This Week's Headlines:
Hyperledger, R3 Remain Sober on GDPR Implications
While users of public Blockchains will have to beware of their own footing regarding their personal information, upcoming EU General Data Protection Regulation (GDPR) has complicated matters slightly for enterprise blockchains in order to be compliant. Speaking to Diar, Hyperledger Executive Director Brian Behlendorf remains calm about the EU framework as agreements between validating participants to amend the ledger in extreme circumstances could potentially address any grey areas, should concerns arise. (Jump to GDPR Primer)
Enterprise blockchains are soon to be entering unchartered waters with the EU General Data Protection Regulation (GDPR) that will take full effect on May 25. Whilst subtle, there are key differences between how the US and EU describe personal information (see table). But as with any new laws without previous precedent, technical details remain up for interpretation on what constitutes personal information that could ultimately lead back to an individual, and what can be stored.
|| ON PERSONAL DATA
There are opposing views on whether or not public keys constitute personal information, or would be exempt under the regulations rules as it would be part of transactional data. Mr Behlendorf tells Diar that “the point of a public key is to intentionally share it so other participants can verify the signature. There isn’t something that it reveals about person unlike other Personally Identifiable Information (PII) like IP addresses.”
Michèle Finck, an EU law lecturer at the University of Oxford believes otherwise however – the purpose of public keys is to identify the author of the transaction, it is reasonable to think that reusable public keys will qualify as personal data.
The same view was reiterated by former R3 Director of Market Research Tim Swanson, now Post Oak Labs, who spoke to Diar. Mr Swanson said that “from a theoretical and academic standpoint, it makes sense that public keys could be personal data because they are connected to specific persons. Therefore, they can violate GDPR. However, this has not been tested in court yet so there is no concrete answer.”
Ultimately, the new regulations lead to the question on whether or not immutable blockchains could actually function without violating EU rules. Washington-based Blockchain and digital assets advocates Coin Center think not. GDPR is fundamentally “incompatible with the reality of open blockchain networks” and suggested that if blockchain is not exempt, “Europe is closing itself off from the future of the Internet.”
|| ON ADOPTION
Mr Behlendorf believes “there is going to be a period of time after the launch of the GDPR when some of these questions about what specifically it applies to will get addressed. You wouldn’t want to store PII such as medical information into ledger even in encrypted form because the landscape of what’s decryptable will change throughout the lifetime of these blockchains. We will need to wait on the regulatory bodies to weigh in.”
And as noted by Mr Swanson “Blockchain enterprise platforms always try to be compliant because otherwise they would never actually be used. If the blockchain platforms get implemented, it is only with the approval of the customers that will ultimately use the blockchain.”
It then falls on the consortia that are currently building enterprise geared Blockchains to address the issues. And while the answers aren’t clear, there are some ideas on the drawing board.
|| ON OPTIONS
In current conditions, the enterprise blockchain solutions that want to comply with the GDPR will have to be either mutable by consensus or mutable by a central administrator. Personal data can be deleted retrospectively if an individual exercises their right to be forgotten. This could ultimately lead to more centralization and begs the question whether a mutable blockchain is not just a database.
However, Mr Behlendorf suggested another potential method that Hyperledger may explore. “Instead of actually erasing the data from the blockchain, it might be possible to have a legal agreement between all the participants of the permissioned blockchain, in which everyone agrees that if one participant tells the rest to “forget” the data, the rest will be legally obliged to never export the data, never use it or render it in any end user interface. Even though the data will still be there.” Whether or not regulators would be appeased by such a method is to be established.
Accenture seems to be have taken a different, more direct approach. Last year the company filed a patent for an editable blockchain that can be changed or deleted by a central administrator under extraordinary circumstances. Whether or not an editable blockchain would effectively mean the equivalent of a shared database as it strips immutability as a key feature, Accenture said that the solution would “allow enterprises to resolve human errors, accommodate legal and regulatory requirements, and address mischief and other issues, while preserving key cryptographic features.” Accenture says since GDPR requires personal data to be redactable, its solution will be one of the few to be compatible.
And Neepa Patel, R3 Chief Compliance Officer, told Diar that “transaction information begins from a point to point communication system instead of from a public broadcast model, so there is less data propagation, pseudonymous or not. Pseudonymization techniques are inherently built into the platform. Corda is currently exploring sophisticated anonymization techniques to comply with the “right to be forgotten” – a challenge faced by all blockchains.”
