’t panic startups planning to disrupt any particular industry – instead, anyone using the distributed ledger would be wise to call their local regulator first.
That may run contrary to belief in the startup community that innovation dies when regulators arrive, but Catherine Mulligan, visiting researcher at Imperial College’s Centre for Cryptocurrency Research, argues that for blockchain to work, legislators need to be onside.
Mulligan’s work focuses on building the structures that blockchain will rest upon, considering the technical side with the underlying standards and protocols that will ensure systems are interoperable, as well as the social implications of blockchain. “What I’m trying to understand with my research is what the actual impact will be, how industries will be restructured,” she says.
Regulators are already sorting out the wild west of bitcoin and ICOs, both of which operate using blockchains. But the distributed ledger systems are also being considered for and trialled in a variety of businesses, from insurance to shipping. “Previous generations of technology have been about doing the same business processes faster, more securely and more cheaply,” Mulligan says. “Blockchain demands that you have to completely redefine those business processes, because in order to use a blockchain, you have to completely transform the way your business works.”
But implementing blockchain into a company or process will require a lot of work, she adds. “Blockchain demands that you work across corporate boundaries. And that creates all kinds of issues.” When companies or industry consortia come to Mulligan for help setting up their systems, she starts with the same question: have you checked with your regulator?
She doesn’t make that warning because of the technology itself; it depends how it’s used. Using blockchain inside a company, a so-called private blockchain, is simply a new way of storing data, says David Gerard, author of Attack of the 50 Foot Blockchain. “Change the word to ‘Shared Excel Spreadsheets’ and you’ll see that a lot of these proposals [for legislative changes] are basically dumb” Gerard says.
It’s not only about the technology, but how it’s used. Mulligan says more and more companies are considering blockchains as a way to organise their entire industry. “It’s a number of competitors coming together to create a blockchain solution that will allow them to exchange data or share transactions,” she says. And that has a range of implications, as when competitors work together, competition regulators want to know about it. “That’s because of monopoly or oligopoly laws – antitrust.”
Because of that, it makes sense to involve industry regulators early, not to get approval for the technology, but to avoid accusations of collusion. “I think regulators would like to join in the first sort of blockchain projects that come up, just to learn, and will probably get less interested when they realise this isn’t about collusion or pricing, it’s about industrial efficiency.”
That doesn’t necessarily require new regulations; antitrust laws already exist, after all. “So it’s not that we need blockchain regulation, we just need regulators and each industry to understand the blockchain,” Mulligan says.
There are other laws that will collide with blockchain, particularly with data privacy. Gerard notes that GDPR, the EU data regulation that came into force in May, requires companies be able to delete or update personal information, but one of the key selling points of blockchain is that it’s immutable. “You don’t put personal data into a database you cannot change, and that’s blockchain,” Gerard says. “That’s anything with a Merkle tree structure, don’t put [private data] into Git repositories, don’t put them on blockchain, because one of the key factors of GDPR is the database has to be changeable.”
Rather than change GDPR or ask for an exclusion to work around the data laws, it makes more sense to simply not use such structures to store private data. “Some people are asking for legislative carve outs so you don’t have to properly redact blockchains,” Gerard says. “Frankly there’s no justification to carve out just because you’re using a database that uses a particular format.” If you need to bend or rewrite laws just to use blockchain as a database, he says, perhaps don’t.
Blockchain is an answer to a very specific problem – and that’s limiting its use case so far, says Ferdinando Ametrano from Milano-Bicocca University. Those private, permissioned blockchains touted as the solution for data controls in companies? They don’t actually exist. “There is no production case using them,” Ametrano says, noting most examples you’ll read about remain in the development phase. “So what should the regulators regulate? Something that does not exist? Regulating in advance will be a risk that may hamper innovation.”
Sometimes regulation is needed to enable innovation, such as the legislative tweaks required to allow driverless cars on roads to be tested. Other times, regulators are slow to manage the downsides, such as the tension between gig economy platforms and employment law. “In all technological systems – we see this with IoT, smart cities, privacy issues with Facebook or Google – the issue for regulators is obviously that they’re always a little bit behind the technological development,” Mulligan says. “And so you’ve got companies like Uber for example, that run very openly on the ‘do this first, apologise later’ approach.”
With blockchain, the antitrust challenges will likely follow the driverless cars model; you’ll need to talk to your regulator in order to even trial a system that shares data between competitors. On the privacy side, we may have to wait and see what damage, if any, ensues. “Let’s see how it works, because otherwise we cannot regulate it,” Ametrano says.
This Article was written By NICOLE KOBIE, and first appeared on Wired.