General Data Protection Regulation (GDPR) & Blockchain: 4 Key Facts To Know
Four Things To Know About Blockchain And The GDPR
The General Data Protection Regulation is a set of rules that seek to insure the safety and privacy of citizens all around the EU. The initial discussions for the new set of rules began in 2012 and four years later the EU has finally come to release the final set of guidelines and protections for personal privacy and data protection in today’s increasingly technological and interconnected society.
Citizens and companies all across the EU will be affected by these new guidelines.
GDPR is merely one new document that has widespread implications and regulations that will change the face of information transfer forever. Additionally, GDPR is coming out right at a time when blockchain is sweeping the world.
The interaction of these two new entities will be interesting and will likely affect the millions of individuals who use cryptocurrencies all around the EU.
GDPR sets all new rules for what constitutes an acceptable safekeeping of personal data. Blockchain cryptocurrencies like Bitcoin are supposed to maintain an aura of anonymity about them and are quite difficult to trace back to individual users because they operate using numbers rather than individual names, but as you’ll see through this guide there are a lot of unforeseen interactions between cryptocurrencies and the GDPR that may have wide-reaching consequences for individuals all across the entire EU.
1) Personal Data
When it comes to Personal Data in the 21st century, everyone wants to have their data and personal information secured. Moreover, they want transparency with companies that seek their personal information.
Under the GDPR there will be significant data holding reforms and reclassification of what constitutes adequate data protection. GDPR now defines personal data as just about any information that can lead to learning something about someone. Even if the data is very specific to where it has no meaning to most it can still be considered personal data.
When it comes to encrypted data or altered data it can still be considered personal data because it can lead to a greater understanding of said individual.
When you look at any blockchain technology you will typically see some sort of encryption technique, and under the GDPR’s new definition even bits of encrypted data can constitute as personal information because they can eventually lead to a greater understanding of an individual
Blockchain and Personal Data under the GDPR will likely see much more privatized and protected data. Blockchain occasionally works in completely decentralized and anonymous systems.
Cryptocurrencies in particular use systems that have virtually none of their user’s personal information stored anywhere, but instead the user has a private key that they use to access their information so there is no link between the individual and the account.
2) Controllers Of Information vs Processors
Information Brokerage in the tech world has become a huge industry. Whether it be medical information or info from an online video game, the storing and distribution for information in the 21st century is a key and fundamental industry for the future of blockchain technology.
With the capability for extremely safe and efficient storage of important personal information, blockchain is sure to be a system that many companies look to if they wish to stay relevant in today’s society.
The difference between a Controller and a Processor under the GDPR is bound to have drastic effects on the classification and structure of information companies. The official definition for a Controller of information is that a controller “determines the purposes and means of the processing of personal data,” moreover, a processor “processes personal data on behalf of the controller.”
What can be seen here is that there is a delineation between what processes technically act as controllers or processors.
Additionally, companies or data brokers can act as both Controllers and Processors because the GDPR defines the difference between the two by the activities they do, not the entity that does it.
Essentially, one company can act as a controller in one instance and a processor in another.
This classification allows for companies to not necessarily worry about being classified as controllers or processors because it will not taint future endeavors as being classified under one system or the other.
3) The Rights Of Data Subjects
There are tons of rights associated with the distribution and storing of information. Individuals who trust their data to data brokers or technology companies often seek to have a certain level of control over that information. When it comes to the new terminology and regulations that have been created under the GDPR there are a few key phrases that must be understood to know how the GDPR will affect what information brokers need to allow for their users.
One of these key rights that is now afforded to individuals under the GDPR is that of rectification which allows for individuals to correct their information when it’s on a site.
This goes along with another right that is afforded to individuals under the GDPR which is known as erasure which allows for individuals to completely erase information from a site. If an individual so desires they can withdraw any personal information stored through one of these blockchain system.
Another key and crucial phrase defined by the GDPR’s new protocol is that of portability which is essentially the moving and relocation of your data from one information broker on a blockchain system to another.
The GDPR is essentially defining an individual’s right to move and relocate information at their own discretion. If, per say, they don’t like one particular blockchain company or any company for that matter then they can simply have any of their information relocated to another site.
4) Overlapping Of Entities
When it comes to blockchain technology and its interaction with the newly created and enforceable GDPR, it is difficult to tell how some circumstances and situations will be classified and handled.
It would be quite beneficial for both the EU and blockchain technology as a whole if there were to be no need of intervention because of blockchain conflicting with the newly established GDPR regulations.
There have not been any significant distinctions about the classification of what blockchain technology entails. It is unknown whether blockchain will be classified as storing personal information because of the encrypted and privatized nature of its technology.
Furthermore, blockchain is being used for many different purposes with many different interactions with data, so it would be hard for one ruling to classify as a general statement that would encompass all of blockchain technology.
In terms of the future of blockchain in the EU, there is a long road ahead. There will need to be many rulings and battles with blockchain companies before the future of blockchain technology in the EU can have a clear and concise path for the future, but one thing is certain.
On a global scale, blockchain will continue to be used for state of the art systems that will go on to revolutionize and drastically change the outdated storage systems of the past. Blockchain will continue to sweep the world, nation by nation leaving a trail of technological advancements in its wake.