Ethereum Enterprise Alliance may potentially have more of a problem as their platform will be built on an immutable ledger. The foundation did not respond to our request for comment.
GDPR’s main intention was to protect citizens against centralized services controlling personal data. It hasn’t taken blockchain into account, which can actually give people more control about their own data; especially through self-sovereign identity which would store data at source rather than aggregate it and keep in big datasets. It is unlikely that the EU will exempt blockchain from GDPR but certain aspects have yet to been clearly defined by the regulators. And just lurking behind GDPR are extensions to the law, the ePrivacy Regulations that looks to address confidentiality of communications. Whether or not the EU can creep in amendments to satisfy Blockchain as part of open internet services and applications leaves the window cracked open – even if ever so slightly.
US versus EU Definitions on Personal Data
|wdt_ID||-||Personally Identifiable Information (PII)||Personal data|
|2||Definition||Information Which Can Be Used To Distinguish Or Trace An Individual'S Identity, Such As Their Name, Social Security Number, Biometric Records, Etc. Alone, Or When Combined With Other Personal Or Identifying Information Which Is Linked Or Linkable To A Spe||Any Information Relating To An Identified Or Identifiable Natural Person ('Data Subject'); An Identifiable Person Is One Who Can Be Identified, Directly Or Indirectly, In Particular By Reference To An Identification Number Or To One Or More Factors Specif|
|3||Differences||Covers Much Narrower Range Of Information||Clearer Notion That The Data Subject Can Potentially Be Identified Through Additional Processing Of Other Attributes - Quasi-Identifiers.|
|4||Examples||Name, Address, Birthdate, Ssn, Credit Card Numbers, Bank Account||Name, Address, Birthdate, Credit Card Numbers, Bank Account, Social Media Posts, Photographs, Lifestyle Preferences, Transaction Histories, Ip Addresses|
EU Looks to Counter Balance Silicon Valley with Blockchain Funding
22 European Union (EU) member states gathered in Brussels last week signing a partnership agreement that would see €300Mn being invested into decentralized projects after having already invested €80Mn under the banner of what the block has dubbed as the “Digital Single Market.” The funding, aimed at addressing key areas of interest, have seemingly also been a bane to European regulator’s past.
While “Blockchain” has become a grand buzzword to throw around as the all-mighty answer to everything that is wrong in the world, the EU has narrowed down their outlook on potential use cases looking to address at least their own concerns.
With €300Mn up for grabs, the EU plans to fund decentralized projects that seek to provide social benefits from harnessing democratic participation and health record management, to everyday use technologies (see table).
But the European Commission, short of pointing fingers, also seems to have a clear target in mind stating that “social networks, search engines and clouds” have become highly centralized services that expose “personal data to potential commercial and political misuse by the owners of the platforms.”
Their fears are with precedent. European regulators have been imposing hefty fines on major US tech companies for antitrust breaches for quite some time – and investigation are on the rise (see table, chart). But large fines as may be, they merely represent a rounding error on the company’s books. As a potential counter balance to the thrones of Silicon Valley, the EU is backing decentralized applications that could minimize the opportunity for abuse and the tight-noose around benchmark applications.
And it is seemingly a timely proposition following Facebook’s user data ending up at the behest of Cambridge Analytica – which the EU is currently investigating, and have requested CEO Mark Zuckerberg appear in front of the European Parliament for a second round of grilling after the US Senate last week.
|| DECENTRALIZED…BUT NOT TOO DECENTRALIZED
With EU General Data Protection Regulation (GDPR) coming into full effect May-End, and lurking close behind, the amendment ePrivacy Regulations, the use of immutable distributed ledgers becomes a bit of perplexing tool to wish as a fallback option as the platforms would require – effectively – a centralized point of accountability for people to exercise the right to be forgotten and delete all traces of their activities on any platform (see story above).
|| MUM ON BANKING
While other European Blockchain initiatives are looking into the financial sector, they merely scratch the surface on the real-time potential of transparency using Blockchain, and focus on cross-border payments – something that, at least within the EU, has picked-up speed sans Blockchain with the launch of SEPA Credit Transfer Instant (SCT Inst) end of 2017 (Diar, 27 November 2017).
