With regulators desire to protect user’s personal data, a slew of laws have been introduced over the years to provide protection from companies that gather this information. The latest such law addresses how blockchain handles such data and it is not proving an easy task.
Blockchain and GDPR both aim to better improve the lives of user’s, but can they get along? GDPR or General Data Protection Regulation, a law providing users with the right to access, edit and delete their collected information, could become a major issue for blockchain companies. Scandals such as the Equifax data breach and the misuse of customer data by Facebook (Cambridge Analytica), have initiated a growing outcry from consumers about the risks and lack of transparency associated with current collection practices and use of the consumers’ data. This shift in public consciousness has created a sense of urgency. GDPR came into existence due to the loss of trust in giant companies when handling users’ personal data, and the blockchain strips users off control of such data.
Now, the question that seems to be on everyone’s mind is, how will this affect blockchain technology? Blockchain has been praised for its nature of transparency and immutability. Once data is stored “on the block” or secured on a distributed ledger, it is near impossible to alter or delete it. This could lead to less privacy, conflicting directly with the regulation. The GDPR offers the power back to the individual, enabling them to edit and delete data which falls into the hands of centralised authorities. Whereas blockchain provides irreversible, transparent and inherently ultra-secure features. Can the two coexist or are they meant to be sworn enemies?
Due to its nature, blockchain cannot be controlled by a single entity. It creates a secure environment where all data is locked in and prevented from being altered. This is part of the advantages of the technology, a quality that reduces fraudulent activities. The dilemma facing user’s now, transparency or privacy? Does one of the two have to go? According to Darryn Pollock, both are seeking increased security in regards to data as controllers, processors and sub-processors of data under the GDPR are held to high standards and with blockchain, the encryption and decentralised structure makes the network highly tamper-resistant.
There is no denying that EU’s GDPR creates “new and untested challenges” when storing personal information on blockchain but that doesn’t mean blockchain companies the likes of Parity ICO Passport Service (PICOPS), the blockchain provider, should discontinue their services due to the restrictions enforced by GDPR. A statement on the company’s website commented on why they chose to discontinue their service:
We are looking at ways of resolving the uncertainty and making PICOPS compliant with GDPR while keeping it useful. However, as things stand the solutions we have identified restrict the service to a very limited set of features. Because of this, the significant resources required to make PICOPS GDPR-compliant, and the fact that PICOPS is not part of our core technology stack, we have decided to discontinue the service despite overwhelming market needs and demand.
It is time for companies to begin working with regulators to make sure that their laws do not stifle the development of the industry. It is also down to blockchain companies to design new applications that will comply with the laws instead of shutting down because of it.