Sponsored Links
GDPR blockchain

What will GDPR do to the blockchain

Views: 1770
15 0
Sponsored Links
Read Time:7 Minute, 19 Second

What can be done to make blockchain comply with the GDPR

Intuitive straight solutions would be to change the GDPR since the people who tailored this law at that time were not aware of the blockchain. Or simply make such immutable blockchains illegal. Let me tell you both of these solutions can not be applied.

First of all, the GDPR came into force to protect users’ privacy on the web. On the other hand. No central authority on earth could make blockchain usage forbidden or prohibited due to the decentralization and self-sovereignty of this technology and its massive adoption around the globe. So what is the solution to make blockchain complies with the GDPR.

Sponsored Links

The first possible solution is to encrypt personal data before storing it into the blockchain, which is the case. In this scenario, only the people who have the encryption key can do something with your data. If you request to delete that data, all you have to do is destroy the key and in the theory, the encrypted data become useless. This sounds good but encrypted data is still reversible especially with the usage of strong fast computers. Not such a good solution after all.

How about the usage of permission blockchain rather than the public one, We can comply by doing this with article 18 of the GDPR, the right of who can process or do something with your data. How about the right to change or delete data that can not be achieved even with the permissioned blockchain due to the immutability property of any sort of blockchain. Not a reel solution again

Sponsored Links

A reel solution would be to store the data off-chain, which means outside of the blockchain. Let’s say in a secure server, where we have access to read and delete data. Then we can store only the reference to that data in the blockchain like a fingerprint. We use a hash function to create a fingerprint for the actual data.

Because a hash only works in one way, meaning you can create a hash of any data, but you can not take that hash and take it back to that data. All this seems nice to implement because we can exercise our right to be forgotten by only removing the actual data from our server, and in this case, the hash becomes useless since it refers to no data. Again, this solution isn’t perfect since the blockchain is decentralized, and by moving to use central servers, you partially centralize the system again.

Finally, the creative solution that was discussed and implemented by the Zcash blockchain is the Zero knowledge proof where anyone can proof that something is true without revealing the actual data. In case of cryptocurrency, you can prove that a transaction happened without disclosing how much money you transferred or to whom.

To understand this by a simple example, A second bank who has no knowledge about your payroll. With using this concept they could decide whether you are eligible for a loan without necessarily knowing you salary. This way is useful for people to reveal absolute minimum data about themselves without having to show way more unnecessary data.

Sponsored Links

With Zero knowledge proof, you can prove to the bank agent that you earn sufficient money to be eligible for a loan without necessary the need to show him you salary.

Zero knowledge proof is one of the solutions that can make the blockchain compatible with the GDPR,

Who is the responsible data controller in case of blockchain

The GDPR law states that the data controller, is responsible for obeying the law. The data controller is subject to a hefty fines which goes until 4% of the global revenue if not. Ok, but hold on! who is held responsible in case of the blockchain.

Is it the people who creates the protocols and write the code, or the people who verify the transactions or simply anyone who participates on the network! We can not blame anyone here, because, people who wrote the code they only develop the tool, neither the people who validate blocks since they might not know if the data they are approving is personal. How about the one who participate on the network!. Same for them, since they have no control of what others store on the blockchain.


The immutability of the blockchain, makes GDPR compliance difficult, We have seen some undesirable solutions that peel the core concept of decentralization of the blockchain, furthermore, we saw, some new concept like the zero knowledge proof that seems to make blockchain conform to the law.

What we are sure about is that, we will see some changes in either the law or the way blockchains work, Likely the KYC will play an important role in these changes.

Leave a Comment

Your email address will not be published. Required fields are marked *

Sponsored Links