Can General Data Protection Regulation strengthen blockchain within the EU?

Just recently the European Parliament has passed a resolution on ‘Distributed ledger technologies and blockchains’, which was introduced by a Greek member and chair of the European Parliament’s Science and Technology Options Assessment Panel – Eva Kaili. She stressed the importance of keeping up with global innovation processes and making the EU one among key actors in the field. However, this is only possible with a strong support from the legal institutions that are capable of supporting and maximizing the existing efforts.

Blockchain technology has indeed changed the operation of many different fields and major industries. It has introduced new concepts that have value and potential to greatly influence and simplify our daily lives. Crucially, it has enabled companies to distribute digital data instead of copying it. Such worldwide famous companies as AIG, Microsoft, Google and IBM are now taking advantage of blockchain in a variety of projects related to cloud infrastructure, import controls, food safety monitoring, and so on. Therefore, it is essentially wrong to assume that distributed ledger technology has no other application and use except crypto-currencies. It is important to remember though that without effective and progressive legislation this technology will be withheld from reaching its full potential.

How does the GDPR influence the application of blockchain?

In order to understand this, we need to look closer into the key recommendations that the Parliament’s resolution included. First and foremost, the legislation recommends that the EU member states conduct an analysis of the legal framework to ensure the enforceability of blockchain smart contracts. Besides, there must be efficient technical standards developed for the emerging technologies. Interestingly, members of the Parliament also suggest that blockchain-based curricula must be introduced into educational institutions, such as universities and training facilities. All the regulations must aim at removing the constraints for blockchain, so rules must be assessed and applied within the framework of a business-neutral model. The European Commission and Central Bank should be subject to a responsibility of risk identification when the matter concerns the integration of crypto-currencies into the EU payment systems. Besides, the infrastructure must become decentralized in order to prevent competition issues, just like, the data of EU citizens is examined and decentralized in order to avoid situations of misuse and improper handling.

During discussions in relation to the latter, the members of the Parliament expressed concern about the compliance of public ledgers with the GDPR. There could also be a major issue with the deletion of data upon the request of the individual, which is ensured by the article 17 of the GDPR. Blockchain technology does not provide for data being retrieved and erased and this might become a problem from the perspective of the legislation.

How could this potentially be resolved?

Experts in the field have been attracting peoples’ attention to the particular ways of blockchain exploitation that would not generate a conflict with the active law. For example, there could be limits imposed on the amount of data that is stored on a blockchain, which would prevent it from falling under processing of personal information under the GDPR. Besides, data encryption mechanisms can be implemented in order to anonymize it without intervening into the transaction verification process. Such approach is already the core of the developing ‘privacy coin’ technology, such as Dash and Zcash.

Potential obstacles.

The European Parliament’s resolution stresses compliance with the GDPR as the fundamental priority for the blockchain technology. The European Data Protection Supervisor is expected to issue further instructions and guidance on the matter. However, there might be certain controversies encountered, as despite the vast potential of the technology, it might have difficulties fitting into the legislative framework of the GDPR. The potential impact on privacy must be analyzed, as opposed to purely the benefits for process improvement. The European authorities want the rest of the world to perceive Europe as a hub for successful blockchain development. However, a lot of work must be done in order to ensure effective protection of citizens’ data.

It is clear that the proposed resolution only sets out non-binding recommendations, but the interest of regulatory and commercial actors in establishing an effective regulation of blockchain remains crucial. One thing is certain – there are no circumstances that could justify the breach of individual privacy by the emerging technologies, which calls for a serious and profound approach to blockchain and GDPR.