GDPR Challenges for Blockchain Technology

Rohan Pinto

The European Union General Data Protection Regulation (GDPR) which will come into force on May 25, 2018 is the most discussed law across Europe. It contains stricter standards for collecting and processing personal data and may greatly impact how new technologies will be released. For example, blockchain is one of the hottest topics in the world of technology nowadays which in its current state will most probably be incompatible with GDPR.

Which information can be viewed as individual information in Blockchain?

Under the GDRP individual information is information identified with distinguished or identifiable regular individual. Additionally, as pseudonymous information may qualify as individual information and just mysterious information falls outside the extent of legitimate system of GDPR. In this manner, two sorts of information on blockchain can be considered as individual information: open keys and value-based information put away in the squares. Value-based information and open key are pseudonymous information. Despite the fact that an open key is an arrangement of numbers, it is as yet conceivable to recognize a man if extra data, for example, IP address and so on is accessible. Value-based information is either scrambled or hashed in blockchain, so one may surmise that it is mysterious information. In any case, scrambled information can be unscrambled with redress keys, therefore, it isn’t irreversible which is required by the GDPR so as to be unknown information. Hashing process is characterized by Article 29 Working Party as a pseudonymization method and, along these lines, hashing capacity does not illuminate the issue.

Who is a data controller on blockchain i.e. to whom are GDPR obligations addressed?

Blockchain is a decentralized circulated record worked by all hubs with no main issue of control. From one viewpoint, none of the hubs might be qualified as information controller or each hub may fall under such individual. Then again, an information subject himself might be considered as an information controller, since information subject has a private key and he is the person who is including individual information in the blockchain for his own motivations. Along these lines, contingent upon the activity in the blockchain and blockchain compose, the information controller or processor might be an alternate individual.

Where are GDPR commitments connected?

GDPR applies to the information controller or information processor which work in the EU or which preparing exercises identify with either the offering of merchandise or administrations to an information subject situated in the EU or where they screen conduct that happens in the Union. Since diggers are found all around the globe and information is hashed by a haphazardly chosen mineworker, relatively every excavator might be a committed individual under GDPR as they are handling reversible individual information.

Exercising of data subject rights on blockchain

GDPR presents new rights, for example, a privilege to be overlooked and appropriate to revise individual information. Such rights will most likely address the best difficulty for blockchains. Blockchain is a changeless innovation meaning every one of the information put away is open and can’t be corrected or erased. It is the greatest estimation of blockchain and in the meantime it is the most concerning issue of blockchain as the information subject must have the capacity to interest for the processor to evacuate individual information under GDPR.

Enabling Digital Business with Decentralized Identity
Read Here
Meet the Author

Rohan Pinto

Co-founder of 1Kosmos

Rohan is the co-founder of 1Kosmos. He is a go-to security and identity management expert and the founder of several businesses that have made considerable advancements in blockchain and identity management.