The General Data Protection Regulation law that went into effect a little over two months ago might hinder innovation in the blockchain space, says EU Blockchain Observatory and Forum.
The GDPR’s aim is to protect individual data rights as well as facilitate the free movement of personal data in a single market. But because of the lack of legal clarity between blockchain technology and the law, it is possible that some company in the EU would prefer to stay on the safer side.
And if there are any entrepreneurs that are willing to go through, the uncertainty about the law might haunt them in the future. This could put a brake on the blockchain innovation, the EU body noted in the report that they published titled ‘Blockchain Innovation in Europe’.
Here’s a deeper explanation about the legal uncertainty.
According to the report, GDPR empowers the individuals to have their data amended to maintain accuracy. But if the individual wants to delete their entire data, GDPR provides them the legal right to do so. But in the case of blockchains, deletion of data is not possible. One can only add data to the blockchain that would be processed by the network’s nodes.
The entire basis of the GDPR law is that the individual rights are protected by having a central body that can be held accountable for when things go wrong. But when it comes to blockchain, there is no centralized body. Not only that, it is an open, permissionless blockchain which creates an entirely new point of conflict for the law.
Another point of conflict that blockchain creates is the transferring of data. The GDPR law stipulates that the data can only be transferred to third parties that are based outside the European Union on condition that the data will be held in a jurisdiction which offers data protection levels equivalent to those in the single market.
But when it comes to blockchain, it is impossible to control the geographical area where the data might end up. There is simply no telling where the blockchain’s next node might be and whether that jurisdiction offers appropriate data protection levels.
There are just so many points of conflicts that it makes no sense to change the GDPR law that applies to blockchain technology as well. In fact, any such law would hinder the innovation of the technology.
The reason why GDPR law didn’t consider these scenarios is because, at the time when the law was conceived, blockchain technology was not as widely known as it is now. So naturally, the law assumed that there will always be a central body that collects, stores and processes the data.
But there is some optimism in the report. Because it is possible that blockchain would ultimately evolve to a point where it becomes the tool that helps achieve the ultimate goal of the GDPR. It is possible that most platforms would bake this into their code and support data protection by design. But that will take some time to happen.