In 2018, regulation forms an increasingly important part of our lives. The popular media and the political sphere are increasingly in favour of more regulation – and I think we can agree that it’s rare but interesting to see the press take a pro-red tape stance. This perceived need for increased regulation is due to the fact that in recent years; we’ve seen first-hand just how technology can make power and wealth more concentrated. This process even seems to be accelerating. For example, the total global growth in advertising last year was captured by just two multinational firms, Google and Facebook. Two firms that are both only two decades old!
The last ten years have seen the financial services sector swept up in a regulatory whirlwind. This has been a necessary response to the 2008 global financial crisis, but also a desired response to protect consumers as regulatory knowledge grows, and technology and data make automating regulation and compliance processes easier. (Please see my companion piece on RegTech).
From January this year, MiFiD II (Markets in Financial Instruments Directive) has come into force in Europe and is aimed at creating a new era of transparency and ‘fairer’ markets. In the UK financial sector, the Retail Redistribution Review of 2012 (RDR 2012) created transparency and cost savings for consumers. But in some cases it narrowed the number of available advisors and may have excluded people from financial advice. The wave of regulation has swept through financial services increasing the regulatory burden and compliance costs at financial services firms, but with the net benefit of increasing accountability. We now have a less profitable financial services sector but (hopefully) a more stable economy.
There is a growing demand that technology and data are next in line for stronger regulatory focus. The trend appears to be that personal data will become increasingly valuable as we enter the information age, and also that control of this data will be increasingly concentrated. There is a risk that unless society takes a stand, our data will be controlled by unaccountable offshore stakeholders and multinational corporations.
However, steps are being made to allow us to control our data. Enter the European Union and the GDPR (General Data Protection Regulation). The GDPR, which will still apply in the UK post-Brexit, is a re-vamp of earlier data protection laws and an attempt to create valid information policies for the digital age. This is globally the most important change in information policy we’ve seen. Every organisation, EU-based or not, interacting with EU citizens, will need to make changes to their data policies to avoid conflicting with the new rules and a more powerful and vigilant regulator.
Intriguingly the GDPR directly conflicts with another interesting technology or means of manipulating data. This is the ‘blockchain’. Blockchain technology is most famous for forming the foundations of the bitcoin digital currency, but virtual currencies are only one possible use. There are hundreds of organisations globally experimenting with many different uses from smart contracts to payments, even to providing a digital identity.
A blockchain is a decentralised, distributed and public digital ledger. The ledger stores data across many computers so that the record cannot be altered retroactively without the permission of the network. The lack of central control is in theory what ensures the reliability of the information stored. But for the storage of personal data, the GDPR and the blockchain may not be readily compatible. This is due to the fact that GDPR requires data to be alterable and erasable on request from EU citizens, something not readily available utilising a blockchain. This is because altering data will require the permission of the network, which may not be readily available. The fines for non-compliance with the GDPR are up to €20 million or 4 per cent of global revenues. This may make a standard database a more obvious choice for data controllers.
The European Commission is agnostic about which specific technology is used for data processing, but the new legislation introduces a mandatory obligation for data controllers to apply the principle of ‘data protection by design’. This is where applications on a public blockchain and many digital currencies may fail into regulatory issues. Blockchains are designed to be immutable, but in conflict with this approach, GDPR makes the potential to remove some data a legal requirement.
For bitcoin and blockchain aficionados, it makes GDPR seem out of date before implementation. It is possible that regulatory updates will include provisions for more specific uses of this technology, but since the EU Directive preceding GDPR is the Data Protection Directive of 1995, we may be waiting a while!
- The post gives the views of its author, not the position of LSE Business Review or the London School of Economics.
- Featured image credit: Europe GDPR, by TheDigitalArtist, under a CC0 licence
- When you leave a comment, you’re agreeing to our Comment Policy.
Dan Tammas-Hastings is Managing Director and founder at digital asset management firm RiskSave. He founded the company in response to inadequate risk measures and a lack of transparency dominating the financial services industry. After a successful career as a fixed income trader specialising in GBP derivatives at Merrill Lynch and as a hedge fund manager, managing multi-billion £ portfolios across credit and rates, he is now a leader in risk management and is in charge of strategy and investment at RiskSave. Dan has been awarded both the CFA and FRM charters and is a graduate of the LSE and the University of Cambridge.