If Blockchain is considered to be the most used buzzword today, don’t forget about the 4 letters that caused panic attack to a great majority of companies offering goods or services within the EU.

GDPR (general data protection regulation) still remains one of the best-selling points today. I’m used to see the headlines of “10 steps to become successful in one week” and now I’m constantly seeing posts of “10 steps to be GDPR compliant under one minute”.

Moreover, as practice shows, you don’t even need to be a lawyer anymore to provide advice on GDPR implementation. Lawyers are selling prepared templates for businesses and some businesses decide to resell such templates to others who want to feel “safe” and be “GDPR ready”.

Nevertheless, when GDPR meets Blockchain, we might find some interesting points and potential contradictions.

Anonymous vs. Pseudonymous data

At the outset, GDPR introduces two different types of data important to the Blockchain space: anonymous and pseudonymous.

In terms of anonymity, GDPR states that the principles of data protection should not apply to anonymous information, namely information which does not (or no longer) relate to a natural person and such person is not identifiable.

However, when taking into account objective factors, such as the costs of and the amount of time required for identification and available technology at the time, the person might be identified, such data shall be considered as pseudonymous, and therefore all GDPR principles apply.

Is the information put on Blockchain anonymous or pseudonymous? Well, it has been already proven that, for instance, Bitcoin transactions are pseudonymous and there is a way to identify the owner behind wallet address. Some argue that Monero ensures full anonymity, however, I guess in terms of privacy coins, there always remains a possibility to identify the parties and such statements should be viewed critically.

Concerning any other data put on the Blockchain, the account shall be taken as said – to the objective factors. If we find that such data cannot identify the person or it would take unreasonable measures to identify it, the data should not be protected under GDPR rules.

Are you a risk taker?

The most popular and many times discussed problem is the Blockchain’s immutability and implementation of a “right to be forgotten”.

Every data subject (customer, user) has a right to request, free of charge, erase its personal data, unless the data controller (company) may prove that the grounds of legal obligation or public interest to retain such data exist.

Founders of GDPR certainly forgot about the Blockchain or vice versa. Data once put on the Blockchain cannot be rectified (changed) or erased and Blockchain projects that put their customers data on Blockchain has no possibility to satisfy the mentioned requests.

What I found missing next to the explanation on execution of “right to be forgotten” in GDPR is the condition of “reasonable measures”. Should implementation of data erasure require unreasonable technical measures or such execution is deemed to be impossible, the company shall be released from such obligation.

Furthermore, GDPR also notes that Member States should provide derogations with regard to the rights to rectification and to be forgotten. Hopefully, Members States will take care of this matter.

What to do now? I’m a risk taker and I offer my clients to integrate a small legal disclaimer before entering into Blockchain world in their privacy policies that consumers shall be aware of the fact that due to some specific obvious reasons they will not be able to take advantage of the right to be forgotten and erase certain data.

If you are afraid of bears, don’t go in the woods, right? Since I cannot find any other wise decision, at least I’m trying to show some respect to both – Blockchain and GDPR by not pretending that there is no contradiction and the prepared template will “save us”.

To lawyers

Whereas almost every ICO project offers tokens (it should be considered as an offering of goods) for EU citizens, all of them have to meet the GDPR requirements. Therefore, there is another great niche for young lawyers to be pro-active and by understanding how the Blockchain works, offer best quality and Really GDPR-ready services to the clients.

#2 #Blockchain #GDPR #crypto #innovative #lawyers #law #cryptocurrencies #ICO