These days, the EU Blockchain Observatory and Forum warned that the General Data Protection Regulator law which is already in force for a couple of months could hinder innovation in the blockchain space.
As the European blockchain body stated, this is because of the lack of legal clarity between blockchain technology and the GDPR law, which has the purpose of protecting individual data rights and facilitating the free movement of personal data in the single market.
Individual data protection rights
The report which was titled ‘Blockchain Innovation in Europe’ notes that as long as the legal framework around personal data and blockchain remains unclear, entrepreneurs, as well as those that design and build blockchain-based platforms and applications in Europe will face massive uncertainty.
According to the report which we mentioned above, one of the points of disagreement which are likely to rise out of the fact that GDPR empowers individuals to have their data altered is accuracy. In some cases, the GDPR also permits individuals to have this data deleted once it is no longer required. On the other hand, Blockchains are immutable, and data can also only be added not deleted.
The key to ensuring individual data rights
Under the GDPR, the key to ensuring that personal data rights are protected indeed has a central body which can be held accountable when things go wrong. Butin, the case of open, as well as permissionless blockchain where the information is processed by all the full nodes of the network, a centralized data controller, does not exist thus opening another point of conflict.
Besides, the GDPR law also stipulated that the data can only be transferred to third parties based outside of the European Union on condition that the data is going to be held in a jurisdiction that offers data protection levels which are equivalent to those in the single market. However, with open permissionless blockchains, it is not possible to pick where the data ends up since a full copy of the database is replicated on all the total nodes no matter where are they geographically located.
Full replication of data set versus selective use
According to the report, these conflicts arise because the GDPR law came into being before blockchain technology becoming a buzzword.
Tom Lyons, the author of the report, said that the law was conceived and written before blockchain technology was even widely known, and so was fashioned with an implicit assumption that a database is a centralized mechanism for collecting, as well as storing and processing data.
However, optimistically, the report notes that blockchain is still in its infancy and that it could evolve to a point where it becomes a tool which is helpful in achieving the ultimate goal of the GDPR which actually is data sovereignty.
The report also observes that blockchain could, in theory, make it easier for platforms and applications to have this compliance ‘baked in’ to the code, in that way supporting data protection by design.