The project will develop a protocol where information about peer review activities (submitted by publishers) are stored on a blockchain. This will allow the review process to be independently validated, and data to be fed to relevant vehicles to ensure recognition and validation for reviewers. By sharing peer review information, while adhering to laws on privacy, data protection and confidentiality, we will foster innovation and increase interoperability.Everything about this makes sense and could be implemented with a database run by a trusted party, as for example CrossRef does for DOI resolution. Implementing it with a blockchain is effectively impossible. Follow me below the fold for the explanation.
The reason is that many reviewers are EU citizens, and will continue to be subject to the GDPR even after a hard Brexit. If the blockchain is to "ensure recognition and validation for reviewers" it will contain personal information about these reviewers. David Meyer writes in Blockchain is on a collision course with EU privacy law:
The bloc’s General Data Protection law, which will come into effect in a few months’ time, says people must be able to demand that their personal data is rectified or deleted under many circumstances.The whole point of a blockchain is to implement immutability, so it cannot be used as the infrastructure for GDPR-compliant systems. Step 4 in Phase 1 of the Blockchain for Peer Review is:
And with sanctions for flouting the GDPR including fines of up to €20 million or 4 percent of global revenues, many businesses may find the ultra-buzzy blockchain trend a lot less palatable than they first thought.
Altering data “just doesn’t work on a blockchain,” said John Mathews, the chief finance officer for Bitnation a project that aims to provide blockchain-based identity and governance services, as well as document storage.
I think this step instead needs to be:
- Investigate legal aspects (e.g. GDPR)
The EU will be happy to do this because blockchain!
- Rewrite the GDPR to allow immutability.
“From a blockchain point of view, the GDPR is already out of date,” Mathews said. “Regulation plays catch-up with technology. The GDPR was written on the assumption that you have centralized services controlling access rights to the user’s data, which is the opposite of what a permissionless blockchain does.”