Unraveling Compliance Challenges: The Impact of GDPR on Blockchain Innovations - Explored | ABBYY Blog
Unraveling Compliance Challenges: The Impact of GDPR on Blockchain Innovations - Explored | ABBYY Blog
The Tension between GDPR and Blockchain
Andrew Pery
January 17, 2019
A potentially problematic challenge for industry and legislators is the apparent tension between privacy rights and the rapid adoption of blockchain-based applications which are expected to reach $10.6 billion in revenue by 2023.
There is a school of thought that blockchain is antithetical to and incompatible with safeguarding privacy rights. One of the most notable blockchain skeptics – David Gerard –argues that if “you were silly enough to put personal data into an append-only ledger which is a proof-of-work blockchain — that’d be flat-out insane.”
There is certainly merit to this argument. The ambition of blockchain is to provide an immutable ledger of transactions which cannot be modified by a participant within the blockchain, but rather controlled by complex consensus-based algorithms. While a blockchain provides a trusted framework for the integrity and auditability of transactions it stands in stark contrast to the ambition of the GDPR Regulation, the foundation of which is to enable data subjects to exercise greater degree of control over the processing of personally identifiable information.
The GDPR Regulation provides data subjects with enhanced rights to withdraw consent , access , correct and in some cases erase their personal information. “The structure of the blockchain does not allow for any such changes . Any attempt to modify the information recorded about a prior transaction could break the chain, and the transactions that were conducted in reliance on the pre-existing data could not be erased or superseded.”
The contrarian position is that blockchain and privacy rights can in fact be complimentary as both are predicated on the desire to confer greater degree of control on individuals over their information – albeit from two different ends of the spectrum of control. The ambition of blockchain is to remove agency costs by obviating the need for intermediaries to control data while at the same time ensure the trustworthiness, traceability and security of transactions. GDPR on the other hand is designed to primarily enable data subjects to exercise greater degree of control over the processing of their personal information. Both blockchain and GDPR are designed to “democratize” data by giving more control over its use to individuals.
There is a further argument for the co-existence of blockchain and GDPR privacy rights grounded on the inevitability of accelerated adoption of blockchain-based applications and that their impact “will be more transformational than the internet itself.” In an article Anne Toth, Head of Data Policy, World Economic Forum, LLC posed the following:
“While European policymakers were debating and finalizing aspects of GDPR, blockchain wasn’t on most people’s radar. This is yet another example of where regulation is addressing a problem in the rear view mirror rather than looking at the road ahead…. In this case, while we wait for the rules to play catch up, the question we have to ask is whether existing blockchain applications that store personal data are now rendered illegal until this is sorted.”
In between these polar opposite arguments there may be a pragmatic middle ground:
- Article 6 of GDPR stipulates six grounds for the legal basis of processing personally identifiable information: data subject consent, performance of a contract, compliance with legal obligations, protect the interests of data subjects, public interest and legitimate business interests. Blockchain-based applications such as Smart Contracts and Know Your Customer may process personally identifiable information based on either legitimate business interests or pursuant to a contractual obligation. Smart Contracts are typically permissioned blockchains which are written by and agreed to by the contracting parties and they determine the rules by which such contracts self execute. Similarly, Know Your Customer applications within financial services are permissioned blockchains and compliance with GDPR may be based on legitimate business interests. For example, the UK the Financial Conduct Authority published a Discussion Paper on Distributed Ledger Technology in which they contend that “the combination of DLT (Distributed Ledger Technologies) and GDPR has the potential to improve the way in which firms collect, store and process private information which it believes would result in significant improved customer outcomes.”
- There is a potential argument that the immutability of blockchains may be consistent with Article 4 of GDPR relating to ‘pseudonymization’ of personal information such that “personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately”. While pseudonymization falls within GDPR protection as such data may be re-identified (i.e. not anonymized) one possible way to address this gap is to store personally identifiable information off the blockchain.
- Some argue that blockchain may be a “catalyst for data protection…” blockchain databases are particularly interesting because they allow - at least in theory - transactions between parties without having to disclose their identity directly to the contracting party or the public. If a transaction cannot be traced back to the involved individuals, their fundamental right to self-determination is not affected.” However, the merits of this argument may not stand up to GDPR requirements as the authors of the article have cautioned that “Whereas it is true that no names, addresses, telephone numbers, or any other comparable information making it possible to readily identify the participants without significant effort there are various possibilities remaining for the de-anonymization of corresponding entries.”
A particularly instructive analysis of the co-existence of blockchain and GDPR is the French data protection authority (CNIL) which provides helpful guidance on best practices related to the implementation of GDPR compliant blockchain applications:
“Organizations should carefully determine whether they need blockchain in the first place, particularly a public one; if you choose to go forward, practice data minimization when registering data on a blockchain.”
This article originally appeared in AIIM.org entitled “The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist” by Andrew Pery. To read the original version, please visit: https://info.aiim.org/aiim-blog/the-tension-between-gdpr-and-blockchain-are-they-polar-opposites-or-can-they-co-exist?hs%5Fpreview=cQPEXuNl-6964127364 .
