Copy link
Increase text size
Decrease text size
Link copied

EU Blockchain Observatory and Forum focuses on tensions between GDPR and blockchain in new report

Thu, 08 Nov 2018, 04:21 am UTC

The EU’s Blockchain Observatory and Forum, an initiative of the European Commission, has said that there are no contradictions in principle between the goals of the General data protection regulation (GDPR) and those of blockchain technology.

The observatory published a report last month that focuses on the issue of compliance of blockchain with the GDPR. Entered into force in the European Union (EU) in 2016, the GDPR is aimed at protecting the personal data of citizens and went into application in 2018.

“GDPR compliance is not about the technology, it is about how the technology is used. Just like there is no GDPR-compliant Internet, or GDPR-compliant artificial intelligence algorithm, there is no such thing as a GDPR-compliant blockchain technology. There are only GDPR-compliant use cases and applications,” the paper reads.

That said, the observatory pointed out that many of the GDPR’s requirements are easier and simpler to interpret and implement in private, permissioned blockchain networks than in public, permissionless networks.

The report pointed out that the tensions between the GDPR and blockchain revolve mainly around three issues: the identifcation and obligations of data controllers and processors; the anonymisation of personal data; and the exercise of some data subject rights. It clarified that these issues have not been settled by the data protection authorities, the European Data Protection Board (EDPB) or in court

It emphasized that regulators should take the time to deeply understand each use case of blockchain technology, as well as the impact that various interpretations of the GDPR can have on the European ecosystem. The observatory proposed four rule-of-thumb principles that entrepreneurs and innovators can consider:

  1. “Start with the big picture: how is user value created, how is data used and do you really need blockchain?
  2. Avoid storing personal data on a blockchain. make full use of data obfuscation, encryption and aggregation techniques in order to anonymise data.
  3. Collect personal data off-chain or, if the blockchain can’t be avoided, on private, permissioned blockchain networks. Consider personal data carefully when connecting private blockchains with public ones.
  4. Continue to innovate, and be as clear and transparent as possible with users.”

<Copyright © TokenPost. All Rights Reserved. >

Back to top
Copyright ⓒ TokenPost. All Rights Reserved.