Blockchain-based Systems Should be Exempt from the EU’s General Data Protection Regulations (GDPR)
In this our fast-paced information age where companies like Facebook are making billions of dollars by selling people’s information to third-parties, the GDPR is an excellent tool to cure the ‘madness’ of centralized systems. However, experts have suggested that data stored on distributed ledgers should be exempted from this new ‘giant killer law.’
The GDPR Game Changer
Most organizations have central servers where they store their data as well as peoples personal information. These firms have access to the information at will and can do whatever they like with it. They can decide to sell it, modify it or leave it there until eternity. But all that will begin to change from May 25, 2018, when the European Union’s General Data Protection Regulation (GDPR) will become fully functional.
Under the GDPR, power will be entirely given back to the people. The game will be over for Companies like Facebook and others who have made a massive fortune selling users personal data to third parties. EU Citizens will have exclusive rights to their data and can request for complete erasure of their information from the database of firms who possess it.
While the coming of the GDPR regulation is a welcome development because it puts the masses in total control of their personal data and brings back ‘sanity’ to the internet, it has been faced with mixed reactions.
It is a known fact that blockchain technology is the safest, most transparent and immutable system of data storage at the moment. Data stored on the blockchain cannot be edited, sold to third parties or deleted. In essence, once information gets on the blockchain, it is meant to remain there forever. And this is why experts have made it clear that the revolutionary GDPR is a perfect pill for firms who have centralized data storage systems, but it is almost impossible for firms powered by the Bitcoin or Ethereum Blockchains to be GDPR compliant.
Oxford Law lecturer, Michele Finck, said :
“Modifying data on a blockchain is very hard. If you were to delete or modify data from the blockchain to comply with the GDPR’s rights to amendment or the ‘right to be forgotten’ you wouldn’t just change that piece of data, but the hash of the block containing the data and of all subsequent blocks,”.
The Way Out
The very essence of formulating a regulation like the GDPR is for the EU masses to have a say as per how their data is handled. The distributed ledger technology is privacy-centric in itself, as information is saved in encrypted formats on the blockchain, thus giving the owner of the data maximum control over it. Hence, it would be safe to say that if all the firms in Europe adopt blockchain technology; then there would be a need to implement the GDPR because its purpose is already taken care of by a more robust system.
“I suspect that GDPR will also have to adapt to the blockchain in a way. GDPR is robust, but it’s also flexible. It doesn’t close the door on blockchain. It means people have to slow down and ask, who is responsible for what, what safeguards go around which data, and are we getting consent?” said Winston Maxwell, a privacy lawyer at Hogan Lovells.
As the saying goes, there cannot be two captains on a ship. While Europe has been a blockchain and cryptocurrency friendly zone in recent times, the impending GDPR law if not properly taken care of could lead to the collapse the entire ‘blockchain empire’ the continent has built over time.
It is either the EU tweak the GDPR regulation a bit and give immunity to blockchain based systems or drop the provision entirely and formulate a new law that makes it compulsory for firms to run on the blockchain since it has been proven beyond reasonable doubt that it is safer than centralized databases.