General Data Protection Regulation (GDPR), which entered into force in May 2018, is primarily aimed at enabling EU citizens to know how their own information is processed. According to the regulations, people have the right to request that their personal data be corrected or deleted. On the other hand, there is a blockchain – a technology that creates a decentralized and open ecosystem. The blockchain makes it very difficult to change or delete any information stored inside.
Thus, the fundamental principles of the GDPR and blockchain are in conflict with each other. GDPR requires adjustability; blockchain provides transparency. A difficult situation arises, and people discuss whether companies using blockchains for processing personal data in the EU should stop providing their services, in realities of the GDPR.
What is the beginning of the blockchain and GDPR conflict resolution?
Recently, the European Union Blockchain Observatory & Forum gave some tips on how to handle your personal information in favor of the GDPR standards. Experts believe that the best way to fulfill the requirements will turn out in private blockchain networks. At the same time, the forum advises to be 100% sure that the blockchain itself is necessary for this system, personal data is stored in encrypted form and collected outside the blockchain. Thus, according to experts, a private blockchain is best suited for compatibility between the blockchain and the GDPR.
Public and private blockchain vs. GDPR: alternative opinion
It is impossible to state definitely that a private blockchain is a solution to the problem since such systems cast doubt on the very value of the blockchain. An open blockchain involves the work of hundreds and even thousands of nodes. Anyone who wants to view data becomes a new member (node) of the network. This is a very stable system, but it is also very ambiguous in terms of GDPR.
Queen Mary University is concerned about the possibility of the blockchain to comply with the standards of the GDPR, mentioning the so-called “right to be forgotten”. These transactions can be encrypted using the private key to generate encrypted text that can be stored in the blockchain in an unchanged way. When deleted, the text will remain on the blockchain but cannot be decrypted.
One supposes this approach is quite risky, since the public key may be compromised before deletion. However, these are only the first examples illustrating creative approaches to the creation and use of blockchains that correspond to GDPR. This will be the solution to the conflict.
Comment on what type of blockchain perfectly suits the GDPR, in your opinion!