Protecting consumers in a blockchain world
By Kiran Kaur Sidhu July 11, 2018
- Important for regulators to understand depth of blockchain so as not to stifle innovation
- Developer has no control once solution is deployed but can include regulatory features
AT THE recent launch of the Malaysian Blockchain Regulatory Research Report by University of Malaya (UM), a panel session was held to discuss data protection and consumer rights involving blockchain technology entitled ‘Rethinking Data Protection in a Decentralised World & Consumer Rights: In Blockchain We Trust?’
The session was moderated by Adlin Abdul Majid, the head of regulatory and compliance at Lee Hishammudin Allen & Gledhill and brought together four panellists: Dr Mohammad Ershadul Karim, senior lecturer at UM’s Faculty of Law; Harpreet Singh, CEO of Blocklime; Paul Neo, executive director of Singapore Academy of Law Ventures and Raphael Kok, a researcher of the report from UM’s Faculty of Law.
Kicking off the discussion, Neo reminded the audience that blockchain technology is still rapidly evolving and highlighted some key points. “Today, we are looking at blockchain technology through the lens of existing legislation like the General Data Protection Regulation (GDPR) which is not conceived to address the impact of new technology like distributed ledger systems.”
Neo says, “There is a need for a review of the data sovereignty definition as well as the underlying principles and conflicts upon which the likes of the Malaysian Personal Data Protection Act (PDPA) are built.”
In terms of data sovereignty, Neo believes that issues of data retention, the right to be forgotten and data rectification need to be addressed in the light of blockchain technology. He commends Malaysia for being part of the ISO/TC 307 which is the international committee’s effort to define technical standards for blockchain and distributed ledger technologies.
However, Neo also stresses on the need for a pragmatic approach to protect end-consumer data privacy and control business costs without stifling innovation. “A regulatory eye must be kept on blockchain technology but we must not overlook the many other threats to personal data other than blockchain.”
The need to educate regulators and developers
Regulators need to be conscious of their tendency to overregulate new technologies simply because of the lack of understanding of these technologies, the panellists highlighted.
Giving some insight from a developer’s perspective, Harpreet believes there should be more education on what blockchain is on a technical and core technology level. “We talk about blockchain on a very high level. We also try to govern and make standards at a very high level which is not quite right because it removes the flexibility of the technology.”
Harpreet stresses the importance of understanding the depth of blockchain. “Seeing that even developers and technology people face difficulty in keeping up with tech, I don’t expect regulators to come to terms fast.”
Neo concurs, “Because of the lack of understanding around blockchain technology, there is a tendency to overregulate this new technology.” Beyond the regulatory confines, education on blockchain technology is also essential for users and developers of the technology.
As per the recommendation in the research report for the issuance of codes of practice to developers, Neo emphasises “Engagement with and education of developers is important to encourage compliance with data protection regulations, since it is in their interest to build public confidence in their blockchain solutions.”
Who are data controllers in blockchain?
“Consumer protection can be much better with blockchain technology because you can remove instances of data tampering and manipulation of supply chain,” explains Harpreet. However, he says that it needs to be well adopted and mutually accepted by end users first.
In terms of effecting changes in law, Mohammad says, “I would suggest that Malaysia have policy considerations in place first instead of immediately amending laws.”
Since blockchain technology is still in its nascent stages within the country, it is important to balance issues of promoting innovation while protecting consumers.
Harpreet also highlights that although blockchain technology is decentralised by nature, the GDPR and PDPA place the obligation of consumer protection on the data controller. “I don’t think the developers should be considered data controllers because once the technology is deployed, the developers have no power over it.”
However, he draws attention to blockchain’s potential to self-regulate with the example of all cryptocurrencies being self-governing. “Regulatory features can be implemented within technology.”
Addressing whether it is adequate to allow tech solutions without implementing laws, Harpreet says there is a need to identify areas to be governed and where it can be allowed to govern itself.
“Before selecting which laws to apply to this technology, the cost and how it will affect the whole ecosystem need to be considered.”
Considerations for the blockchain ecosystem
With GDPR already being criticised for driving up business costs, Neo says “It would be ironic if in the process of protecting consumer interest, we do the exact opposite just because the economic cost will have to be passed on to end users.”
As such, it is necessary for regulators to take heed and promote a fertile ground for blockchain technology to grow. “Otherwise, it could ultimately lead to a vicious cycle where data protection laws end up stifling innovation simply because of the cost incurrence to developers.”
Ending the discussion, Neo shared his thoughts on placing complete trust and control in technology. He cautions “With tech, the goalposts are always changing and what is impenetrable today may not be so tomorrow.”
Although he acknowledges the regulatory potential of technology, he says “As man, I would still rather be in control of things.”
He adds, “Even if we do not impose blockchain regulations today, we should still keep a watchful eye on the ecosystem and be in a position to step in when required for the sake of protecting consumers.”