Blockchain and the GDPR in Harmony: What's the Possibility?By CIOAdvisor Apac | Tuesday, January 29, 2019
The GDPR aims to create a uniform data regulatory framework in Europe and to strengthen the control of the storage and use of personal data by individuals. The GDPR introduces procedural and organizational obligations for corporate and public entities–and gives “data subjects” more rights– the term it uses for individuals. The GDPR contradicts the habit of the corporate by specifying that data processors should not collect data beyond what is directly useful for immediate consumer interaction.
In addition to transparency, the GDPR gives citizens more significant control over the use of their data. Many in the legal space have termed GDPR a loaded gun with global reach which imposes extremely high fees on companies that do not comply with it. Moreover, its range far exceeds the EU.
It is clear that the blockchain stores some potentially personal data, starting with its transaction history, due to the thin line between pseud-anonymity and identification. It could thus fall within the scope of the GDPR.
At first glance, there could be a direct contradiction between the GDPR and the public blockchain. It seems challenging to articulate the logic of the GDPR and the blockchain using the data processor/data subject divide. There’s no doubt about a fierce legal debate ahead.
The blockchain, however, shares many objectives with the GDPR. Both aim to decentralize data control and mitigate the power inequality between centralized service providers and end users, partly by eliminating them in the blockchain myth.
The combination of trusted hardware and blockchain is an especially promising avenue for research. All data is reproduced and shared on all machines in the network on the public blockchain. This makes the deletion of transaction data and privacy a nuisance for the users.
Combining the trusted computing with public blockchain means that data privacy can be protected from external threats and stored off- chain, and that the blockchain acts as the final judge for whom this data can be accessed. Since intelligent contracts mean that centralized service providers no longer have to trust, data rights can be managed exclusively by users through the blockchain and trusted hardware, returning control and privacy of their data. Several projects are currently pursuing this idea in the hope that it could turn the blockchain into a fairytale from a GDPR nightmare.