Within the framework of the new data privacy rule in Europe, blockchain might be at risk since the technology allows its users to store personal information, a concept that is essentially opposite of what the upcoming European law will be seeking.
A think tank in Washington DC, Coin Center, stated on Friday April 6th that the technology of blockchain may be intrinsically incompatible with what the new European privacy rule seeks to uphold.
GDPR (General Data Protection Regulation) was legally approved around two years ago and is planned to come into force on 25th May this year. Under the decree, European citizens will have the right to request any company to delete their personal information and all the data related to them from the records permanently.
As a consequence, the problem falls upon blockchain technology since a total deletion of any information stored in the digital ledger is impossible to make.
Law lecturer at Oxford University, Michèle Finck, stated that altering any data from the blockchain is impossible. Michele says,
“If you were to delete or modify data from the blockchain to comply with the GDPR rights to amendment or the ‘right to be forgotten,’ you wouldn’t just change that piece of data, but the hash of the block containing the data and of all subsequent blocks.”
The lecturer continued:
“I think it’s safe to say that currently, most blockchains are incompatible with the GDPR, especially permissionless blockchains.”
Although one of the main goals now for any new digital ledger project is to work in conformity with GDPR, so many factors make this unattainable.
Andries Van Humbeeck, co-founder and consultant at TheLedger.be’s, told The Verge that essentially the blockchain was designed to store data permanently in the platform, and that any form of deletion goes against the technology’s nature.
He stated that it would be very difficult to track and hold back every single entity transmitting a Bitcoin operation, and at the same time, he agreed with Michèle’s opinion of the potential consequences of deleting information from the digital ledger. Andries said:
“If you purge a block of transactions, the truthfulness of all subsequent blocks of transactions becomes questionable.”
The Coin Center’s executive director, Jerry Brito, declared via a post that these regulations should keep in mind that the GDPR is incongruous with the fact that every open blockchain network is decentralized. He said that there’s no way of being compliant, as it’s the opposite of what the digital ledger represents.
In conclusion, in order to be able to work together, either the GDPR or the blockchain needs to change its conceptions. Which of them will do so remains a question, but it may appear at the moment that the EU is closing its doors to the future of the digital era.