Compliance with regulations and law is critical in the context of smart sustainable cities and in government
            and public service in general. Undeniably, regulation and policy compliance could be insurmountable
            barriers to using blockchain if the project is not adequately aligned with the regulations and policies of the
            country; so this must be established before deciding to use blockchain. Even when there are indications that
            a regulation or policy will be updated and the changes will support the process implemented in blockchain,
            there is the risk that the update will not specifically address what is expected, or that it will not be approved
            within the expected timeframes.
            Blockchain is an interesting tool to help achieve compliance by coding rules and regulations. Nonetheless,
            it might also create rigidity due to the immutability of code and data, making it difficult to accommodate
            inevitable changes in regulations. Smart contracts, for example, are considered feasible or applicable only
            under limited and circumscribed conditions, such as when there is no need for dispute resolution. The
            automation and disintermediation of smart contracts can, in some cases, be understood as representing
            a legal contract however it has created much confusion. Although smart contracts can be used to write
            “tamper-proof” agreements, it does not mean that they have legal value, depending on the case and the
            applicable law. Overall, regulators and policy-makers need to find a balance between taking advantage of
            the innovation of blockchain and complying with applicable law and other public protection aspects.


            (5)     Ensuring Data protection and privacy

            Complementing the regulatory uncertainty, there are also concerns about data protection and privacy.
            Smart solutions often rely on personal information available in city platforms, which can be used to create
            profiles of citizens. This raises the question of the protection of personal information. The challenge for cities
            and communities is to ensure that the legal frameworks and appropriate technical measures are in place
            to manage risks and ensure that there is enough public trust to support these initiatives. Data protection
            and privacy legislation vary from country to country.

            In Europe, for example, there is a strict requirement to comply with the General Data Protection Regulation
            (GDPR). It is important to highlight that GDPR compliance is not about the technology, but about how
            the technology is used. Consequently, the requirements depend on the case and the specific application.
            The tensions between the use of blockchain and GDPR requirements revolve around three main issues:
            the identification and obligations of data controllers and processors; the anonymization of personal data;
            and the exercise of some data subject’s rights. These issues have not been settled conclusively by the
            data protection authorities, the European Data Protection Board (EDPB), or in court. Regulators need to
            understand each blockchain use-case and the technology characteristics, which can vary tremendously
            from one case to another.
            For countries outside Europe, the specific laws need to be understood in context. In countries where
            data protection legislation is not yet in place, or is less developed, there is an even greater need for the
            public sector to think through the possible impact of blockchain implementations on individual privacy.
            It is essential to either identify or provide, and work within, an ethical and regulatory framework for data
            collection, use and sharing. There is a great risk of misuse and breach when implementing a blockchain,
            particularly when data could be collected from different sources, some of which may be anonymous. When
            navigating these risks, it is important to analyze how user value is created, establish how data are used and
            ascertain if blockchain could be the best solution. It may be necessary to avoid storing personal data in the
            blockchain, to make use of data obfuscation, encryption and aggregation techniques to anonymize data,
            or to innovate in other ways to ensure transparency with the users.







                                                                          U4SSC: Blockchain for smart sustainable cities  79