Blockchain Technology Compliance with the European Union (EU) General Data Protection Regulation (GDPR)

Introduction

In this essay, I will argue that the GDPR is slowing down technology progress in the EU with repect to the Blockchain technology. The blockchain is of particular interest to me as I detected the potential legal issues and impact of blockchain technology within my professional work. I identified several legal ramifications in different fields of law, that I believe will raise major problems in the near future. Moreover, it is not currently certain how United Kingdom will treat the international law internally after Brexit, as Article 3 GDPR is limiting the spatial application area to the European Union and processes taking place in this terrain. I will outline these problems here.

Insight into Blockchain Technology

The three key innovations of the Blockchain are "immutability" (unchangeable data saving), "distributed ledger” (decentralized distributed management) and "peer-to-peer consensus protocol” (power of deciding by multiple parties). Blockchains are routed through a peer-to-peer network of nodes in two different forms. The first type is the permissionless blockchain, which is an open and decentralized form, where each node of the network saves and processes their own copy. Since all nodes¹ have the same authority with regard to the blockchain, the decentralized, distributed register management becomes obvious. (All nodes have the same, latest copy of the blockchain always and anywhere available.) As soon as the majority of networkers decide to add a block to the chain, the block is added to all the copies of each node. As all the nodes always use the updated copies with the longest, valid blockchain, there is no risk of non-updated data. The other type of blockchain is the permissioned form, which offers limited access to blockchain users and therefore is not as open and decentralized as the permissionless blockchain. The permissioned blockchain has a control center that identifies the participants in the network, provides them with access to read the blockchain and possibly allows individual nodes to adjust it. An additional form of Blockchain is the redactable Blockchain, which will be explained later.

Blockchian Technology and the Processing of Personal Data

To evaluate the legal compliance of Blockchain technology with the GDPR, a closer look at Article 5 GDPR is necessary.²

Article 5 (1) a) GDPR: Transparency

The decentralized and distributed register management leads to maximum technical transparency of the system. Each participant has an equal copy and can follow and review this past transaction or data processing step. Due to decentralized storage and modification, manipulated data processing of malicious participants is very unlikely. The more participants the network has, the less likely interaction of a majority of the participants become.

If the participants themselves instruct or receive a transaction, they are themselves affected by data processing. Once the transaction of the sender and receiver has been added by a participant of the network to a valid block, and if this block is added by majority vote to the Blockchain, the transaction is visible to the interested parties and every other participant and thus completely transparent. The nodes are usually not anonymous (due to visibility of an IP address), but instead represent their pseudonym, which could be for example a wallet for crypto currency.³

[...]

¹ "Nodes" are computers, storing a copy of the blockchain and allow the additation and validation of new blocks

² Ehmann, E., Selmayr, M. "DSGVO - Kommentar", 2017, Beck-Verlag

³ Hofert, E. "Blockchain-Profiling - Verarbeitung von Blockchaindaten innerhalb und außerhalb der Netzwerke", pages 161-166, 2017, Zeitschrift für Datenschutz (ZD)