"世界的边缘和无限可能性之间的边缘"

IF 0.8 Q3 INFORMATION SCIENCE & LIBRARY SCIENCE
D. Hofman, V. Lemieux, Alysha Joo, D. Batista
{"title":"\"世界的边缘和无限可能性之间的边缘\"","authors":"D. Hofman, V. Lemieux, Alysha Joo, D. Batista","doi":"10.1108/RMJ-12-2018-0045","DOIUrl":null,"url":null,"abstract":"\nPurpose\nThis paper aims to explore a paradoxical situation, asking whether it is possible to reconcile the immutable ledger known as blockchain with the requirements of the General Data Protection Regulations (GDPR), and more broadly privacy and data protection.\n\n\nDesign/methodology/approach\nThis paper combines doctrinal legal research examining the GDPR’s application and scope with case studies examining blockchain solutions from an archival theoretic perspective to answer several questions, including: What risks are blockchain solutions said to impose (or mitigate) for organizations dealing with data that is subject to the GDPR? What are the relationships between the GDPR principles and the principles of archival theory? How can these two sets of principles be aligned within a particular blockchain solution? How can archival principles be applied to blockchain solutions so that they support GDPR compliance?\n\n\nFindings\nThis work will offer an initial exploration of the strengths and weaknesses of blockchain solutions for GDPR compliant information governance. It will present the disjunctures between GDPR requirements and some current blockchain solution designs and implementations, as well as discussing how solutions may be designed and implemented to support compliance. Immutability of information recorded on a blockchain is a differentiating positive feature of blockchain technology from the perspective of trusted exchanges of value (e.g. cryptocurrencies) but potentially places organizations at risk of non-compliance with GDPR if personally identifiable information cannot be removed. This work will aid understanding of how blockchain solutions should be designed to ensure compliance with GDPR, which could have significant practical implications for organizations looking to leverage the strengths of blockchain technology to meet their needs and strategic goals.\n\n\nResearch limitations/implications\nSome aspects of the social layer of blockchain solutions, such as law and business procedures, are also well understood. Much less well understood is the data layer, and how it serves as an interface between the social and the technical in a sociotechnical system like blockchain. In addition to a need for more research about the data/records layer of blockchains and compliance, there is a need for more information governance professionals who can provide input on this layer, both to their organizations and other stakeholders.\n\n\nPractical implications\nManaging personal data will continue to be one of the most challenging, fraught issues for information governance moving forward; given the fairly broad scope of the GDPR, many organizations, including those outside of the EU, will have to manage personal data in compliance with the GDPR. Blockchain technology could play an important role in ensuring organizations have easily auditable, tamper-resistant, tamper-evident records to meet broader organizational needs and to comply with the GDPR.\n\n\nSocial implications\nBecause the GDPR professes to be technology-neutral, understanding its application to novel technologies such as blockchain provides an important window into the broader context of compliance in evolving information governance spaces.\n\n\nOriginality/value\nThe specific question of how GDPR will apply to blockchain information governance solutions is almost entirely novel. It has significance to the design and implementation of blockchain solutions for recordkeeping. It also provides insight into how well “technology-neutral” laws and regulations actually work when confronted with novel technologies and applications. This research will build upon significant bodies of work in both law and archival science to further understand information governance and compliance as we are shifting into the new GDPR world.\n","PeriodicalId":20923,"journal":{"name":"Records Management Journal","volume":null,"pages":null},"PeriodicalIF":0.8000,"publicationDate":"2019-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1108/RMJ-12-2018-0045","citationCount":"30","resultStr":"{\"title\":\"“The margin between the edge of the world and infinite possibility”\",\"authors\":\"D. Hofman, V. Lemieux, Alysha Joo, D. Batista\",\"doi\":\"10.1108/RMJ-12-2018-0045\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\nPurpose\\nThis paper aims to explore a paradoxical situation, asking whether it is possible to reconcile the immutable ledger known as blockchain with the requirements of the General Data Protection Regulations (GDPR), and more broadly privacy and data protection.