Blockchain: Challenges and solutions for compliance with the GDPR
NOTE: This article was written March 2019 for the Practicing Law Institute’s (PLI) Institute on Privacy and Data Security Law Conference “The Privacy and Security Challenges of New Technologies” panel to be hosted at the University of San Francisco on May 7th where I will participate as a panelist.
Introduction
Blockchain is a technology with a high potential for development that covers a very broad range of situations. Blockchains can serve to transfer assets (e.g.: Bitcoin or property deeds), be used as a ledger ensuring traceability (e.g.: diploma certification) or even to launch a smart contract (an independent program that “freezes” an agreement reached by two people in a blockchain in the form of an algorithm).
When blockchain entails the processing of personal data, it raises legal compliance questions. For example, aligning the immutability of blockchain with the principle of storage limitation can be challenging. At the same time, blockchains can provide effective solutions to meet the requirements imposed by GDPR. For example, the immutability of actions carried out on blockchains can enable solutions that effectively trace consent.
This article discusses the responsible use of blockchain in the context of personal data and addresses the…