What is GDPR
GDPR = General Data Protection Regulation
GDPR is the new European legal framework that gives European citizens the power of controlling the use of their data in their hands. That means any IT company that stores or processes EU citizen’s data, whether this company organization or its servers are located within the EU or abroad, must comply with the terms of the new law.
Take the example of foreign companies such as Facebook or Apple who have to adhere to the law because they have European users.
Terms of the GDPR
In short terms, GDPR ensures that EU users of any online service, know who collects their personal data and what happens with it.
Terminology surrounding GDPR
Data controllers are terminology given by the GDPR to IT companies who store your data. And those who analyze it are called Data Processors. Generally, Data processors = Data controllers. But it could be different companies. However, it is the data controller who takes the responsibility to comply with the GDPR.
Personal data are the only data that the GDPR law applies for, but hold on. What do we mean by personal data?
Personal data means, any information relating to an identified or identifiable natural person. Ok! that means probably a person’s name, gender, or age but how about a person’s computer IP address, would it be qualified as personal data? These are just random numbers that we can not link to a person. Yes, you are correct but with the help of a service provider, this matter becomes super easy, to directly link these random numbers of a person’s computer IP address to his actual identity.
The same story applies to someone's bitcoin wallet, It is well qualified as personal data by the GDPR.
Maybe you are curious why a random bitcoin wallet address string would link an actual person. Well, there are more extensive methods to reveal the actual identity of a bitcoin wallet holder, but take the example where this person buys some bitcoin with his credit card from an online exchange! Now you Got it?
Well, How about an anonymous transaction on the blockchain. Is it also qualified as personal data?. Yes! Let me tell you why. If you have never heard about KYC, this is the right time to understand what is it. KYC stands for “know your customers”. It is a law that enforces companies to identify their customers carefully based on any transaction or any services given to them.
With That being said, any transaction on the blockchain is not anonymous. and it is qualified as personal data.
The GDPR articles that are problematic to the blockchain
Article 16: the right to rectification
This article states clearly that the user had the total right to correct data that someone has on you. Not only change inexact data, but you can also add new data if you feel that the current one is incomplete.
Adding new data to any blockchain is an easy task, but changing the data is impossible.
Article 17: the right to be forgotten
With the fact that, we can not delete data from the blockchain, Any Eu citizen could not exercise the right to be forgotten. That means, the blockchain can not comply with the GDPR. Therefore, We can not store personal data on the blockchain.
Article 18: the right to restrict processing
This article prevents IT companies to do something with your data, unless, these data are inaccurate or unlawfully collected. In the case of the blockchain, as it is well known, most of blockchains are completely open, that means anyone could take a copy of your data and do anything they want with it.