According to the significant technological change that has occurred in the past decade, we can now be sure that the integration of innovative tools including blockchain, distributed ledger technology (DLT), and general data protection regulation (GDPR) standards are somehow sufficient and able to ensure the security and privacy of personal data in future Internet systems.
However, implementing cybersecurity requirements, even after GDPR, is the responsibility of service providers who should ensure they are met. Heavy penalties for non-compliance should convince service providers to adapt and implement all the necessary tools and actions, but we all know that this is not always the case.
Also, the services currently offered, while trying too slowly to comply with GDPR rules, are almost completely lacking in the fulfilment of security and privacy requirements "from the initial design,'' as stated by the EU principles.
Furthermore, is GDPR fully compliant with the EU-stated principle of "Do people need to maintain control of their personal data generated or processed within the disruptive technologies like blockchain and internet of things"? Apart from the initial request for consent, no prior control by the person concerned of the subsequent authorized or unauthorized use of his data is guaranteed and at most can only be verified in retrospect, for example with access to a database of all transactions of data certified by a blockchain technology. Automatic profiling, facial recognition and, in the future, analysis of individual pheromones are examples of the processing of user’s information that may not be regulated by GDPR.
Solving these problems can't rely solely on even very advanced regulations like GDPR. To avoid, perhaps definitively, the violation of our fundamental rights, we need a new paradigm of "prior control of the use of data", defined as "except for cases of force majeure or emergency, use in any form and for any purpose of personal information must be authorized in advance and explicitly by its owner, properly informed of the purpose of the use."
To achieve this extremely challenging but essential goal, we need to complement the innovative and revolutionary GDPR directives with new efficient technological tools that specifically and continuously achieve direct control person's data.
Examples of the application of new technologies to some use cases are GDPR compliance, informed consent management or denial and privacy in mobile apps, application to the food chain, energy balancing of electricity supply, mobile games, smart meters, tools for people with special needs, extraction, classification and encryption of document content and blockchain technologies.
The EU has played a key role in establishing rules on the protection of personal data through the GDPR. However, this is not enough in future scenarios that combine groundbreaking technologies such as blockchain, artificial intelligence and IoT, as regulations can always be breached, even in the face of heavy penalties for non-compliance, and the use of user’s info is still possible without user awareness.
Therefore, the only approach to the definitive solution of the protection of user’s info is scientific and technical, that is, through the search for technological tools that, with simple operations, give the user the power to always check the possible use of his data and to decide accordingly the type of consent.