Blockchain’s feature of nearly impossible data modification presents a potentially challenging connection with the right to be forgotten, an important aspect of the European Union’s General Data Protection Regulation (GDPR). Since GDPR dictates that personal data must be amendable and even erased if required, the strictly appendable character of Blockchain with data almost exclusively and continuously being added, a possible tension point is introduced between the specific technology and GDPR, with the latter founded upon minimising data storage requirements and allowing only purposeful and a priori agreed upon data analysis. Additionally, blockchains’ never ending data transactions’ registrations of various consensus mechanisms introduce an unchartered territory in terms of how purposeful data processing and minimised data storage can be interpreted in GDPR. If we add to the discussion the question of whether encrypted data qualifies as personal data, it becomes more obvious that blockchains and GDPR have anything but a sorted-out relationship.
The challenging reconciliation between privacy and blockchain is not only due to blockchains’ native technical characteristics, but also due to some conceptual uncertainties of the European data protection law itself. Territorial and administrative authorities and compliance of data transferring/erasing/controlling, definition of personal data qualities, and data subjects’ rights in global data networks are a few significant examples of the regulation’s conceptual uncertainties.
However, and despite these tension points, blockchain presents some promising features for better future compliance with GDPR. Blockchain’s data sharing without a central authority, offers transparency and accountability of data access, a characteristic which can be augmented and efficiently automated by relevant smart contracts between data subjects inside blockchains. Such characteristics can potentially provide more control to subjects relating their personal data, allowing for easier data portability and ultimately facilitating data marketplaces across institutions.
If you are interested in more details on the reasons why the relationship between Blockchain and Privacy is on the one hand challenging, but on the other it can prove to be very beneficial, watch this space for the upcoming DLT4All online classes offering a great variety of online modules, including the topic of this article.