GDPR and Blockchain- A Paradox
Before we get to the minimal amount of jargon that this article has, let us talk about data protection particular to the internet.
You have recently dealt with a company and have provided your contact information simply because they asked for it.
Well, why did they ask for it?
What exactly would they do with it?
You might ask yourself whether such concerns are important. Or how valuable would your data even be for a big FMCG. Assuredly, they will seem important once you start getting unsolicited calls and your name is listed on databases which you don’t happily approve of.
You can look at the mess that social media giants are in right now simply because of data misuse. The effects of data misuse are vast and range across multiple levels. They can disrupt a person’s daily lifestyle or can even influence a nation’s election.
Considering such extensive fallouts, the European General Data Regulation Protection was introduced by the EU in April, 2016. This was a measure which intended to filter all suspicious uses of a person’s digital data.
It has already been implemented on the 25th of May, 2018, and expects all companies operating within the EU to give control of data usage to the consumers. It also entails stating stark explanation of the requirement of any kind of data.
For example, a major restaurant chain might ask for your number while taking your order. If they are taking it to send you occasional promotional texts then it is acceptable.
If there is no reason to know a person’s contact information, a company should desist from doing so.
The entire philosophy of the GDPR rests on the notion of least data accumulation. This would ultimately lead to less chances of data theft and manipulation.
How does it affect Blockchain?
David Fragale, co-founder at Atonomi, makes a statement about it.
“GDPR presents an opportunity for EU citizens to exercise control over their personal data. From a Blockchain perspective, this aligns well with the community’s ethos of moving away from central authorities. However, technologically, this conflicts with Blockchain’s immutable ledger and decentralized data storage architecture.”
Blockchain, intrinsically works by accumulating data about transactions. This, in turn leads to roping in data about all subjects involved in every transaction ever made. Since this is exactly opposite to what GDPR stands for, there is a prevalent question about the future of the Blockchain tech and crypto companies located within the jurisdiction of the GDPR.
A blockchain is built to protect data from being modified or deleted. Therefore, if the GDPR calls for any one aspect of the Blockchain to be changed, it would prove highly difficult, expensive and time-consuming. All consenting parties would eventually have to agree for a change to be brought out in the Blockchain.
One solution could be an IMS or Identity Management System.
This is essentially based on the off-chain storage concept of Blockchain.
With the help of an IMS, users can store their PII or Personally Identifiable Information on their personal devices, unlike on the Blockchain itself. This would help organisations using Blockchain be spared from coming under the purview of GDPR’s driving principles.
Users are also free to delete their own data in the IMS thereby satisfying the GDPR’s idea about the right to data erasure.
What is the future of Blockchain and GDPR compatibility?
While on one hand, technologies like Blockchain, Artificial Intelligence and Biometrics are emerging with a strong assurance of privacy and data security, the other hand sees austere global regulations being set in order to enforce openness and overall data transparency.
This unusual mix makes it hard for policy makers and technological entrepreneurs to be on the same page. However, the constant pressure that EU is facing might see some changes in how it carries out its long-term legislation.