Intelligent Document Processing (IDP) Data Privacy Legal Artificial Intelligence (AI)
Andrew Pery
Digital transformation expert and AI Ethics Evangelist for ABBYY
Andrew Pery is an AI Ethics Evangelist at intelligent automation company ABBYY . His expertise is in artificial intelligence (AI) technologies, application software, data privacy and AI ethics. He has written and presented several papers on the ethical use of AI and is currently co-authoring a book for the American Bar Association. He holds a Masters of Law degree with Distinction from Northwestern University Pritzker School of Law and is a Certified Information Privacy Professional (CIPP/C), (CIPP/E) and a Certified Information Professional (CIP/AIIM).
Connect with Andrew on LinkedIn .
Like, share or repost
Share
Subscribe for blog updates
First name*
E-mail*
Сountry*
СountryAfghanistanAland IslandsAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBritish Virgin IslandsBrunei DarussalamBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos (Keeling) IslandsColombiaComorosCongo (Brazzaville)Congo, (Kinshasa)Cook IslandsCosta RicaCroatiaCuraçaoCyprusCzech RepublicCôte d’IvoireDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEthiopiaFalkland Islands (Malvinas)Faroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard and Mcdonald IslandsHoly See (Vatican City State)HondurasHong Kong, SAR ChinaHungaryIcelandIndiaIndonesiaIraqIrelandIsle of ManIsraelITJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKorea (South)KuwaitKyrgyzstanLao PDRLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacao, SAR ChinaMacedonia, Republic ofMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesia, Federated States ofMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNetherlands AntillesNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorthern Mariana IslandsNorwayOmanPakistanPalauPalestinian TerritoryPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRomaniaRwandaRéunionSaint HelenaSaint Kitts and NevisSaint LuciaSaint Pierre and MiquelonSaint Vincent and GrenadinesSaint-BarthélemySaint-Martin (French part)SamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint Maarten (Dutch part)SlovakiaSloveniaSolomon IslandsSouth AfricaSouth Georgia and the South Sandwich IslandsSouth SudanSpainSri LankaSurinameSvalbard and Jan Mayen IslandsSwazilandSwedenSwitzerlandTaiwan, Republic of ChinaTajikistanTanzania, United Republic ofThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkeyTurks and Caicos IslandsTuvaluUgandaUkraineUnited Arab EmiratesUnited KingdomUnited States of AmericaUruguayUS Minor Outlying IslandsUzbekistanVanuatuVenezuela (Bolivarian Republic)Viet NamVirgin Islands, USWallis and Futuna IslandsWestern SaharaZambiaZimbabwe
I have read and agree with the Privacy policy and the Cookie policy .
I agree to receive email updates from ABBYY Solutions Ltd. such as news related to ABBYY Solutions Ltd. products and technologies, invitations to events and webinars, and information about whitepapers and content related to ABBYY Solutions Ltd. products and services.
I am aware that my consent could be revoked at any time by clicking the unsubscribe link inside any email received from ABBYY Solutions Ltd. or via ABBYY Data Subject Access Rights Form .
Referrer
Last name
Query string
Product Interest Temp
UTM Campaign Name
UTM Medium
UTM Source
ITM Source
GA Client ID
UTM Content
GDPR Consent Note
Captcha Score
Page URL
Connect with us
Also read:
- [New] 2023 Browser Snapshot Winners Announced, In 2024
- [New] Comprehensive Guide to Effective Multiframe Use in Edge
- [New] Unlocking the Power of Memes A Guide to Creating Funny Videos
- [Updated] Exploring Per-View Money Flow Among YouTubers
- 2024 Approved YouTube Clips, Captured A No-Cost Screencasting Tutorial
- Effective Techniques for Converting H.265 Videos to H.264 Without Increasing File Size
- Einfache Anleitung Zum Klonen Von DVD-Inhalten Auf SD-Speichersticks Für Windows 10 Und Mac OS - Professionelle Tipps
- Guía Paso a Paso Para Instalar Libdvdcss Y Usar Handbrake en Mac O Windows 10 Para Clonar DVDs
- How to Resolve Sony DVD Player Issues when Seeing Sound, Not Image on Your Screen
- How To Resolve Voice Chat Problems in Apex Legends - Step-by-Step Guide
- Make Your Own VR Gear DIY Guide for Google Cardboard Viewers for 2024
- Optimizing Handbrake's Performance: Top Recommended RF Values for Enhancing Video Quality on DVDs and HD Media
- Seamlessly Update with the Complimentary Qualcomm Atheros AR938X Drivers – Download Here!
- Simplify Video Conversion with WinX DVD Ripper: Seamless Compatibility From DVD to iOS Devices for Mac OS X
- Step-by-Step Tutorial on Converting Your DVDs to Digital Files for a 500GB Seagate Drive Storage Solution
- Streamlined Guide: Transforming CAF Audio to WAV on a PC
- Twitter Media Upload Instruction Manual for 2024
- Winxvideo AI - 지급학자 최적화: 모든 영상, 음성 증강에 대한 속도와 구조
- Winxvideo AIを活用した手ぶれ補正とビデオ安定化の徹底的なガイド
- Title: Unraveling Compliance Challenges: The Impact of GDPR on Blockchain Innovations - Explored | ABBYY Blog
- Author: Joseph
- Created at : 2024-10-01 19:43:58
- Updated at : 2024-10-05 18:08:31
- Link: https://solve-helper.techidaily.com/unraveling-compliance-challenges-the-impact-of-gdpr-on-blockchain-innovations-explored-abbyy-blog/
- License: This work is licensed under CC BY-NC-SA 4.0.