Blockchain technology is on a collision course with EU privacy law

Well, yeah, there is a rather straightforward solution - just don&#x27;t store any personal information on a blockchain.<p>Is it practical? Sometimes yes. Some usecases won&#x27;t be able to do that, and this is fine, they should just consider technologies other than a blockchain. Or if they really want to have blockchain, perhaps consider storing personal information in an external database with references to its fields on a blockchain. Possibly with a salted hash stored in a blockchain, so that it&#x27;s possible to verify whether a value was changed. A matching checksum or an empty value (meaning a value removed due to GDPR requirements) would be fine.<p>Edit: A removed comment suggested storing an encryption key in a database to decrypt data on a blockchain. This is another way of looking at it - essentially keep two parts, one on a blockchain, another outside of blockchain - and you need both to decode the data while the part outside of blockchain could be removed.

Clickbaity headline. It&#x27;s not the &quot;blockchain technology&quot; as a whole, but some specific use of it that can <i>potentially</i> violate the GDPR. You don&#x27;t need a blockchain to violate the law: you can do it with paper or mysql or usb keys.<p>Bottom line is: don&#x27;t put your customers&#x27; personal data onto anything that you don&#x27;t control.<p>Nothing to see here.

There&#x27;s a very naive assumption in the article that Blockchain being incompatible with GDPR issue can be resolved by altering GDPR.<p>I think it is impossible: GDPR is specifically designed to prevent sensitive personal information from leaking and information about one&#x27;s financial transactions is one of the most sensitive pieces of information there is.<p>So, if GDPR versus Blockchain case ever reaches any EU court the only possible ruling is to outlaw the Blockchain technology (at least in it&#x27;s current incarnation).

Well yes and no.<p>The prevention of fraud countermands GDPR, so keeping the financial transactions of anonymous IDs in a public, reasonbly immutable format, is not going to be a problem, infact its going to be encouraged, because data portability is also another key feature of GDPR.<p>Storing people&#x27;s personal pictures, well then yes, you have a problem. But then its a stupid place to keep private, non-public interest photos.

Definitely it was a good read, but let me just focus on the main point.<p>It is true that Blockchain technology has been thought as a replacement of a trusted third party like a notary or central register, but usually those are public registries: household ownerships, public offers... And those registries are usually exceptions or are treated in a different way (and usually they are explicitly regulated by each country). A few of them are even public, like the defaulters list in Spain.<p>Also, it is quite naive to think that an European citizen can erase &quot;any personal data&quot;, that could be quite convenient to erase your fresh new mortgage or obligations. You are only allowed to ask for irrelevant information to be removed not for specific business related log even if they have your personal data in them.

Wouldn&#x27;t it easy for a blockchain to just reference external data which then get deleted to comply with GDPR? I know, breaks some ideas about storing data in the chain, but if that&#x27;s the compromise that works. In the end it will all be about the specific implementation of each blockchain, the idea of blockchains in general will never be endangered like u&#x2F;mamon suggested.

If you put data that&#x27;s considered personal into a public blockchain, or any decentralized system, who becomes the owner of that data? Was it the company&#x2F;service that originally published it on the blockchain? or is every node required to treat it as their own GDPR-compliant data?

Some of the comments By interviewees in this article are so backwards it&#x27;s comical:<p>&gt; &quot;From a practitioner&#x27;s perspective, it sounds to me that it was drafted by trying to implement a certain perspective of how the world should be without taking into account how technology actually works,&quot; Steiner said. &quot;The way [public decentralized network] architecture works, means there is no such thing as the deletion of personal data. The issue with information is once it&#x27;s out, it&#x27;s out.&quot;<p>My answer to this is - don&#x27;t put personal information in the blockchain then! What&#x27;s the purpose of technology that doesn&#x27;t serve human needs?<p>It&#x27;s a bizarre worldview that positions technology as the master, not the servant of mankind.

This assumes if it&#x27;s a direct fork of Bitcoin and not focused on privacy like Monero or Bytecoin.

GDPR is not only conflicting with some Blockchain use cases but with old-fashioned ledgers and paper-based accounting as well because the same principles apply here, too (an entry cannot be deleted, its effect can merely be reversed).<p>If followed to the letter GDPR would&#x27;ve major repercussions on tax regulations because as a company you&#x27;re legally bound to keep accounting records for at least 10 years whereas according to GDPR you&#x27;re required to delete any record if asked by a person whose personal data appears in that record.<p>The solution in that case is that GDPR only applies if it doesn&#x27;t contradict other, already existing laws.<p>So, where Blockchain applications facilitate legal requirements or don&#x27;t manage personal data this should be perfectly fine but yes, other types of Blockchain applications are pretty much ruled out by GDPR.

1. Encrypt your personal data with a private key that you control.<p>2. Put encrypted personal data on a blockchain.<p>3. When a 3rd party wants to use your data, give them your private key. They can store this in their own database so that they can access your blockchain data whenever they wish.<p>4. To invoke your &quot;right to be forgotten&quot;, simply ask the 3rd party to delete your private key.<p>Am I missing something?

one drunken night you decide to put some random piece of private information on the bitcoin&#x2F;etherum blockchain. can you invoke your &quot;right to be forgotten&quot;? if so, can you c&amp;d every node in the EU to take down your info?

blockchain technology is the most transparent