Since the General Data Protection Regulation (GDPR) was created by the European Parliament and Council in April 2016, companies from tech giants to small businesses have buzzed with anticipation for its implementation in May 2018. The law replaced the 1995 Data Protection Directive (DPD) which previously set the rules for data regulation. The GDPR sets strict legal conditions for the collection and use of personal data from businesses. Its influence spans across all continents, as it affects not only just businesses operating in the EU, but also any business that provides services to consumers in the EU.
This landmark legislation will set a precedent for other governing organizations that will need to make decisions about data collection and privacy in the near future. Breaches in data such as the Cambridge Analytica scandal in 2018 and Uber’s data breach cover-up in 2016 have caused consumers to be increasingly aware of how their personal data is being used and what is at risk when their data is shared. In other words, consumers want more control over their data and GDPR aims to give consumers that control.
The reception of this law by the public has been mixed. While most people agree that an updated law that protects personal data is necessary, there are disputes about how the GDPR is or should be executed. Some of the problems with the new law include its complexity and the hefty fines imposed on businesses that don’t comply.
The complaint that the GDPR is too complex and overbearing is persistent from the government level down to the individual level, and understandably so. The official Regulation published by the Official Journal of the European Union spans 11 chapters and 99 articles of jargon-laid terms and legal concepts that the layperson may find difficult, if not impossible, to understand.
One way to better understand the GDPR is to compare it to the previously enforced DPD. The directive was created in 1995 to protect EU citizens’ personal data, and had many of the same components as the GDPR, such as consumers having access to their data, consumers being notified when their data is being collected, and companies ensuring that the data collected is secure and not being misused. However, although well-intentioned, many aspects of the DPD were outdated. And since the world of data has changed immensely, it became imperative that governments readdress and rework the rules for data regulation.
There are six main differences between the GDPR and DPD. The first is the definition of personal data. At the time the DPD was created, personal data mainly referred to the consumer’s address, phone number, name, and email address. Now, however, companies have access to substantially more data such as IP addresses, fingerprints, face scans, photos, live physical location, search and purchase history, ethnicity and other identity markers, and much more. Data like this can be used by companies for advertising and customizing user experience, but consumers have become increasingly more concerned for their safety and privacy because of the incredible amount of information companies can collect about them. The shift in what personal data means for consumers and companies is the foremost important change the GDPR makes.
The next change has to do with individual rights, which mostly consists of explicit consent from users and straightforward terms of agreements. No longer can companies use drawn out and obscure agreement contracts that users cannot understand and do not know what they are consenting to. Users will also be able to access their own data, halt access to data, and request that their data be deleted. These changes will be monumental in data collection, as they give autonomy back to the people and prevent companies from taking advantage of their consumers.
The change of dynamic between data controllers and data processors will also evolve under the GDPR. Data controllers can be persons or agencies that determine the purpose and means of controlling data, whereas data processors process that data for the controller. Different from the DPD, the GDPR will hold both data controllers and data processors accountable for ensuring data security. Large-scale companies will also be required to appoint Data Protection Officers to conduct assessments and monitor activity that involves data collection and use.
The GDPR outlines swift and detailed procedures for data breaches and security. Companies are now required to immediately notify all users of data breaches, detailing the extent of the breach and the possible outcomes. Any company that fails to comply with these procedures, as well as the rest of the procedures as outlined by the GDPR will be heavily fined. In the past, penalties for non-compliance were poorly regulated and rarely enforced. Now, “companies could pay up to 20 Million Euros or 4% of their global turnover (whichever is greater.)”
The biggest problem that corporations have had with the GDPR is how massive and sweeping the legislation is—many companies will have to entirely restructure how they collect and use data, which will cost time and money. For example, German company Allianz “has spent tens of millions of euros to get ready for the GDPR, mobilizing hundreds of privacy experts from 80 subsidiaries to make changes including a redo of online insurance applications to avoid requesting information—such as an applicant's profession—that is unnecessary for an insurance quote.”
Tech giants and credit card companies are not the only businesses that are subject to the new rules—anyone that collects data will have to comply with regulations. According to Kinesh Patel, co-founder of SevenRooms, “Even restaurants in the U.S. are worried about complying with the law, because they gather and keep information about EU residents who make reservations when traveling.” Every company will face different challenges while implementing GDPR rules as there is not a one-size-fits-all for data regulation.
