With all the tumult around Facebook recently it hasn’t gone unnoticed that The EU General Data Protection Regulation will come into effect in a few weeks time. The GDPR will affect any company holding data relating to private EU citizens. It aims to give back control to citizens over their personal data and simplify the regulatory environment within the EU. Compliance is essential since penalties will be high.
How does blockchain technology relate to the GDPR? At first glance, a blockchain seems in conflict with the individual rights of data protection and privacy held by EU citizen. Encrypted or hashed personal data and public keys stored on a blockchain are subject to the GDPR. Furthermore transactions on the blockchain are immutable so data can’t be deleted or modified which is contrary to the GDPR mandate for ‘the right for erasure’.
The most obvious way to sidestep the GDPR is to store personal data off-chain and store a reference, a hash pointer, to this data on the blockchain. This workaround may find a need to reintroduce a trusted third party. A public key can’t be moved off-chain as it is an essential feature for transaction validation. With additional information such as a name or address, a public key can be attributed to a subject and is therefore considered pseudonymous. Public key compliance is more burdensome. Solutions for this problem are currently in development. You could, for instance, use stealth addresses or add noise to the data to obscure identification.
As a rule, the law lags behind technological innovation. Both Blockchain technology and the GDPR share a common objective: data sovereignty. The EU data protection framework was designed for a society that collects, stores and processes data centrally. Blockchain technology breaks down these data silos and enables a decentralized method of storage and protection. We can conclude that a blockchain doesn’t support data sovereignty automatically and must be designed to do so to be GDPR-compliant.
https://blockchaingovernance.nl
Reference material:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3080322
https://medium.com/wearetheledger/the-blockchain-gdpr-paradox-fc51e663d047