The EU Blockchain Observatory and Forum has warned that the General Data Protection Regulation law that went into effect a little over two months ago could hinder innovation in the blockchain space.
According to the European blockchain body, this is because of the lack of legal clarity between blockchain technology and the GDPR law, whose aim is to protect individual data rights as well as facilitate the free movement of personal data in the single market.
“As long as the legal framework around personal data and blockchain remains unclear, entrepreneurs and those designing and building blockchain-based platforms and applications in Europe face massive uncertainty. That can put a brake on innovation,” notes the report titled ‘Blockchain Innovation in Europe’.
Individual Data Protection Rights
Per the report, one of the points of dissension that are likely to emerge arise out of the fact that GDPR empowers individuals to have their data amended in order to maintain accuracy. In some cases the GDPR also allows individuals to have this data deleted once it is no longer required. Blockchains, on the other hand, are immutable and data can only be added not deleted.
Under the GDPR the key to ensuring that individual data rights are protected is having a central body that can be held accountable when things go wrong. But in the case of open, permissionless blockchain where the information is processed by all the network’s full nodes, a centralized data controller does not exist thus opening another point of conflict.
Additionally, it is stipulated in the GDPR law that data can only be transferred to third parties based outside the European Union on condition that the data will be held in a jurisdiction which offers data protection levels that are equivalent to those in the single market. With open permissionless blockchains, however, it is impossible to select where the data ends up since a full copy of the database is replicated on all the full nodes regardless of their geographical location.
Full Replication of Data Set vs Selective Use
The report notes that these conflicts arise due to the fact that GDPR law came into being prior to blockchain technology becoming a buzzword.
“The law was conceived and written before blockchain technology was widely known, and so was fashioned with an implicit assumption that a database is a centralized mechanism for collecting, storing and processing data,” the report authored by Tom Lyons says.
Optimistically, though, the report notes that blockchain is still in its infancy and could evolve to a point where it becomes a tool which helps achieve the ultimate goal of the GDPR – data sovereignty.
“Blockchain could in theory make it easier for platforms and applications to have this compliance ‘baked in’ to the code, supporting data protection by design,” observes the report.
Featured image from Shutterstock.