It has been just over four months since the European Union enacted the General Data Protection Regulation (GDPR), a piece of legislation that was designed to protect the data of those living in the EU, but also one that conflicts directly with
On the front cover of the regulation, it reads: “The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The regulation will fundamentally reshape the way in which data is handled across every sector, from healthcare to banking and beyond.”
It is a highfalutin gambit that hints at forward-thinking and potentially revolutionary data protection for citizens who, in the past decade or so, become freely and openly pillaged of information and data from major corporations on the internet.
The GDPR has been in the building stages for some time now, and was supposed to be a bridging piece of legislation that would help with the expansion of technology from the 1990s to 2018, and to keep it in check the changing landscape.
That changing landscape has moved far quicker than the European Legislators have been able to keep up with and now their forward-thinking regulation is already behind new technology in the form of blockchain.
In an almost direct clash of intentions, the GDPR has effectively banned the use of blockchain technology in Europe because of its immutable nature. The GDPR offers the power back to the individual to edit and delete data which falls into the hands of centralized authorities, but when there is no centralized authority, there is no need for data to be moved around. This is the crux of the GDPR’s clash with blockchain. So, what happens to Europe and the next technological wave?
A functional clash, but an ideological common ground
The GDPR is legislation that mandates individuals have access and control over the use and maintenance of their data in certain circumstances, under threat of heavy fine – €20 million, or 4% of global revenues. The blockchain on the other hand is built on a foundation of immutability, securing data on a distributed ledger.
It is a direct clash of function, but, on ideological grounds, the aim of both the GDPR and blockchain is the protection of data. Both are seeking increased security in regards to data as controllers, processors and sub-processors of data under the GDPR are held to high standards and with blockchain, the encryption and decentralized structure makes the network highly tamper-resistant.
User’s control and visibility of their data is at the forefront of the GDPR, and similarly with the blockchain, its transparent nature offers clear and direct access to data. Additionally, the reason for the GDPR coming into existence was a loss of trust in major corporations when it came to accessing individuals data, and with the blockchain, its decentralized nature totally removes controll of such data anyway.
If the intentions are the same, but the functions are in conflict, there must surely be a way for Europe to embrace blockchain technology and not get left in its wake while still appreciating the work that the GDPR does with regards to centralized data control.
A new standard and a respectful label
On the face of it, blockchain and GDPR’s relationship can work – because its end goal is similar, but it is how companies enacting blockchain technology go about complying, and how the GDPR is interpreted.
Thomas Power, on the board of directors at Blockchain Industry Compliance and Regulation Association (BICRA), and respected blockchain voice with a special focus on GDPR, looks at the blockchain as something that is forging ahead, but still has a long way to go.
“Blockchain is a new forthcoming standard binding everything – document and/or transaction – and everyone – person our data – together almost like Internet 2.0. GDPR is merely a label on the blockchain that people will choose to observe, respect and recognise. It’s a good label,” he told Forbes
“However, blockchain requires 15 to 18 years to hit mainstream based on bitcoin blockchain 2008 I see mainstream Blockchain in the 2023-2026 timeframe, post the 2020-2022 economic crash, much like 2007-2009.”
To this end, Power notes that there is indeed a level of compliance and flexible interpretation that is taking place, which is helping blockchain remain relevant in Europe, while still respecting the GDPR.Blockchain and the GDPR may look like enemies, but really, they are more like frenemies.
“[Compliance and interpretation] will keep happening more and more once the first Blockchain – Bitcoin – is recognised by The SEC, likely 2019,” Power added. “This event is the catalyst to recognise crypto assets as an asset class here to stay, albeit in embryo.
“First they [GDPR and blockchain] will battle and challenge, then they will harmonise because they are not enemies, rather Frenemies. What I like about GDPR is it forces the highest data standards to citizens who choose to publish, store, or record their documents and transactions on the blockchain. It also places that same discipline on companies, governments and institutions both public and private.”
“Blockchain is a 30 year movement all of this will seem like trivia in 2038 and personally I am a fan of GDPR …and of course Blockchain. I like the highest data standards for citizens and companies.”
Will the GDPR take stock of its position?
With legal interpretation, there often follows amendments to regulations and law, so as these two entities feel each other out and blockchain becomes more recognized and legitimised, while the GDPR finds its feet, there are bound to be changes in the law down the line.
“Data is a moving feast, privacy is a moving feast and tracking products from mines to shelves requires a record of every document and transaction held on a blockchain. Yes massive changes will be required once people understand what a blockchain is and what recording and tracking all documents and transactions requires. We may finally see the paperless office in 2038 and we were promised this in the 1980s yet we print more now than then…” Power concluded.