The European Union’s (EU) General Data Protection Regulation (GDPR) applies to the personal information of any natural person regardless of nationality of residence within the territory of EU. GDPR has enshrined upon the data subjects with a series of rights enabling individuals to have a better control over their personal information in relation to why it is collected, how it is collected and processed, where it is stored and for how long it will be stored. The said regulation is a by-product of the deliberation and evolution of the European Directive 95/46/CE which pertains to personal data protection.
Blockchain, on the other hand, has transformed how entities transact with each other by eliminating the role of third parties to assist, be it about financial transactions or record-keeping activities. It is projected that Blockchain would be widely used in the near future as a decentralised way of conducting business and consuming services and hence, it is pertinent to analyse the said technology under a GDPR-coloured lens considering the array of derivations possible through the use of Blockchain and the challenges posed by privacy measures while developing such derivations.
Introduction to Blockchain
Blockchain is a distributed ledger technology (DLT) that records digital interactions in a way that is designed to be secure, transparent, immutable, and auditable, without having to rely on a trusted intermediary. The said technology is designed in this way so that the role of intermediaries is limited, processes are simplified and new operating models and workflows are created. Blockchain, as a non-editable network, represents security and integrity. As a technology, Blockchain is tamper-proof in theory since it operates using a cryptographic identity that is unique to each block. Moreover, through Blockchain, data generated on the web will not be processed and stored into a central server but on local devices of users connected to the network. Hence, in this decentralized architecture, the users can communicate to one another without intermediaries.
Challenges posed by GDPR on utilisation of Blockchain
GDPR ensures protection of individuals in relation to the processing of personal data and provides for certain data subject rights, security safeguards and accountability measures that will need to be complied with by the organizations. However, GDPR poses various challenges to the utilisation of Blockchain as a technology because it is essentially un-editable and the data elements on various blocks cannot be altered with if a platform is Blockchain enabled. Some of these challenges are:
In such a scenario, it has become critical for technologists and researchers to indulge and invest in Research & Development (R&D) pertaining to Blockchain-enabled technology to be editable without losing its security and integrity.
How can organizations deal with Blockchain?
Organizations can implement various tools and measures to protect data on Blockchain-enabled applications and ensure compliance with privacy laws across jurisdictions, such as-
Blockchain networks are public and transparent. As a rule, all information on a Blockchain, which may include personal data, is accessible to everyone. Having said that, Blockchain is a secure network since technologies such as cryptography (digital signatures, encryption, time-stamping) provide for a safe and secure way of storing and managing information. Moreover, embedding privacy in Blockchain could be achieved by incorporating techniques such as hashing, private channels, or both. However, the said techniques should be subjected to legal screening before being embedded into the Blockchain against the applicable privacy laws over and above being scrutinized in terms of its fitness in relation to the procedures and workflows of the organization in question. What is noteworthy is that both Blockchain and GDPR share common principles of data privacy considering that both warrant users to be in charge of their own digital private data, be it payment details in the case of bitcoin, or personal data that is disclosed while engaging in transactions over Blockchain networks. Hence, it appears that Blockchain-enabled services could very well address the regulatory and legal challenges with the incorporation of right techniques and understanding of the applicable legal and regulatory privacy framework.
By Ahmar Zaman, Guest Writer