\\n\\n\\nDesign/methodology/approach\\nThis paper combines doctrinal legal research examining the GDPR’s application and scope with case studies examining blockchain solutions from an archival theoretic perspective to answer several questions, including: What risks are blockchain solutions said to impose (or mitigate) for organizations dealing with data that is subject to the GDPR? What are the relationships between the GDPR principles and the principles of archival theory? How can these two sets of principles be aligned within a particular blockchain solution? How can archival principles be applied to blockchain solutions so that they support GDPR compliance?\\n\\n\\nFindings\\nThis work will offer an initial exploration of the strengths and weaknesses of blockchain solutions for GDPR compliant information governance. It will present the disjunctures between GDPR requirements and some current blockchain solution designs and implementations, as well as discussing how solutions may be designed and implemented to support compliance. Immutability of information recorded on a blockchain is a differentiating positive feature of blockchain technology from the perspective of trusted exchanges of value (e.g. cryptocurrencies) but potentially places organizations at risk of non-compliance with GDPR if personally identifiable information cannot be removed. This work will aid understanding of how blockchain solutions should be designed to ensure compliance with GDPR, which could have significant practical implications for organizations looking to leverage the strengths of blockchain technology to meet their needs and strategic goals.\\n\\n\\nResearch limitations/implications\\nSome aspects of the social layer of blockchain solutions, such as law and business procedures, are also well understood. Much less well understood is the data layer, and how it serves as an interface between the social and the technical in a sociotechnical system like blockchain. In addition to a need for more research about the data/records layer of blockchains and compliance, there is a need for more information governance professionals who can provide input on this layer, both to their organizations and other stakeholders.\\n\\n\\nPractical implications\\nManaging personal data will continue to be one of the most challenging, fraught issues for information governance moving forward; given the fairly broad scope of the GDPR, many organizations, including those outside of the EU, will have to manage personal data in compliance with the GDPR. Blockchain technology could play an important role in ensuring organizations have easily auditable, tamper-resistant, tamper-evident records to meet broader organizational needs and to comply with the GDPR.\\n\\n\\nSocial implications\\nBecause the GDPR professes to be technology-neutral, understanding its application to novel technologies such as blockchain provides an important window into the broader context of compliance in evolving information governance spaces.\\n\\n\\nOriginality/value\\nThe specific question of how GDPR will apply to blockchain information governance solutions is almost entirely novel. It has significance to the design and implementation of blockchain solutions for recordkeeping. It also provides insight into how well “technology-neutral” laws and regulations actually work when confronted with novel technologies and applications. This research will build upon significant bodies of work in both law and archival science to further understand information governance and compliance as we are shifting into the new GDPR world.\\n\",\"PeriodicalId\":20923,\"journal\":{\"name\":\"Records Management Journal\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.8000,\"publicationDate\":\"2019-03-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1108/RMJ-12-2018-0045\",\"citationCount\":\"30\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Records Management Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1108/RMJ-12-2018-0045\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Records Management Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/RMJ-12-2018-0045","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 30

摘要

目的本文旨在探讨一个矛盾的情况,询问是否有可能将称为区块链的不可变账本与《通用数据保护条例》(GDPR)的要求以及更广泛的隐私和数据保护相协调。设计/方法论/方法本文将审查GDPR的应用和范围的理论法律研究与从档案理论角度审查区块链解决方案的案例研究相结合,以回答几个问题,包括:据说区块链解决解决方案会给处理受GDPR约束的数据的组织带来什么风险?GDPR原则和档案理论原则之间有什么关系?这两套原则如何在特定的区块链解决方案中保持一致?如何将存档原则应用于区块链解决方案,从而支持GDPR合规性?发现这项工作将为符合GDPR的信息治理提供区块链解决方案的优势和劣势的初步探索。它将介绍GDPR要求与当前一些区块链解决方案设计和实施之间的脱节,并讨论如何设计和实施解决方案以支持合规性。从可信的价值交换(如加密货币)的角度来看,区块链上记录的信息的不可更改性是区块链技术的一个显著的积极特征,但如果无法删除个人身份信息,则可能会使组织面临不遵守GDPR的风险。这项工作将有助于理解区块链解决方案应如何设计以确保符合GDPR,这可能对希望利用区块链技术优势满足其需求和战略目标的组织产生重大的实际影响。研究局限性/含义区块链解决方案的社会层的一些方面,如法律和商业程序,也得到了很好的理解。数据层,以及它如何在区块链等社会技术系统中充当社会和技术之间的接口,人们对此了解甚少。除了需要对区块链的数据/记录层和法规遵从性进行更多的研究外,还需要更多的信息治理专业人员,他们可以在这一层为自己的组织和其他利益相关者提供意见。实际意义管理个人数据将继续是信息治理向前发展的最具挑战性和最令人担忧的问题之一;鉴于GDPR的范围相当广泛,许多组织,包括欧盟以外的组织,将不得不根据GDPR管理个人数据。区块链技术可以在确保组织拥有易于审核、防篡改、防篡改的记录以满足更广泛的组织需求并遵守GDPR方面发挥重要作用。社会含义由于GDPR声称是技术中立的,了解其在区块链等新技术中的应用为了解不断发展的信息治理空间中的合规性提供了一个重要的窗口。独创性/价值GDPR将如何应用于区块链信息治理解决方案的具体问题几乎完全是新颖的。它对区块链记录保存解决方案的设计和实现具有重要意义。它还提供了对“技术中立”法律法规在面对新技术和应用时实际运作情况的深入了解。这项研究将以法律和档案科学领域的重要工作为基础,在我们进入新的GDPR世界之际,进一步了解信息治理和合规性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