Little to no attention has been given to banking compliance who has seen US & EU fines skyrocket in recent years and estimated to hit a cool $400Bn by 2020 according to financial consulting firm Quinlan and Associates, dwarfing any infractions by tech companies.
|wdt_ID||EU Blockchain Funding Opportunities|
|2||Origins of Raw Materials/Products|
EU Fines For Anti-Trust, Fair Trade Violations
|1||Truck Producers||Fair Trade||2.93Bn||EU|
|2||Antitrust (Shopping Search)||2.42Bn||EU|
|4||Car Glass Producers||Fair Trade||1.35Bn||EU|
|5||Microsoft||Antitrust (Browser Choise)||561Mn||EU|
|6||Antitrust (Whatsapp Purchase)||110Mn||EU|
|9||Sony,Toshibi, etc.||Fair Trade||116Mn||EU|
EU Investigations on US Tech Companies
Global Lenders Payout $321Bn In Penalties Since 2009 (Bn USD)
Source: Bloomberg, BCG
Samsung Confirms ASIC Chip Production for Mining Hardware
Samsung has confirmed in January that it has started to manufacture ASIC chips used for mining. Supposedly, it has been confirmed that Samsung is producing the ASIC chips for Halong Mining’s hardware. Halong Mining is a new entrant on the ASIC hardware market, which has been dominated by Bitmain. Canaan is also a relatively new player on the market (see table). Both Bitmain and Canaan use Taiwanese-based TSMC chips in their mining hardware.
Halong Mining has been criticized for the lack of transparency and even accused to be a scam - most prominently by Cobra, a co-owner of bitcoin.org who has since apologized to Halong for being wrong. Halong’s mining hardware is supposed to be ”the world’s most efficient Bitcoin miner”. Indeed, the early tests proved that the hardware was able to reach close to 16 TH/s, which 2 TH/s than Bitmain’s most powerful mining hardware. On the other hand, Halong also consumes more energy and the retail price is more than $200 higher.
|4||Halong Mining||DragonMint T1||16TH/s||1500W||$1,580||Samsung*|
Antminer Revenues Fall to 1-Year Low (USD)
Mo' Power, Mo' Money - Hashpower Growth, BTC Revenue Decline
Stock Exchanges Start Eying Cryptocurrency Operations
Sowa Labs, a fintech subsidiary of Börse Stuttgart, announced that it will launch a cryptocurrency trading app dubbed Bison. The trading app will support bitcoin, ether, litecoin, and ripple and is planned to be released in September 2018. Sowa Labs initially specialized in predictive real-time data analytics of financial markets but since being acquired by Börse Stuttgart in December 2017 has since focused on development of the cryptocurrency trading app.
Similarly to Robinhood in the United States, Bison will offer crypto trading without any fees. Ulli Spankowski, Managing Director of Sowa Labs, said that “cryptocurrency wallets are not needed", which points to being an IOU brokerage, just as Robinhood, as opposed to a full cryptocurrency exchange. At first, the app will only be available in Germany but support for the rest of the European Union is expected at a later date as well.
Mr Spankowski reiterated that Bison will become the first cryptocurrency trading app owned by a traditional stock exchange. While true, just last month, TMX Group, a company that operates the Toronto Stock Exchange, announced that its subsidiary will be launching a cryptocurrency brokerage. The company will launch the brokerage desk in Q2 of 2018 and it will only support bitcoin and ether at first. And while not acquired, an honorable mention goes to the New York Stock Exchange who has invested in Coinbase.
Bloom Rolls Out Next Phase of Platform on Testnet
Bloom, a project that looks to counter the monopoly of FICO, has released their latest version on the Ethereum Testnet last week. Users will now be able to sign-up and create a BloomID, a verified identity on the blockchain.
The latest release sets up the opportunity for further development in the whole ecosystem, and integrating dApps. And more importantly, the company is now a phase-shy of credit scoring and loan applications.
Bloom has developed several partnerships to build into their platform as a one-stop shop for what the ambitious project aims to achieve - a decentralized cross-border credit platform. But any success for loans would currently also require the implementation of tying in a stablecoin, which this publication understands will be Maker's Dai.
Receive Diar Every Monday – The Digital Assets & Regulation Trade Publication
Disclaimer: Unless otherwise specified, the content of the articles published on www.diar.co constitutes intellectual property of Diar Ltd and may not be reproduced or republished in whole or in part without prior written consent. The information contained in the articles published on www.diar.co does not in any way constitute financial or investor advice and is only intended for informative purposes. Readers may not rely on such information to decide on investment or financing options or otherwise rely on such information in making decisions with monetary or financial effects. Diar Ltd does not accept any liability of any kind with regards to the validity of the information or with regards to any damage suffered as a result of reliance on such information. © 2018 Diar Ltd. Contact: email@example.com