Before now, the world of data has been a free-for-all, with companies having minimal rules and punishments for collecting and using consumers’ personal data. But this lawlessness has not been without consequence—in 2018 alone, millions of people were affected by data breaches that compromised users’ personal information. Most notably, in March 2018 it was revealed that the data firm Cambridge Analytica had “used data improperly obtained from Facebook to build voter profiles” for United States’ political campaigns. This is just one of many examples of people’s personal information being compromised or used for purposes the user did not consent to.
Because of massive scandals like this that have been reoccurring in the last few years, users have become increasingly aware of their data privacy and security, and are demanding change. A recent Pew Research Study found that “91% of Americans “agree” or “strongly agree” that people have lost control over how personal information is collected and used by all kinds of entities.” Even though it will be difficult and expensive for companies to implement changes set forth by the GDPR, in the long run it will likely benefit the company as users are demanding this change. With increased data security, consumers will be more satisfied and brands will gain reputability.
The new regulations laid out in the GDPR are undoubtedly complicated, but because of the immense number of companies and countries the legislation must cover, it has to be inclusive and thorough. Furthermore, the EU, as well as other entities and publications have published documents that are publicly available online that simplify and break down the GDPR rules. Understanding the rules will be a learning curve for companies, but will not be impossible. Especially considering that the GDPR requires many of these companies to appoint an individual who specializes in understanding and upholding the regulations. The effort and cost it will take to understand the GDPR is a small price to pay for securing critical personal information and data.
The EU’s push for data security and control has set a precedent for other countries—the high standards set by the GDPR is already creating an expectation for other governments to follow suit. In the United States, for example, data regulation has been a highly debated topic in the past two years as data breaches have impacted citizens in major ways, namely during political elections.
Some states in the U.S. are beginning to implement their own laws that incorporate aspects of the GDPR; most notably, the California Consumer Privacy Act. This article explains that, “While it doesn’t go into effect until 2020, the California Data Privacy Protection Act represents one of the most sweeping acts of legislation enacted by a U.S. state to bolster consumer privacy. Falling on the heels of the GDPR, California’s Data Privacy Protection Act may mark the beginning of stricter U.S. consumer privacy protections.” Other states must soon follow in these steps in order to keep up with the task of data security and regulation.
The General Data Protection Regulation is indeed complex, but it is a critical step toward data security. For many companies, the GDPR will mean a complete restructuring of data collection and use—redesigning programs and implementing new systems so that data regulation is incorporated into the design at every stage. This massive undertaking will not be easy, and in the coming year we will better understand what aspects of it work and what needs to be amended, added, or reworked. However, it will serve as an example to other governments of the effort and consideration that must go into data regulation so that consumers can regain trust in corporations and regain control of their personal data.
But it’s difficult to think about value when we have no buoy for understanding it outside our traditional lenses: for example, our time, our job, and what others tell us they are worth in cash. This, largely, is the world’s paradigm for value so far. But understanding what value really means changes everything—and will be at the center of the decentralized revolution in global coordination that will unfold over the next decade. So, where do we begin?
Let’s start with gold.
Gold is an inherent value. When backing a market, gold allows us to grow a balanced economy well into the trillions. But why does it allow for massive stable markets to form around it? It is gold's permanence that creates stability. We understand that gold will always have value, because it is inherent in all of us, not just in one part of the world, but everywhere, not just today, but tomorrow and for the long haul.
In the 1930s when the gold standard was removed, we learned that the U.S. dollar didn’t need gold to back its economy to flourish. We learned that it was just a symbol for U.S. citizens to decentralize their coordination around the United States economy.
It turns out, common agreement is a philosophy for building shared economy.
And so it seems inherent value is a marker for us to begin exploring what the future could look like—a future beyond gold and the existing realm of credit. And so what else has inherent value? Is education as valuable as gold? What about healthcare? What about a vote that can’t be tampered with? What about an ID that can’t be stolen or erased? What about access to nutrition or clean water? You will find value everywhere you look.
It turns out, we’ve already done the legwork necessary to uncover the most elemental inherent values: The Sustainable Development Goals are commitments grown out of the drive to bring to life basic tenets of the Universal Declaration of Human Rights—the closest possible social contract we have to a global, common agreement.
We’ve already agreed.
