An EU body – the Blockchain Observatory and Forum has issued a warning that the recently introduced GDPR could cause a significant delay in blockchain innovation.
Due to the lack of legal clarity surrounding blockchain technology as well as exactly how the GDPR will impact its underlying ethos, it has not yet been established how blockchain can exist in compliance with the new laws.
Blockchain in Europe
The report, entitled “Blockchain Innovation in Europe” states that: “As long as the legal framework around personal data and blockchain remains unclear, entrepreneurs and those designing and building blockchain-based platforms and applications in Europe face massive uncertainty. That can put a brake on innovation.”
One of the main issues highlighted in the report arises from the fact that the very essence of the GDPR is the empowerment of individuals to have control over who has their data and to amend it as they wish. Under some circumstances, the GDPR even allows individuals to have their information deleted as and when they choose- this goes completely against the grain when you consider blockchains immutability.
Protection of rights
Another key point of the GDRP is that individual’s data rights are protected and that one single central body can be held accountable when things go wrong. But, when it comes to an open and permissionless blockchain, information is processed across all nodes of the network, therefore there is no centralised data controller.
Lastly, the GDPR states that data is only allowed to be transmitted out of the EEA, if the data protection rules in the jurisdiction it is being transferred to are of the same or a higher level. With open, permissionless blockchains it is not possible to choose where data ends up as the database is replicated on all nodes, regardless of where they are located.
The report states: “The law was conceived and written before blockchain technology was widely known, and so was fashioned with an implicit assumption that a database is a centralized mechanism for collecting, storing and processing data.”
Encouragingly, however, the report does note that blockchain technology is still in its early stages of development and it could yet evolve to help GDPR attain its ultimate goal of data sovereignty.
“Blockchain could, in theory, make it easier for platforms and applications to have this compliance ‘baked in’ to the code, supporting data protection by design.”