EU GDPR & Blockchain
Reported on Bitcoinagile.com.
Generally we know that blockchain technology underpins cryptocurrencies, and there are many organizations using the technology for a myriad of other applications: executing contracts, modernizing land registries, even providing new systems for identity management. But there’s a small problem on the horizon. According to a post today from Washington, DC-based think tank Coin Center, blockchain technology may be fundamentally incompatible with Europe’s new privacy laws that will come into effect in May of this year.
General Data Protection Regulation
The General Data Protection Regulation (GDPR) will take effect on May 25th, under the new rule companies will be required to completely erase the personal data of any EU citizen who requests that they do so. The problem is that with blockchain, a complete erasure of any stored personal data might not be possible, experts told The Verge.
“Modifying data on a blockchain is very hard,” Oxford Law lecturer Michèle Finck said, “If you were to delete or modify data from the blockchain to comply with the GDPR’s rights to amendment or the ‘right to be forgotten,’ you wouldn’t just change that piece of data, but the hash of the block containing the data and of all subsequent blocks.”
Finck continued, “I think it’s safe to say that currently, most blockchains are incompatible with the GDPR, especially permissionless blockchains.” She said that although some blockchain projects are currently thinking about applications that would be GDPR-compliant, the problem is that “there are so many points of tension…way beyond the right [for personal data] to be forgotten.”
By their very nature, transactions on a blockchain aren’t meant to be deleted, but to be recorded permanently. It would also be difficult to stop every place transmitting a Bitcoin transaction. “This is by design… It’s the basics of blockchain technology,” Andries Van Humbeeck, co-founder and blockchain consultant at TheLedger.be, a Belgium company that provides blockchain-related training and advice, told The Verge.
“If you purge a block of transactions, the truthfulness of all subsequent blocks of transactions becomes questionable.” He continues,“all Bitcoin transactions after that purged block become untrustworthy, which would undermine the complete system.”
Because of all this, compliance headaches could afflict thousands of companies. Case in point: more than 1,000 apps are being built on the Ethereum blockchain alone, according to the stateofthedapps.com.
“I think it will impede some of the applications,” Greg McMullen, a lawyer based in Germany and blockchain expert, says of the law. “We’ll get a bit of a reality check on what the right kinds of applications are to build on a blockchain.”