Close this search box.

How the new GDPR laws might affect blockchain

The European Union (EU) recently announced GDPR, the most comprehensive laws that are about to change how companies handle personal data.  General Data Protection Regulation (GDPR) set to come into full operation in May 25th, 2018. Even if the laws apply to 28 EU member countries, any company that has customers/users within EU might be affected and with the increasingly interconnected world, it’s about every company that deals with data.

In the last few years, there have been massive data breaches from major companies such as Yahoo, LinkedIn and recently Facebook.  These developments, along with new paradigms that have emerged could have triggered an update of laws relating to data.

When they come in operation they are expected to overhaul how businesses handle data and this promoted a lot of companies to issue consumer updates about data. I’m sure you’ve received a message by now from companies like Google, Twitter, Facebook and others that are in the data industry.

GDPR allows people to have more control over how companies use their personal data footprint. In addition, companies are now required to have clear responsibility for the data they hold and the consequences if they don’t.

Type of data: the GDPR has a requirement about protecting different types of data such as basic identity information such as name, address etc, web data such as location, IP address, cookies etc, health, biometric data, race or ethnic data, political opinions, sexual orientation etc.

The blockchain paradox

Some of the clauses in the GDPR are in direct conflict with blockchains and could affect the very nature of how blockchains work.

Users control over data: A major requirement is that individuals have a right to know what a company has about them.  This means that users will have more control over their data. In the blockchain world, user data is spread out in different computers that are used to process and verify transactions. The very nature of blockchain is such that no one party has all the data. For example, when I send a bitcoin transaction from one party to another, the transfer process can be viewed on block explorer but I cannot request any specific company about the data.

Personal data erasure: under GDPR, users can request their data to be erased by the company that holds it. This is another problematic area in blockchain because no single party holds personal data of a user. Even if it were possible, data erasure on the blockchain would affect the very nature of how blockchain works. A blockchain is different from other databases because it is immutable by nature and information is stored and maintained by nodes distributed throughout the world in a decentralized network. This is different from say Facebook which has all information stored in databases controlled by Facebook.  The GDPR regulations were therefore drafted with centralized databases in mind.

Ability to change or delete data on the blockchain at will would render the blockchain useless since that is the problem it was built to solve in the first place.

Questions remain

Off-chain data: in the recent past, the idea of off-chain data storage on the blockchain has come up. Off-chain storage is aimed at ensuring faster processing of transactions in order to solve the scalability issue. This dual architecture would work in such a manner that, transactions happen on chain via smart contracts and then actual data transfer takes place off-chain and hence faster transaction processing. This could raise questions about how such data is stored and if it is within the GDPR framework.

In addition, there are current blockchain projects that ae trying to make digital identity protocols on the blockchain.  For example, a project like CIVIC  is building blockchain based digital identity on the blockchain. Users can use a single digital identity in various places such as airports, hotels, medical, e-commerce, banks etc. and the information is encrypted and stored on the blockchain. It is unclear how GDPR will affect such projects because they will be dealing with personal data


Related Articles

Nigeria has announced a comprehensive review of its blockchain policy and the

July 17, 2024
3 mins read
Hamster kombat has gained over 239 million users within just three months
July 5, 2024
2 mins read
5 best anonymous crypto wallets: examining the top anonymous crypto wallet options
July 3, 2024
7 mins read
Kenyan authorities have dropped their investigation into Worldcoin, a controversial cryptocurrency and
June 20, 2024
3 mins read
Top Reads