GDPR, or the General Data Protection Regulation, which was implemented on 25th May 2018 by the European Union, aims at safeguarding the interests of all EU citizens by standardizing the mechanisms and laws relating to data privacy across all industries.
The act aims to empower EU citizens to safely protect their personal information and also to make them aware of what data is held by various institutions. GDPR would, moreover, empower all EU citizens with data privacy rights. This would enable them to be data portable. The regulation also stipulates that should there be a data breach, it must be reported to the supervisory authority of personal data within 72 hours.
Does blockchain fall within the purview of GDPR?
The European Commission proposed GDPR in 2012 when the blockchain concept was unknown. Prior to that, social networks and cloud services were organized centrally, i.e., multiple data subjects interacted with a data processor or controller. Since blockchain is a decentralized protocol, how does GDPR affect it?
For one, the line between identification and pseudonymity is thin, and blockchains do store some personal data including our transaction histories, it is likely to fall within the purview of GDPR.
Moreover, GDPR principles on “erasure rights” raises a pertinent question on who would be the accountable data processors in blockchain systems that are completely decentralized.
On the flip side, however, blockchain shares many common goals with GDPR: decentralizing control of data, tempering power inequalities between service providers that are centralized by suppressing these partly and the end users.
One area that needs particular attention is the combination of blockchains and trusted hardware. On a public blockchain, data is not only replicated but shared widely among all machines in the network.
This obviously makes deletion of transaction data impossible for users. However, recent developments have led to the formation of “trustworthy computing enclaves,” that provide confidential and secure data storage.
When blockchains resort to trusted computing, it could mean enhanced data privacy and protection from external threats. Moreover, when stored off-chain, the blockchain could act as the ultimate judge of who can get access to such data.
The development of smart contracts has led to a situation where centralized service providers no longer need to be trusted, and data rights are exclusively manageable through trusted hardware and the blockchain. This would ensure privacy and control over user data and work in favor of blockchain, now that GDPR has been implemented.