Reconciling Blockchain Technology With Europe’s GDPR

Over twenty years of evolving data privacy legislation from across Europe has culminated in a restructuring of individual data privacy rights for the entire European Union. The sweeping new regulations may seem to be at odds with how blockchain technology functions, but they might actually be the catalyst needed to spur mass adoption.

Since April 27, 2016, citizens of the European Union (EU) have been waiting for their new data privacy laws to take effect. After a two-year transitional period, on May 25, 2018, the General Data Protection Regulation (GDPR) will replace the previous Data Protection Directive.

As the first major overhaul of EU data protection laws since 1995, the GDPR will consolidate and expand the data privacy regulations of the EU's various member nations into a single, comprehensive source of standards.

Highlighting the growing importance of individual digital rights in the 21 century, the GDPR has been called "the most lobbied regulation in EU history" by many, having been amended over 4000 times before the final version was released. The new EU GDPR's sweeping stance on individual data privacy rights has been intentionally designed to affect entities outside the EU that handle EU citizen data – something the GDPR calls "extra-territorial applicability."

Though not yet implemented, the legal ramifications of the GDPR are already influencing businesses and organizations both in and outside the EU, as well as globally impacting the bourgeoning blockchain space.

As the May deadline approaches, users of blockchain technology must reconcile the new data privacy stipulations set forth by the EU with their online activities. Can this be done or is the GDPR a blockchain death sentence?

At first glance, the GDPR and blockchain technology seem irreconcilable. The GDPR was fashioned in a pre-blockchain world of centralized data, while blockchain technology famously decentralizes as much as possible. To better understand this emerging conflict, ETHNews spoke to Michèle Finck, senior research fellow at the Max Planck Institute for Innovation and Competition in Germany, and lecturer in European Union Law at the University of Oxford's Keble College.

"The GDPR was essentially written for data silos," said Finck. "In such settings, data is centrally collected, stored, and processed. Blockchains, however, decentralize each of these processes. The question that emerges now is how to apply a legal framework designed for centralized data settings to one of radical decentralization. This question is far from easy to solve and explains the tension between blockchain technology and various different aspects of the GDPR.