View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
February 26, 2019

Gartner Predicts Blockchain “Privacy Poisoning”

Privacy poisoning is inserted personal data that renders the blockchain potentially noncompliant with privacy laws

By CBR Staff Writer

Negotiating privacy regulations is becoming increasingly difficult for security and risk management leaders, including chief information security officers and privacy professionals. For many organisations, privacy is a business-critical discipline, writes Bart Willemsen, Senior Director Analyst at Gartner

Recent developments in policy — most notably the EU’s General Data Protection Regulation (GDPR) — have driven a global movement of maturing privacy and data protection laws with stricter requirements. Many countries have begun implementing regulations inspired by GDPR principles, with the trend set to continue for the foreseeable future.

Bart Willemsen, Senior Director Analyst at Gartner

These evolving privacy requirements have a direct and dramatic impact on a business’s strategy, purpose and methods for processing personal data.

See also: Data Privacy: Policy Trends to Watch in 2019

Breaches of the same requirements can prove fatal for a company in financial, reputational and disciplinary terms. Security and risk management leaders are advised to pay due diligence to Gartner’s privacy predictions for 2019 to ensure continued transparency and customer assurance.

By 2020, backed up and archived personal data will pose the greatest area of privacy risk for 70% of organizations. In 2018, this concerned only 10% of organizations. Today, businesses retain backups of large swathes of sensitive and vulnerable personal data, without any clear intention of using it. Since the sensitivity and vulnerability of data are inherent characteristics, level of risk is proportional to volume. Moreover, the introduction of privacy violation penalties and fines renders the risk of holding onto unused personal data potentially very costly.

Over the next two years, any organization that fails to revise its data retention policies to reduce overall data stored (and data backed up) risks sanctions for noncompliance, in addition to facing the impact of an eventual data breach.

Blockchain Facing “Privacy Poisoning”

By 2022, in particular, three-quarters of public blockchains will suffer “privacy poisoning.” This is inserted personal data that renders the blockchain potentially noncompliant with privacy laws. While blockchain is a promising technology in terms of applications, businesses looking to implement it must establish whether the data in use is subject to any privacy laws. For example, public blockchains require an immutable data structure. In other words, once data is recorded, it cannot easily be modified or erased. Privacy rights granted to individuals include the “right to be forgotten.” If customers opt for this option, personal data processed about them must be deleted.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

This is concerning in itself, since entries in a public blockchain poisoned with personal data cannot be replaced, anonymized or structurally deleted. Thus, businesses cannot marry their need for record keeping with their compliance obligations. Organizations implementing blockchain systems without managing privacy issues will run the risk of holding onto personal data that cannot be deleted without compromising chain integrity.

By 2023, over 25% of GDPR-driven, proof-of-consent implementations will involve blockchain technology. This is an increase from less than 2% in 2018.

Regardless of the jurisdiction of operation and various privacy laws an organization may face, it is obvious organizations worldwide are at different stages in their journey to compliance. The pressure to implement a holistic privacy management program is increasing globally, and driving businesses to evaluate their data collection processes. However, the majority are struggling with integration costs and technology aiding accelerated compliance.

The application of blockchain to consent management is an emerging scenario at an early stage of experimentation. Various organizations have started exploring the use of blockchain for consent management, because the potential immutability and tracking of this new technology could provide the necessary tracking and auditing required to comply with data protection and privacy legislation.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.