Does the GDPR Threaten the Development of Blockchain?

In the last two years, there has been a steady increase in the number of discussions around two important topics. Namely, the new EU law called the General Data Protection Regulation (GDPR) and the technological developments in the field of the blockchain. While data protection authorities clarified many aspects of the GDPR and financial authorities explained in detail the laws applying to blockchain technologies, no legal guidance was provided regarding the intersection between the GDPR and blockchain. Below, we discuss the blockchain aspects that may cause GDPR-related issues (Section 2) and provide recommendations on how the EU can facilitate the development of blockchain technologies without compromising the privacy of data subjects (Section 3). At the end of the article, we provide concluding remarks (Section 4).

One of the main characteristics of blockchain technologies is that such technologies permanently record all transactions in a way that it is difficult to modify or delete them. The modification or deletion of blockchain data usually requires 50% of the computers on the network to agree to the changes. Blockchain proponents argue that the permanent record provides transaction visibilities to all users of the blockchain network.

Considering the observations mentioned above, it is not clear how blockchain technologies will comply with Article 5(1)(d) and Article 17(1) of the GDPR. Article 5(1)(d) states that the data controller must erase or rectify personal data if such data is not accurate and/or up to date. Article 17(1) points out that the data controller must, upon a request of the data subject, erase the personal data of the data subject where one or more specified grounds apply.

While it is difficult to ascertain the entities that act as data controllers of public blockchains as they are completely decentralized peer-to-peer networks consisting of thousands of nodes, private blockchains may have (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Daniel Dimov. Read the original post at: