GDPR and blockchain

Hi fellows!

I was reading the GDPR statements and stopped on the right for the user to delete all his data.

Thinking about blockchain, a bloc should be immutable and tzmper proof, making this deletion impossible.

Then, what does this law mean for blockchain that have already stored user's information? And how will blocs now be built if we can't store enough data to authenticate the actors of the transaction?

Have a wonderful day!

Did you find this post useful? Show some love!

This is a fascinating question. The implication of GDPR is that blockchain cannot be used to store user data. The inability to delete, or even modify, records make it incompatible with the regulation.

There are however exceptions made when required by law, or in the interest of the public. Thus if the blockchain was storing perpetually relevant public information, such as a lobbyist registrar, or tax filings, it may still be valid.

I'd suspect the regulation can only be applied to legal entities as well. Something like Bitcoin could not likely be affected as nobody is the controlling body -- there is nobody to answer for the inability to comply with the regulation. Curious.

What's your opinion on a GDPR compliant Blockchain as described here?

I was tempted to say using indexed data in the chain might be acceptable.

It has a problem though, the transaction records themselves, just with the IDs, are private data. A history of a user can be recreated without knowing their personal details just from the history of transactions. It also probably isn't too difficult to establish your real identity given enough records -- a problem with "anonymous" web records already.

Right ! Thanks for your feedback !

Would you say that the adoption of GDPR just killed the Blockchain technology and we cannot apply it anymore as it currently is or should we focus on a way to find a compromise?

There are plenty of uses that don't involve user data, or that would rightly be considered a permanent part of public record.

Whether ID->DB links are sufficient will remain to be seen.

It's also unclear as to whether the right to erasure/modification applies to both public and private data. If the blockchain is never shared publically can it contain any user data?

Maybe I should expand this thought experiment as an article.

We've discussed this in the office. The outcome being that we would not store personal information within a blockchain. Instead we'd keep the personal data in a secondary platform and use an anynomised ID within the chain. Personal data remains able to be updated. We would need to manage orphan IDs in the chain if the personal data needs to be removed. Of course this all supposes that it's not the persnoal data that you are attempting to make tamper proof.

Then, what does this law mean for blockchain that have already stored user's information?

The blockchain is illegal?

Other components of blockchain are technically quite illegal on how it is being used as a security. It's not unreasonable to think this might just be illegal itself.

Classic DEV Post from Apr 13

Your Questions Are Dumb; Ask Them Anyway

Why it's still important to ask questions to other humans, even when they feel like stupid questions and Google exists.

Follow @kathryngrayson to see more of their posts in your feed.
Pierre Bouillon
Developer, student, tech enthusiast and coffee junky.
Trending on
Who's looking for open source contributors? (May 21 edition)
#discuss #opensource
How to setup an ethereum node
#blockchain #softwaredevelopment
Discussion: Would you consider building new framework or not
#discuss #developer #services #framework
Translating Integers Into An English String in Ruby
#discuss #ruby
Dev and Designer Communication
What was your first ever contribution to Open Source?
#discuss #opensource #contributing
How Art School Prepared Me for Programming
#art #career
What's your Developer Story?
#discuss #career