What is Blockchain Technology:
Blockchain refers to the technology behind virtual currencies and is a shared database containing information recorded in blocks and is managed by a peer to peer network. Each block is recorded on a ledger and linked to other blocks through the use of encryption. Blockchain can be seen as a type of diary which contains information about transactions, whereby any entry depends on the previous. In contrast to traditional banking, blockchain technology offers publicly details of the transaction, e.g. the amounts of funds, the sender’s wallet etc) and is mostly working decentralised instead of a centralised institution which manages all the transactions centrally.
In blockchain the ledger is not held by a single person or a centralized institution but is rather decentralized and distributed to a number of different servers, called nodes. Nodes validate a new entry after communicating with each other, making it difficult to manipulate any data. Therefore, in blockchain technology there is no centralised validation system. Using this simple technology blockchain eliminates the need of a trusted intermediary and make the transaction costs lower, transparent and faster. Once the data are written in a block, then they cannot be altered.
In public and permissionless Blockchains anyone can download the entire ledger and view transactions. Therefore, the Blockchain transparency is achieved through the exposure of the data of the participants to anyone. The safety of the system is achieved through the tamper-proof character of the ledger, which can cause compliance problems with the evolving regulation surrounding the Blockchain technology, making it difficult to comply.
The protection of personal data in the context of Blockchain technology:
The European Union’s General Data Protection Regulation (GDPR) became binding in May 2018, creating a number of obligations to data controllers and granting enforceable rights to data subjects and establishing principles for the data processing. Among these principles are that the data processing must be kept to minimum and only processed for the purposes that have been specified in advance.
There is current ongoing debate whether data stored on a distributed ledger (e.g. transactional data) qualify as personal data for the purposes of GDPR or if the blockchain technology is compatible with the principles set in the GDPR.
Especially the distribution and replication of data to different computers, the unaltered nature of the information held on a ledger contradicts the principle set above, namely data minimisation principle. Blockchain at its current stage contradicts the provisions of the right to be forgotten (Art. 17 GDPR), the GDPR requirements that personal data must be amended (Art. 16 GDPR) after a request from the data subject.
Furthermore, according to Art. 4 par. 7 GDPR the controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. In the context of the Blockchain decentralized system it shall be difficult to determine the “Controller”, as every participant is considered to be a “controller”, making it difficult for the Data Protection authorities to hold a natural or legal person accountable for a breach of the GDPR.
One further example of the Blockchain incompliance with the GDPR is the right to rectification. As stated above the transaction data, written on a ledger cannot be altered once they have been registered, making it difficult to comply with Art. 16 GDPR, which states the data subject’s right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Having said the above, Blockchain technology is expected to change the way that transactions are made in the future but the GDPR seems to be an obstacle for the implementation of the Blockchain technology in the European Union, as the data subjects cannot enforce their rights under the GDPR.
The Blockchain technology structure which ensures data integrity and trust among the participants is not compatible with the rights granted by the GDPR.
Back to News