The General Data Protection Regulation (GDPR) aims to strengthen data protection rules for individuals within the European Union. The GDPR was approved by the EU parliament on 14 April 2016 and will come into action on 25 May 2018; the UK is still a part of the EU whilst Brexit is ongoing so the GDPR will be enacted into UK law by way of a new Data Protection Bill. The GDPR will be the biggest change to data protection law in the EU in 20 years.
But will the new kid on the block(chain), cryptocurrencies, be able to keep up?
The GDPR will provide the right for individuals to be forgotten, an individual’s data should be deleted by the company whom holds the data on request. This should not be a problem for many companies, it will be a simple task of clicking ‘delete’.
However, many, if not all, cryptocurrencies operate on the blockchain. This is by definition, a distributed digital ledger, in which transactions and data are recorded in chronological order and made publicly available.
So will it be possible to delete user data that is stored on the blockchain? Probably not, this is bit of a worry if the request to delete user data is made under the newly enacted GDPR.
Worryingly, for breaches of the GDPR a fine will be calculated on the higher of 20 Million Euros or 4% of the company’s turnover. This could cause some serious damage to any blockchain start-ups.
It should be noted that, even if a company is based outside of the EU, if it provides services to citizens of the EU that company will be within the jurisdiction of the GDPR. So there does not appear to be an easy way out.
Well there is one way, it may be possible to keep user information “off chain”, the only down side of this is that “off chain” isn’t on the blockchain. Thus, all the benefits of blockchain are lost.
With almost everything turning onto the blockchain, is this one issue that many have forgotten? Or one that may not be forgotten?