“The margin between the edge of the world and infinite possibility”
Purpose This paper aims to explore a paradoxical situation, asking whether it is possible to reconcile the immutable ledger known as blockchain with the requirements of the General Data Protection Regulations (GDPR), and more broadly privacy and data protection. Design/methodology/approach This paper combines doctrinal legal research examining the GDPR’s application and scope with case studies examining blockchain solutions from an archival theoretic perspective to answer several questions, including: What risks are blockchain solutions said to impose (or mitigate) for organizations dealing with data that is subject to the GDPR? What are the relationships between the GDPR principles and the principles of archival theory? How can these two sets of principles be aligned within a particular blockchain solution? How can archival principles be applied to blockchain solutions so that they support GDPR compliance? Findings This work will offer an initial exploration of the strengths and weaknesses of blockchain solutions for GDPR compliant information governance. It will present the disjunctures between GDPR requirements and some current blockchain solution designs and implementations, as well as discussing how solutions may be designed and implemented to support compliance. Immutability of information recorded on a blockchain is a differentiating positive feature of blockchain technology from the perspective of trusted exchanges of value (e.g. cryptocurrencies) but potentially places organizations at risk of non-compliance with GDPR if personally identifiable information cannot be removed. This work will aid understanding of how blockchain solutions should be designed to ensure compliance with GDPR, which could have significant practical implications for organizations looking to leverage the strengths of blockchain technology to meet their needs and strategic goals. Research limitations/implications Some aspects of the social layer of blockchain solutions, such as law and business procedures, are also well understood. Much less well understood is the data layer, and how it serves as an interface between the social and the technical in a sociotechnical system like blockchain. In addition to a need for more research about the data/records layer of blockchains and compliance, there is a need for more information governance professionals who can provide input on this layer, both to their organizations and other stakeholders. Practical implications Managing personal data will continue to be one of the most challenging, fraught issues for information governance moving forward; given the fairly broad scope of the GDPR, many organizations, including those outside of the EU, will have to manage personal data in compliance with the GDPR. Blockchain technology could play an important role in ensuring organizations have easily auditable, tamper-resistant, tamper-evident records to meet broader organizational needs and to comply with the GDPR. Social implications Because the GDPR professes to be technology-neutral, understanding its application to novel technologies such as blockchain provides an important window into the broader context of compliance in evolving information governance spaces. Originality/value The specific question of how GDPR will apply to blockchain information governance solutions is almost entirely novel. It has significance to the design and implementation of blockchain solutions for recordkeeping. It also provides insight into how well “technology-neutral” laws and regulations actually work when confronted with novel technologies and applications. This research will build upon significant bodies of work in both law and archival science to further understand information governance and compliance as we are shifting into the new GDPR world.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Records Management Journal
Records Management Journal INFORMATION SCIENCE & LIBRARY SCIENCE-
CiteScore
3.50
自引率
7.10%
发文量
11
期刊介绍: ■Electronic records management ■Effect of government policies on record management ■Strategic developments in both the public and private sectors ■Systems design and implementation ■Models for records management ■Best practice, standards and guidelines ■Risk management and business continuity ■Performance measurement ■Continuing professional development ■Consortia and co-operation ■Marketing ■Preservation ■Legal and ethical issues
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信