- GDPR (The General Data Protection Regulation) is a new regulatory framework created by the EU, which sets strict guidelines on how personal information can be collected and stored online
- GDPR puts in place a ‘right to be forgotten’ which could pose problems for blockchain applications which store identifiable personal user information
- Possible effects of GDPR on blockchain technology could see a push toward more centralized commercial blockchain applications
Will new European privacy laws have an impact on Bitcoin and EU-based blockchain technology?
Having come into force on May 25th, 2018, new General Data Protection Regulation laws in the EU, are raising eyebrows among blockchain technology enthusiasts. This because under GDPR, organizations which store personal information on EU citizens, are required to disclose how this information will be used, stored, and (if necessary) can be deleted.
Why GDPR Poses a Problem for Blockchain Technology
In theory, GDPR shouldn’t pose a problem for cryptocurrency like Bitcoin. Bitcoin and other coins are designed to be used as exchangeable digital assets. - More specifically, assets which never carry any more identifiable information than a regular dollar note would.
Sadly, the EU’s GDPR regulations have been drafted in mind of large corporations like Amazon and Google, not blockchain based data services. Because of this, everything with regard to blockchain technology and cryptocurrency is open to interpretation.
- If the EU were to decide that blockchain transaction data can be linked to individual EU citizens, it could use GDPR to threaten the legality of cryptocurrency
- This poses a problem for cryptocurrency, as Bitcoin data storage is by nature immutable
- While the risk to cryptocurrencies like Bitcoin is small, new decentralized apps designed to store things like medical records, business information, and targeted marketing information, are at risk of non-GDPR compliance
How will GDPR Effect the ICO Market?
Needless to say, because GDPR poses a significant risk to developers of data storage specific blockchain applications, GDPR could adversely affect the booming ICO market.
- Initial coin offerings looking to raise funds for data storage blockchain applications may already be in breach of GDPR regulations
- ICO’s which are attempting to bring data storage services to market may need to create centralized side chains, via which data can later be edited and/or removed
- Even purchasing ICO tokens may require user registration and other GDPR regulatory hurdles
The Effect of GDPR on Cryptocurrency Exchanges
While cryptocurrency itself might not be about to (immediately) come under fire from GDPR, cryptocurrency exchanges are an entirely different story.
As of May 25th, any cryptocurrency exchange serving EU citizens is obliged to collect the real identity of such users and make this information fully GDPR compliant.
What GDPR Will Likely Mean for Exchanges:
- More exchanges (including instant exchanges like Changelly) have already started exercising strict know your customer identity verification procedures
- EU member states will likely clamp down at some point on emerging decentralized exchange platforms
- More service restrictions will probably begin to be implemented, depending on exchange user locations
- All exchanges which serve EU citizens are now required to make available all data on users to users themselves, as well as details regarding whom (if anyone) data is shared with
Is GDPR Even Possible to Enforce with Regard to Blockchain Technology?
One question which remains unanswered with regard to GDPR and the blockchain, is whether or not GDPR is even practically enforceable?
Being decentralized, many blockchain projects are maintained by loose-knit groups of independent developers. At the same time, most rely on an operational basis, on hundreds, thousands, and occasionally millions, of independently operated network nodes situated all around the world. Because of this, it would be (arguably) impossible for GDPR to be enforced effectively by the EU. As it is, though, only time will tell how the EU will attempt to bring decentralized systems in line with its new regulatory powers.