On May 25, the updated rules for processing personal user data were adopted in Europe, and were established by the General Data Protection Regulations (EU Regulation 2016/679 of April 27, 2016, or GDPR—General Data Protection Regulation). The new regulation will replace the previous Directive on protection of personal information 95/46/EC of October 24, 1995.
Now, EU citizens will receive tools to fully control their personal information. Fines can go up to 20 million euros (or 4% of the company's annual income) for violation of the new rules for processing personal data.
The GDPR will affect all companies offering online services or goods to Europeans, as well as purchases of offline services and goods on the internet. Since the law has an extraterritorial effect, it will be necessary to adjust for any company in any country that has at least part of its business in the EU.
In addition to the processing of personal data, organizations that follow people's behavior fall under the new legislation. Thus, controllers and information-monitoring processors will also become subjects of the GDPR.
More users will be able to manage their personal data. Now, EU residents have the right to request the very fact of processing of their personal information, the purpose of this processing, as well as the place of data storage. In addition, users will be able to independently request that information about them be removed from a particular resource.
Yes, Blockchain Too
On the one hand, blockchain meets one of the main concepts of the GDPR, as information becomes transparent and open with it. Due to the fact that blockchain is a distributed registry, it provides protection from illegal access to data that is inaccessible to the control of those in power. But, on the other hand, providing users with the "right to forget" will be quite difficult. Now, blockchain startups have no choice but to store personal data outside of the blockchain if they want to continue to cooperate with Europeans and avoid paying huge fines. "Blockchain is a cryptographically protected record of a transaction created without central control," explained an expert on blockchain issues Sheila Warren at the World Economic Forum.
Legally, after the introduction of the new amendments, the very existence of blockchain applications, which in one way or another have personal data of their users, becomes illegal. At least until the lawmakers introduce new amendments.
For business applications, the loss of blockchain as a tool can be extremely painful. "As soon as something appears on the blockchain, it cannot be removed or changed," said Gordon Haff, a Red Hat technology evangelist. "This is one of the reasons why blockchain has captured the imagination of developers for legal and financial supply chains."
How Can the Differences Be Resolved?
So how will the relations between blockchain and the GDPR develop in the future? A lot depends on the behavior of the regulators. "Like many other things related to the GDPR, the immutability of the blockchain can be a real problem. Or maybe not," says Haff.
As a solution to the problem with the possibility of negation, he suggested using encryption with a private key, which can be recalled on demand or after a while. "We can say with certainty that immutability should be taken into account when deciding what data should be stored," the speaker believes. "Simply deleting a database record in the future does not sit well with a blockchain."
"Often, new technologies and regulation are incompatible," says Simon Langton, vice president of professional services at Avecto. "We can see that this is happening today around technologies such as unmanned vehicles and regulatory systems relating to transport safety."
Anyway, someone will definitely have to change in the future. Perhaps, of course, blockchain startups will adhere to the new legislation and try to maximally adjust to it. As history shows, however, it is likely impossible to "hide the genie in a bottle,” and lawmakers will still have to make some amendments that take into account modern technologies, their prevalence, and their various applications.