GDPR and Blockchain are certainly two ‘buzz words’ in tech and policy at the moment and an event with either in the title is usually guaranteed to attract an audience. Imagine then when the European Parliament All-Party Group for Innovation holds an event on GDPR AND Blockchain…
The implications of GDPR on Blockchain technologies, and the extent to which they can be compliant, is an interesting one. techUK was therefore pleased to be in Brussels yesterday at the European Parliament after being asked to speak at a roundtable on ‘Regulation vs Innovation: What impact will the GDPR have on the Blockchain’ with Ashley Fox MEP, Brian Hayes MEP and Eva Kaili MEP, along with officials from DG Connect in the European Commission.
Blockchain, or Distributed Ledger Technology (DLT), is still relatively nascent. That said, there are a whole range of possible applications of DLT which offer transformational opportunities from financial services to healthcare. However, with GDPR coming into effect in less than two months’ time, the focus is now on how the opportunities of blockchain can be realised while still complying with new data protection rules which provide greater access and erasure rights. The key question is whether these new rights are in conflict with the architecture and purpose of Blockchain.
There was a fascinating discussion on the interactions between GDPR and Blockchain, with a variety of perspectives on offer. Issues raised include the suitability of the hashing and encryption offered by DLT, the difference between public and private blockchains, the different permissions offered and the decentralised nature of blockchain – all of which have different implications for complying with data protection rules.
Ultimately though, there seemed to be a consensus around one of the key principles that techUK set out during the discussion. Blockchain and GDPR have a very similar approach to data. They are both about giving the consumer or citizen greater control over how their information is used and who has access to it. Depending on the exact architecture of a DLT, which can be varied, this technology can precisely achieve the aims of, and compliance with, the GDPR. This approach should be welcomed so consumers can benefit from the opportunities offered by blockchain while also being confident their information is being contained within the remits of new data protection laws.
There is a huge opportunity to utilise new technologies, such as DLT, and data for improved consumer experiences. However, this won’t be realised if people don’t have trust in the way their information is being stored. The UK’s data-driven revolution is expected to be worth £240 billion by 2020, but only if consumers have trust in data use. As new technologies develop they will have to do so while ensuring suitable levels of data protection, as required by new laws. Taking blockchain as an example, it would appear that the conflicts between this new tech and GDPR are not as extreme as some might think. Indeed, they both seek to achieve the same goals.