Blockchain technology and the GDPR: compatible?

In this blog, we will briefly explain what blockchain technology is and how it itself relates to certain aspects of the GDPR. Specifically, the rights of the stakeholders in the blockchain are adequately safeguarded.

What is blockchain technology?

Blockchain technology is a decentralized, transparent data acquisition and distribution system in which every new entry is immediately visible on every copy of “the ledger” or ledger.

One speaks of a ledger when one starts shaping data in such a way that it contains an entire history of data. The authenticity of each submission is guaranteed by a sophisticated consensus system.

The data recorded cannot be changed because this data also exists in billions of other copies of the ledger.

Blockchain uses a combination of data encryption and distribution to ensure that every transaction in the ledger is verified and visible to others.

No matter who sees it, the ledger always shows the same thing: a transparent set of data. And blockchain is essentially a decentralized register of data that is constantly updated so that everyone viewing the blockchain sees the exact same data, at the exact same time.

How does blockchain work?

A blockchain functions by capturing a timestamped transaction, producing an encrypted digital signature and using the network’s computing power to verify the encrypted signature.

Verification is done by “proof of work,” in which a computer must solve a complex problem.

Each block is connected to a previous block in a chain by a hypercomplex mathematical process related to the data in a previous block.

The “hash” of the previous block is included in the new block, along with a record of all the last transactions performed since the last block was added (usually minutes or hours before).

Other computers in the blockchain check the correctness of the hash and verify the validity of the new block.

Blockchain and Bitcoin

Blockchain is a very important technology in the world of Bitcoins.

The fact is that the transactions of Bitcoin, a crypto currency, are recorded using blockchain technology.

Without the existence of Blockchain technology, the use of Bitcoins would never have been possible.

Indeed, the technology is designed to preserve the integrity of the crypto currency.

The blockchain technology and our data

Thus, with a Blockchain, all transaction data, such as the amount and beneficiary of a particular Bitcoin, for example, are permanently stored in a block.

This uses data that has been previously stored in other blocks. Blockchain technology is essentially going to stack data as mutations are recorded in a chain, because of this it is basically not possible to delete data from previous blocks or change them.

From the moment personal data is processed in these Blockchains, GDPR legislation applies, think for example of the case where the name, address or certain financial data is stored in a “block.”

Issues:

The fact that some of this data is stored and essentially cannot be deleted is extremely problematic and runs counter to the right to be forgotten, right to delete data and right to change data set forth in Articles 12 and 17 of the GDPR.

Adding to this problem is the fact that the data is visible to anyone and at any time.

This makes it virtually impossible for data subjects to exercise their right to be forgotten.

In addition, it is also a certainty that personal data is stored for a much longer time than what is necessary and relevant for the purpose of processing.

This is not the only problem posed by the use of Blockchain technology. In fact, Blockchain technology is usually used by people who do not know each other.

This obviously makes it very difficult to designate a data controller and establish the necessary arrangements for compliance with GDPR regulations.

Article 4( 7) of the GDPR states that the controller is the party that designates the purpose and means of processing personal data.

Private blockchain:

With a private blockchain, it is somewhat easier to designate the responsible party since the blockchain participants are more clearly designated. With a public blockchain, as already cited, this is a tricky one.

Indeed, the decentralized nature of a public blockchain means that a third party is completely unnecessary.

In this way, the current practices of Blockchain technology could seriously disrupt sectors such as finance, healthcare and cybersecurity.

Conclusion

Blockchain technology is still evolving to this day, with data protection remaining a huge stumbling block.

The GDPR aims to provide data subjects with greater security and control over their personal data.

Blockchain technology in its current state offers data subjects anything but protection of their personal data.

Indeed, there is a great risk for data subjects to lose control over their own personal data in the blockchain.

Either way, the right to data protection within blockchain technology requires a concrete solution and, looking to the future, creates complex legal challenges.

For more information regarding Blockchain technology and applications of the GDPR, you can always contact an accredited
DPO.