We recently took a quick look at blockchain and its impact on Talent Acquisition and what it could mean for the future of business technology. Though the technology is new, surfacing first in 2009/2010 as the technology behind Bitcoin, investments in it have accumulated in exponential amounts. Last year, $945 million was spent on blockchain solutions, and that number is expected to hit $2.1 billion by the end of 2018.
The results of all that work, money and research? Mounds of tools, applications and concepts that span industries and could change every aspect of work and business. Earlier this year, Forbes released this non-exhaustive, yet long list of blockchain-influenced changes operating in our world. At a glance…
- Followmyvote.com reduces voter fraud opportunities through the creation of secure, transparent voting systems.
- SKUChain allows tracking and tracing of goods moving through a supply chain.
- Kodak is developing a system for tracking photographers’ intellectual property rights and payments with blockchain.
As this technology ramps up, we at Talent Tech Labs are following blockchain influences in talent acquisition and business strategy as a whole. There are admittedly lots of things that could go right, but what could pose challenges? Where might we stumble?
Blockchain, Your Privacy and the GDPR
For our European counterparts, General Data Protection Regulation (GDPR) is a privacy law focused on protecting their citizens’ personal data. After the Facebook-Cambridge Analytica scandal, it became clear that people don’t have as much control over when their data is collected, how and where it is used or when it is deleted. GDPR aims to give people more power over their digital data and applies to any and every business that operates in or out of the European Union. So even organizations headquartered outside of the applicable countries will be held to the policy’s standard if they want to work with European customers and clients.
The protections require companies who collect personal digital data to do things like make terms and conditions agreements more user-friendly (not pages of legalese) and immediately notify users of breaches. And the user must have the ability to control where the data is being processed, confirm the usage, correct or change their information and, most importantly completely delete it all. Blockchain’s entire premise is that it is an accurate, impossible to tamper with a ledger of transactions, a form of digital data. The two don’t line up well.The world is obsessed with all the possibilities #blockchain is presenting, but what are some of the potential challenges? @TalentTechLabs takes a look: Click To Tweet
Additionally, the policy is written with the assumption that data is shared between a user and a company. However, in a decentralized blockchain network, there are many nodes/participants connected to one another. In that situation, there isn’t the transaction of data owner to company, it’s data owner to all other nodes in the chain. In that case, you would need a contract like this with all of the network.
Let’s Get a Little Visual…
To better understand those complexities, let’s take a look at how a blockchain can be laid out.
These are simplified looks at how a ledger might be distributed.
The Centralized and Decentralized Blockchains in these graphics are new networks where the ledgers are either public or private. In Centralized, one central source is distributing encrypted info to recipients and it stops there. This would be the easiest for GDPR to operate under.
However, a Decentralized Blockchain is one where there is no single intermediate so transactions and data are distributed in a multitude of ways. In that situation, the data owner would need a contract with each and every node to ensure their data will be edited or revoked completely.
And finally, in a Distributed Blockchain, users are each given a copy of the ledger. In some Distributed chains, all users are named and known, but in others, all users are anonymous. Consensus is still required, but now we’re talking about networks that are all connected but further working independently.
Think of it this way: If your parents took a really embarrassing photo of you as a child, had a few copies only your siblings saw but never owned, you would only have to work with your parents in getting it removed from the world. But, if they decided to share it with all your extended family in text, email, social media and even a family newsletter, it’s deletion is going to take a whole lot more legwork and negotiations.
Potential Solutions for the GDPR Challenge?
When it comes to data removal, there are possible solutions for blockchains that aren’t completely open:
- Throw away the key. The data on a Blockchain is accessible through a unique key, usually there is a public and private key and these are usually 64 hexadecimal characters. The idea is that if a company can’t delete the data because it is immutable, they can throw away the key to someone’s private data making it inaccessible. The challenge with this solution is that these keys, while extremely (if not impossible) to crack right now, could become breakable with advancements in computing power.
- Off-chain data storage. The other solution is to store a reference or a link to the data on the Blockchain, but store the actual personal data off the chain. This allows for that private data to be removed on request.
Blockchain and Your Legal Department
More than a third of surveyed executives point to superior security features as the main advantage to blockchain technology. Unfortunately, the advantage also unleashes a few questions. Many legal advisors, while excited by some aspects of blockchain, fear the potential risks of others. One such area is that of legal documentation. Smart contracts are digital contracts built, received and signed via blockchain technology. They are encrypted, stored and replicated in the system and provide the opportunity for the middleman-less ledger of transactions that make blockchain so efficient and appealing.
When it comes to general counsel, many legal professionals are rightfully hesitant – and not because it could create redundancies in their roles. In a Corporate Counsel article, Justin C. Steffen, litigation expert and partner at Jenner & Block, gave blockchain credit. There is an exciting opportunity to increase efficiency and reduce costs, however, legal teams still play a critical role in avoiding big troubles. Legal rights and contract terms change depending on the state or location within which you operate.
“As a litigator, I often witness first-hand the consequences of hastily drawn agreements and poor choices. Sage legal advice, however, can prevent those legal molehills from turning into mountains. Regardless, drafting a smart contract or determining which contract terms can be committed to self-executing code may require the exercise of legal judgment, in which case there is risk involved in drafting a smart contract without attorney involvement.”
Main Point for Companies: Don’t rely on smart contracts that have had no input from your legal team. While the contract will be secured and untampered, it still may not hold the protections your company deserves.
Don’t get this wrong, blockchain still provides numerous opportunities for organizations. For each challenge it faces, there is more than a few advantages to finding the right solution. In the coming days, it will be interesting to see how emerging technologies approach these issues and what great innovations result from these strides.