EU Blockchain Observatory and Forum advises Blockchain Companies on GDPR Compliance
The EU Blockchain Observatory and Forum normally offers advice on data protection compliance to blockchain companies. However, the consultancy authority is now urging the EU to find a solution to the tensions between blockchain and privacy protection regulations.
Recently, The EU Blockchain Observatory and Forum published a document that directs blockchain companies on how they can avoid breaking the General Data Protection Regulation (GDPR) laws. The document was prepared in conjunction with ConsenSys.
The first step to GDPR compliance involves the blockchain platforms assessing the value created by their solutions. In this regard, companies should determine whether private data is necessary or not. Also, the compulsion of using a blockchain ledger to store information should be assessed.
Additionally, it is imperative for blockchain companies to use tools that safeguard the confidentiality of users’ dads, especially if such data is an integral part of the value creation process. In instances where techniques such as reversible encryption, hashing and sat obfuscation are deployed, the firms should ensure that reversibility and linkability are impossible. This means that the data should be immune to brute force decryption. Also, third-parties should not be able to link the encrypted data to its owner.
GDPR is applicable to pseudonymous data. Since the result of encryption is pseudonymized data, this implies that GDPR is pertinent to this end. Therefore, blockchain platforms should design a mechanism that reduces the vulnerability of keys which are used to decrypt such data, exposing the identity of the owner.
The document advised blockchain platforms to collect personal data off the network to enhance its privacy. In cases where it is mandatory to store the information on-chain, the blockchain networks should be private and permissioned. Furthermore, private data should be secured when linking private blockchains to public blockchains.
As mentioned earlier, the Observatory urged the EU to address the contentious issues between GDPR and blockchain platforms. Specifically, the EU was requested to erase the clause that talks about identifications of data controllers and processor, as well as the anonymization of data using blockchains. Here, the consultancy body appealed to the EU to assess how blockchain technology itself, rather than looking at the technology itself.
GDPR was enacted in May this year. Since then, these regulations have been among the major issues of concern in the blockchain space. For instance, the regulations require blockchain platforms to delete personal data upon the request of a client. This is impractical for most blockchain companies.