Gartner has warned organisations implementing blockchain pilots must quickly master privacy by design principles or risk breaching GDPR, which carries penalties of 20 million euros or 4 per cent of global revenue.
The EU legislation entitles European citizens to have records of their personal information erased or or corrected. That’s not an easy fix if the information just so happens to reside in an immutable ledger.
- Leadership Webinar: Which-50’s 2019 Outlook and Business Transformation Drivers webinar is set for November 27. Register today!
The analyst are predicting by 2021, 75 per cent of public blockchains will suffer “privacy poisoning” — inserted personal data that renders the blockchain non-compliant with privacy laws.
Brian Prentice, research vice president at Gartner, outlined the risk during Gartner’s Symposium on the Gold Coast last month.
“If you are a controller of personal data you are required to make sure that anybody who is processing that [data] is also adhering to GDPR,” he said.
“Blockchains are based on immutability, if something goes into the blockchain it cannot be changed, that is the whole point. So if you are putting personal information into the blockchain and somebody says ‘well, I’d like to have it taken out please’ you may not be able to get it taken out.”
Any business operating processes using a public blockchain must maintain a copy of the entire blockchain as part of its systems of record. A public blockchain poisoned with personal data can’t be replaced, anonymised and/or structurally deleted from the shared ledger.
The other design problem Prentice highlighted, is most blockchains have have free text fields.
“This is an opportunity for bad design, user error or malicious, potentially criminal activity to insert personal information into a blockchain, thus rendering it non-compliant,” he said.
“And remember: blockchains are distributed ledgers. Just like any chain it is only as strong as its weakest link, whoever on that blockchain is doing to worst job of this, it essentially propagates to everybody else.”
Gartner’s advice is to tackle the risk “right now.”
“Just when we thought we were finally starting figure out what the heck this blockchain thing was, along comes some other wrinkle and we now have to figure it out again,” Prentice told delegates.
It’s a problem emerging technology and training will be able to solve by adopting privacy by design principles, he argued.
“If you are doing blockchain initiatives right now, you have to pull everyone into a room [and say] we have got to deal with this right now.”