Computerworld has penned an article about the issues surrounding Europe’s new GDPR rules and the blockchain. Initially they write, “The immutable nature of blockchain networks could break the rules….But when implemented properly, the distributed ledger technology could also be part of the solution for compliance.”
Anybody working in Blockchain and the law will have this topic forefront in their minds, at the moment..
As the EU prepares to roll out new data protection regulations this month, concerns are emerging that they could dissuade businesses from rolling out blockchain-based projects because the online transaction technology might innately break the new rules.
The EU’s General Data Protection Regulation (GDPR) targets citizens’ personally identifiable information (PII), providing transparency around its use and giving people the right to restrict its use or request it be deleted all together.
While GDPR never mentions PII, the new rules describing “personal data” are synonymous with it: “Any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.” In short, it means any data that can be tied back to person’s identity.
Blockchain, which has taken the business world by storm, is an online electronic distributed ledger technology that can create an immutable record for recording a history of transactions; therefore, if blockchain were to be used as a type of database to transact with PII, it would by default run afoul of GDPR rules. Blockchain ledgers can be added to, but information on the network cannot be modified or deleted. It’s a write-once, append-many technology.
How blockchain could run afoul of GDPR
Gerry Stegmaier, a partner in the IP, Tech & Data Group of Washington-based law firm Reed Smith, said blockchain’s greatest attribute – its characteristic as an unchangeable record that creates trust and a perfect auditing trail – could also be its biggest downfall from a rules perspective.
“Regulators are unlikely to accept the argument that somehow blockchain is exempt from GDPR strictures because a defining feature of distributed ledgers is the impossibility of deleting data, such that it cannot be deployed in a way that enables data deletion,” Stegmaier said in an email. “Those kinds of arguments haven’t resonated well with regulators.”
In general, technology development, for better or worse, has not been at the forefront of data protection policy development in Europe, Stegmaier added. Few regulators have technologists on staff, “and even fewer are technologists themselves.”
Others, however, argue that blockchain is not innately at odds with data privacy protection and can actually offer some of the industry’s best available data protection methodologies.
Gennaro Cuomo, an IBM fellow and vice president of the company’s Blockchain Technologies unit, explained that not all blockchain technology is created equal.
“For broad business and government use, enterprise blockchain technology is now available that solves four fundamental requirements: accountability, privacy, scalability and security,” Cuomo said in an email.
In February, Cuomo testified before a congressional subcommittee on blockchain as a transformational building block for many types of business and government communication; he emphasized that bitcoin and other forms of cryptocurrency are but one use of blockchain, just as social media is but one use of the internet.
How blockchain can support GDPR…..