With Malta’s three blockchain and cryptocurrency related Acts due to come into force in the coming days, many are unsure how blockchain and the EU GDPR will work with each other. The underlying attraction of blockchain and crypto is that it is anonymous, immutable, and decentralized, whereas the GDPR is designed to decrease the power that businesses have over personal data of individuals and clients. It seems on paper that the new laws laid down by the GDPR are in direct conflict with the core operations of blockchain technology.
The main bone of contention between the two is one of the primary benefits of blockchain – the fact that once data is uploaded, it is immediately available to everyone else using the network. Whilst this is great for efficiency, it goes against the right to be forgotten and the right to rectification that are core elements of the GDPR.
The right to be forgotten
Under the new rules, individuals have the right to have their data permanently deleted from businesses records within a timely period, or to have the data edited to reflect the truth. If the information is stored on the blockchain, it is not possible to comply with these requirements.
Using the example of accountancy firms operating a centralized database system, it should be quite straightforward to remove an entry. When it comes to blockchain entries, this is not the case. Deleting an entry on the blockchain would cause significant logistical issues by breaking the chain and the predicament about replicating the deletion across all nodes of the network.
A centralized back-end
One possible solution for blockchain is to change the way it works. It could develop a centralized back-end which would allow information and data to be anonymized without breaking any chains. Whilst this would solve the issue, it would require a lot of work and a big overhaul of how the platform works.
We must also take into account the fact that the GDPR refers to data controllers and processors. As the blockchain is just the platform over which data is transacted, it does not technically fall under the scope of the GDPR, rather it would be the responsibility of the businesses that are using it.
From the above, it is clear to see that blockchain and GDPR are somewhat at odds, but that doesn’t mean that either is doomed to fail. The focus now needs to be on the companies that are using personal data and how they manage their responsibilities. As GDPR becomes a bigger part of day to day life, we hope to see it evolve and adapt until it reaches a place where it is fully compliant with EU and national laws.
E&S Group is a leading corporate & law firm offering various services with regards to ICOs. Feel free to contact us directly on +356 20103020 or by email at email@example.com to find out how E&S can help you in ‘making things happen’.
For more information click the link.