Blockchain technology in light of the General Data Protection Regulation.

Abstract

At a time when technology is flourishing and national economies are consistently shifting further towards digital innovation developments, personal data has become a key asset to all modern business models. In this context, legislators felt the need to update data protection laws on a European level, through a technology neutral, comprehensive regulatory framework designed to safeguard and protect the personal data of individuals, at least for the foreseeable future. On 25th May 2018, the much anticipated General Data Protection Regulation (GDPR) came into force, with the purpose of harmonising data protection legislation within the European Union. While European policymakers were finalising aspects of GDPR, we started experiencing rapid developments in blockchain technology, a technology with immense potential for practical application, which boasts of a decentralised, immutable and transparent system. Now that the GDPR is in effect and we have started to understand its practical implications, one immediately notes the conflict there is between some of the most important principles imposed by the GDPR and blockchain technology. The GDPR is tailored towards centralised networks, imposing the designation of accountable data controllers and data processors. On the other hand, one of the main advantages which distinguishes blockchain technology from others is its decentralised nature. This fundamental conflict implies other substantive issues. Another clear conflict between blockchain technology and the GDPR is the inability to erase or rectify data stored on the blockchain. This is one of the main advantages posed by blockchain technology which assures complete transparency within the network. However, the GDPR affords individuals the right to rectification and to erasure of their personal data from any given system. Evidently, there is conflict between blockchain technology and the GDPR, to the extent that that the two are arguably incompatible. This dissertation shall assess this conflict and explore the possibility of developing blockchain technology in a GDPR compliant manner.