This is a fascinating question. The implication of GDPR is that blockchain cannot be used to store user data. The inability to delete, or even modify, records make it incompatible with the regulation.
There are however exceptions made when required by law, or in the interest of the public. Thus if the blockchain was storing perpetually relevant public information, such as a lobbyist registrar, or tax filings, it may still be valid.
I'd suspect the regulation can only be applied to legal entities as well. Something like Bitcoin could not likely be affected as nobody is the controlling body -- there is nobody to answer for the inability to comply with the regulation. Curious.
I was tempted to say using indexed data in the chain might be acceptable.
It has a problem though, the transaction records themselves, just with the IDs, are private data. A history of a user can be recreated without knowing their personal details just from the history of transactions. It also probably isn't too difficult to establish your real identity given enough records -- a problem with "anonymous" web records already.
Would you say that the adoption of GDPR just killed the Blockchain technology and we cannot apply it anymore as it currently is or should we focus on a way to find a compromise?
There are plenty of uses that don't involve user data, or that would rightly be considered a permanent part of public record.
Whether ID->DB links are sufficient will remain to be seen.
It's also unclear as to whether the right to erasure/modification applies to both public and private data. If the blockchain is never shared publically can it contain any user data?
Maybe I should expand this thought experiment as an article.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is a fascinating question. The implication of GDPR is that blockchain cannot be used to store user data. The inability to delete, or even modify, records make it incompatible with the regulation.
There are however exceptions made when required by law, or in the interest of the public. Thus if the blockchain was storing perpetually relevant public information, such as a lobbyist registrar, or tax filings, it may still be valid.
I'd suspect the regulation can only be applied to legal entities as well. Something like Bitcoin could not likely be affected as nobody is the controlling body -- there is nobody to answer for the inability to comply with the regulation. Curious.
What's your opinion on a GDPR compliant Blockchain as described here?
I was tempted to say using indexed data in the chain might be acceptable.
It has a problem though, the transaction records themselves, just with the IDs, are private data. A history of a user can be recreated without knowing their personal details just from the history of transactions. It also probably isn't too difficult to establish your real identity given enough records -- a problem with "anonymous" web records already.
Right ! Thanks for your feedback !
Would you say that the adoption of GDPR just killed the Blockchain technology and we cannot apply it anymore as it currently is or should we focus on a way to find a compromise?
There are plenty of uses that don't involve user data, or that would rightly be considered a permanent part of public record.
Whether ID->DB links are sufficient will remain to be seen.
It's also unclear as to whether the right to erasure/modification applies to both public and private data. If the blockchain is never shared publically can it contain any user data?
Maybe I should expand this thought experiment as an article.