The European Data Protection Board (EDPB), which has approved draft guidelines on how personal data is stored and shared on blockchains, marks a significant step toward aligning decentralized technology with established data protection regulations. This move is crucial as the divide between blockchains and conventional systems remains a contentious issue in the industry.
These guidelines, pending official review, highlight the need for organizations to store data in compliance with GDPR by adopting robust measures. Blockchains may pose some challenges in this area, as the platform’s inherent properties could conflict with GDPR’s requirements. The EDPB’s comment here suggests that an essential part of data protection when using blockchains is to avoid storing personal data if it conflicts with GDPR principles.
The main recommendations come from the EDPB guidelines, which emphasize the importance of data protection design and processes. They board, a Tradeassociativ passant financial services firm, advises organizations to implement structures and measures earlier in the blockchain data processing stages. They also stress the need for transparency, rectification, and erasure of personal data, and the application of these practices across different stages of blockchain processing.
The EDPB’s statement underscores a time of growing concern over blockchain security. While organizations are aware of the risks, there’s been urgency to comply withGDPR requirements. They’ve guided on conducting Data Protection Impact Assessments (DPIAs) before processing personal data using blockchain technology, assuming that such processing could lead to significant risks to individuals’ personal data rights and freedoms.
Experts have mixed opinions on the benefits of blockchain in data privacy. Data privacy advocates suggest that blockchain is a core part of infrastructure and not an add-on. They recommend adopting privacy-by-design by off-chain storage with measures like zero-knowledge proofs and network privacy via mixnets. On the flip side, companies like Nym Technologies argue that these are unnecessary and harmful because applyingGDPR laws to blockchain data defaults.
Harry Halpin, CEO of decentralized privacy firm Nym Technologies, strongly rejects the approach of personal data being stored on blockchain. He believes this leads to authoritarianism, as the use-within”pathways of payment information on Nym has been used in widespread applications over the years. He argues that personal data on blockchain should be used with zero-knowledge proofs off-chain and have network privacy via mixnets.
rier the wording of the EDPB’s guidelines was about to deliver them, there’s a lot more content to unpack here than I can manage in this format. However, I will provide a brief explanation of the points they made and how they see them related to the importance of data protection in blockchain technology. The bottom line is that while blockchain offers benefits, it also poses significant risks when it comes to data privacy, requiring a balanced approach that recognizes both possibilities without compromising on the core of data protection.
