Blockchain and data privacy in compliance with GDPR – an analysis

Is blockchain going to address the GDPR challenges? Is it going to stand in compliance with GDPR?

Blockchain, a digital database where all the transactional data are stored on multiple computers called nodes. These nodes hold a copy of the database and are updated or updates once when a transaction happens. Blockchain is maintained by a consensus algorithm where any data can be added, but the removal of the same is much difficult (or not possible). 

Blockchain’s use cases are not limited to any specific industry and its applicability varies. The data which is stored in distributed ledgers will be different according to the concerned industry. Hence, when discussing the compatibility between blockchain and GDPR, a detailed case wise analysis is important. 

European Union’s General Data Protection Regulation (GDPR)  

GDPR ensures fundamental rights protection. It is a legal framework to determine the means of data processing. It also states the obligations vested on data controllers.

GDPR offers a set of rights to individuals regarding personal data protection including the deletion of data, which is ensured by data controllers.

Blockchain vs GDPR

Both blockchain and GDPR are directly related to data management. Blockchain is a decentralized distributed ledger where all the transactional data is stored and verified or approved by nodes, a set of computers connected. 

At the same time, GDPR is a regulation of how the data can be processed. Each personal data is handled or maintained by a data controller, a legal person. The data controller ensures personal rights regarding the data under data protection law. 

Blockchain is an immutable ledger, where modification or removal of data is a complex or not possible process. Once data is added as a block, it cannot be edited, instead, new changes are added as a new block. 

GDPR assures that any personal data can be modified or erased in compliance with legal requirements. 

3 questions come to the discussion when we think about GDPR compliance with blockchain

  • How the use of blockchain technology demands the need for data protection?
  • Why there is a need to bring GDPR responsibilities to the blockchain participants?
  • How to overcome the technical limitations that blockchain has on GDPR?

At this point, it has become a need to think about how blockchain is going to answer these.

The immutable nature of blockchain helps to bring the accountability of data storage. Any data that is added to the blockchain cannot be removed. A copy of the data stored is available with the nodes. This distribution of data cause issues related to privacy. 

GDPR demands data privacy and pertaining to any industry, the data controllers need to ensure it. Blockchain is adopted by many industries across the world and the European Union demands proper address of personal data between various states within the union.

A private or permissioned blockchain is limited to a certain number of nodes. When a major number of these nodes approve or agree, a new ‘fork’ or a new version of the block with the new change can be added.  Also, these nodes need to agree to use this newer version. This will ensure data privacy to a certain limit.

These cannot be defined as accurate solutions.    

How blockchain is attending the matter of data privacy in compliance with GDPR?

The tie between Blockchain and GDPR is gaining attention these days. Researches are progressing to overcome the burden of data privacy in the blockchain. The technical limitations on blockchain over GDPR can be addressed to a certain level. But still, through quantum computing, any techniques may fail to ensure what is expected. 

Adding ‘hashes’ of personal data into the blockchain, instead of the data itself

By adding hashes of the personal data into the blockchain can address the issue better. Instead of changing the data itself, the hash can be removed or deleted. Data is stored as hash functions or algorithms that cannot be reversed to the form of original data. But when needed it can be verified or compared with the stored hash. 

Data encryption

The data can be encrypted or written in codes. Through encrypting data, it can only be accessed using the pair of public and private keys. When the public key is deleted, the public access to the data is restricted. Only the possession of private key allows access to the data. 

Data hiding 

The data won’t be deleted or removed from the blockchain but can be kept hidden when searched. It will not be made available when requested. To a certain extent, this will solve the data protection issue.

To wrap up

Blockchain technology needs to be compatible with GDPR and its implications. With innovations in blockchain technology, data protection rights are also to be ensured. Blockchain has to come out of the legal restrictions to comply with data protection rights. As technology is advancing these solutions may not be valid or helpful.

Sajin Rajan is the CMO of Epixel Solutions which is a US-based software development company. He has more than 10 years of experience in the software field. He always brainstorms about emerging technologies and how they can be integrated with real-world applications. His areas of interest include blockchain technology, IoT, AI, etc.