Great guest post by Aubrey Hansen.

Since the General Data Protection Regulation, or GDPR, came into effect in the EU, internet activity and behaviour have changed. Websites and other online services are now required to ask permission (or at the very least, notify people) before doing anything with a user’s data, therefore reducing the number of personalised ads that European citizens see. Of course, the GDPR does much more than this, effectively forcing all companies to protect people’s information and treat it with the utmost care. However, when it comes to cryptocurrency, the question of protecting one’s data and information becomes a complex topic.

Transparency in crypto

Most cryptocurrencies, including Bitcoin, Ethereum, and Litecoin pride themselves on being financially transparent, in the sense that anybody can see and follow the transactions of any wallets, provided they know the wallet’s public address. This is, in fact, one of the most critical aspects of many well-known coins, separating cryptocurrency from traditional finance. The problem is that if the transactions are transparent, are these coins GDPR compliant?

The answer is tricky, but it all comes down to whether data which is stored on the blockchain after every transaction is considered to be Personally Identifying Information, which is anything that can be used to identify a specific individual. By this definition, at first glance, it seems that no cryptocurrency broadcasts Personally Identifying Information because there appears to be no way of seeing which wallets belong to which people, but this would be a mistake. While the average person cannot use transaction and wallet data to track somebody, governments have certainly been able to in the past.

The monitoring of Bitcoin transaction data has been used numerous times to find and locate people suspected of criminal activity. There are even companies which specialise in tracking and following illicit behaviour via cryptocurrency. This clearly means that transaction data can be considered as Personally Identifying Information when in the right hands, and that sadly many cryptocurrencies are therefore not GDPR compliant.

But what about privacy coins?

There are, however, a handful of cryptocurrencies which broadcast extremely little data to their blockchains with each transaction. These are known as privacy coins, and their masking of transaction data means that they are mostly untraceable. In fact, they are so untraceable that they have been getting governments worried, such as Japan and France. Even intelligence agencies are unable to track them, which means that they provide no Personally Identifying Information on their blockchains whatsoever.

Privacy coins such as Monero and Zcash are, in fact, GDPR compliant. This has brought some additional interest to them, with users flocking to exchanges such as CoinPayments and Binance, which both stock multiple privacy coins including Zcash, PIVX, and Beam. Investing in GDPR complaint coins may become key in the years to come as it could be these types of coins which are one day sought after within the EU. This does not mean that non-privacy coins such as Bitcoin will wither away and disappear, but it suggests that in the future, there may be a bigger push for privacy coins to be used instead.