A new study that was undertaken by Queen Mary University of London and the University of Cambridge, UK, came to some interesting conclusions about how blockchain could fit into the EU’s complex regulatory structure.
The General Data Protection Regulation (GDPR) act sets out some strict guidelines for handling personal information in the EU. It came into effect in May of this year, and it forced any entity that is considered to be a “data controller” to respect a person’s right to keep their data private. Failure to adhere to the GDPR will result in a fine of €20 million (about $22 million) fine, or four percent of global revenues, whichever is higher.
How does blockchain fit into the GDPR? According to the report, blockchain platforms could fall under the definition of a “data controller”.
To make matters more interesting, there is some amount of uncertainty when it comes to how a private blockchain could be regulated. This finding could be good or bad for blockchain adoption, depending on how regulations are written going forward.
And Blockchain for All
According to the authors of the report, because blockchains store private data that could be accessed by a third-party, they may be considered “data controllers” under the GDPR regulations.
The report states that, “There is a risk that this legal uncertainty will have a chilling effect on innovation, at least in the EU and potentially more broadly. For example, if all nodes and miners of a platform were to be deemed joint controllers, they would have joint and several liability, with potential penalties under the GDPR.”
While the above idea is certainty relevant to blockchain development, the situation may not be as straightforward as regulators hope. Blockchain platform, whether public or private, are almost certainly going to be global in scope. For the moment there are numerous blockchains out there, but as time goes on a few winners are likely to emerge from the pack.
Much in the same way that cryptos have been nearly impossible to eradicate in China, regulations for blockchains that aren’t necessity being hosted in the EU might be hard to enforce judgments against. No matter how the regulatory bodies view the handling of information, going after a company that isn’t domiciled in a government’s legal jurisdiction could be very complex.
Life in the Cloud
The report goes on to state that private blockchains could also occupy the legal realm that cloud computing services operate in. Instead of being considered “data controllers”, they are labeled “data processors”, which makes all the difference in the world.
If a private blockchain is considered to be “data processors”, well then, things get much easier. There is no way that cloud services can be held to the same kind of standards that private institutions are. One of the biggest issues that regulators face is the numerous uses that blockchain has, and that it may resist easy classification.
For example a blockchain that holds medical records is different from one that is designed to allow approved users to share media. The former would probably be a better fit for the “data controller” designation, and the latter would be a better fit for the “data processor” category.
Good Regulations Mean Great Markets
The risk of assuming that all private blockchains can be shoehorned into the same general category seems to be present, and short sighted regulations could potentially harm the EU as a blockchain development zone. Many other areas of the world are reaping the benefits of simple blockchain regulations, and an open policy toward new technology.
Nations that leave companies wondering about how they may be treated in the future are probably putting themselves at a disadvantage, especially given the efficiency that blockchain seems to create. As time goes on the goal may become how to best regulate in order to allow blockchain platforms to help nations function, so that they are able to compete with other countries that had a better long-term plan.