Our agreements are grounded in deep value centers that are globally shared, but undervalued and unfulfilled. The reason for this is our inability to quantify intangible value. All of these rich, inherent values are still nebulous and fragmented in implementation—largely existing as ideals and blueprints for deep, globally shared common agreement. That is, we all agree education, health, and equality have value, but we lack common units for understanding who and who is not contributing value—leaving us to fumble in our own, uncoordinated siloes as we chase the phantoms of impact. In essence, we lack common currencies for our common agreements.
Now we find ourselves at the nexus of the real paradigm of Blockchain, allowing us to fuse economics with inherent value by proving the participation of some great human effort, then quantifying the impact of that effort in unforgeable and decentralized ledgers. It allows us to build economic models for tomorrow, that create wholly new markets and economies for and around each of the richest of human endeavors.
In late 2017 at the height of the Bitcoin bubble, without individual coordination, planning, or the help of institutions, almost $1 trillion was infused into blockchain markets. This is remarkable, and the revolution has only just begun. When you realize that Blockchain is in a similar stage of development as the internet pre-AOL, you will see a glimpse of the global transformation to come.
Only twice in the information age have we had such a paradigm shift in global infrastructure reform—the computer and the internet. While the computer taught us how to store and process data, the Internet built off that ability and furthered the conversation by teaching us how to transfer that information. Blockchain takes another massive step forward—it builds off the internet, adding to the story of information storage and transfer—but, it teaches us a new, priceless and not yet understood skill: how to transfer value.
This third wave kicked off with a rough start—as happens with the birth of new technologies and their corresponding liberties. Blockchain has, thus far, been totally unregulated. Many, doubtless, have taken advantage. A young child, stretching their arms for the first couple times might knock over a cookie jar or two. Eventually, however, they learn to use their faculties—for evil or for good. As such, while it’s wise to be skeptical at this phase in blockchain’s evolution, it’s important not to be blind to its remarkable implications in a post-regulated world, so that we may wield its faculties like a surgeon’s scalpel—not for evil or snake-oil sales, but for the creation of more good, for the flourishing of commonwealth.
But what of the volatility in blockchain markets? People agree Bitcoin has value, but they don’t understand why they are in agreement, and so cryptomarkets fluctuate violently. Stable blockchain economies will require new symbolic gold standards that clearly articulate why someone would agree to support each market, to anchor common agreement with stability. The more globally shared these new value standards, the better.
Is education more valuable than gold? What about healthcare or nutrition or clean water?
We set out in 2018 to prove a hypothesis—we believe that if you back a cryptocurrency economy with a globally agreed upon inherent value like education, you can solve for volatility and stabilize a mature long lasting cryptomarket that awards everyone who adds value to that market in a decentralized way without the friction of individual partnerships.
What if education was a new gold standard?
And what if this new Learning Economy had protocols to award everyone who is helping to steward the growth of global education?
Education is a mountain. Everyone takes a different path to the top. Blockchain allows us to measure all of those unique learning pathways, online and in classrooms, into immutable blockchain Learning Ledgers.
By quantifying the true value of education, a whole economy can be built around it to pay students to learn, educators to create substantive courses, and stewards to help the Learning Economy grow. It was designed to provide a decentralized way for everyone adding value to global education to coordinate around the commonwealth without the friction of individual partnerships. Imagine the same for healthcare, nutrition, and our environment?
Imagine a world where we can pay refugees to learn languages as they find themselves in foreign lands, a world where we can pay those laid off by the tide of automation to retrain themselves for the new economy, a world where we can pay the next generation to prepare themselves for the unsolved problems of tomorrow.
Imagine new commonwealth economies that alleviate the global burdens of poverty, disease, hunger, inequality, ignorance, toxic water, and joblessness. Commonwealths that orbit inherent values, upheld by immutable blockchain protocols that reward anyone in the ecosystem stewarding the economy—whether that means feeding the hungry, providing aid for the global poor, delivering mosquito nets in malaria-ridden areas, or developing transformative technologies that can provide a Harvard-class education to anyone in the world willing to learn.
These worlds are not out of reach—we are only now opening our eyes to the horizons of blockchain, decentralized coordination, and new gold standards. Even though coordination is the last of the seventeen sustainable development goals, when solved, its tide will lift for the rest—a much-needed rocket fuel for global prosperity.
“Let us raise a standard to which the wise and the honest can repair.” —George Washington