Published on 11 June 2018


Is blockchain GDPR-compatible?

Beyond cryptocurrency, today blockchain is at the heart of many business projects to better trace flows and ensure decentralised transactions. Among the leading sectors using this tool: energy, finance and retail. However, after the new European General Data Protection Regulation (GDPR) went into effect, the use of this technological tool could be called into question, and the projects that go with it. Or at least they could require modifications.

What if the development of the blockchain was blocked by regulation ?

To execute and secure financial transactions, or ensure supply chain traceability, many institutions and companies today rely on blockchain, a revered “digital account book”, to develop new products or services. Energy, finance, extractive industries, food ... all these sectors are involved.

But what if the development of this "quick fix" was blocked by regulation? This fear has been expressed for several months by legal experts on the new European regulation on data protection: the famous GDPR. Having taken effect 25 May, it was developed before blockchain became a technological trend within companies. The regulation, therefore, makes no mention of it.

Incompatible by principle ? 

However, several blockchain principles conflict with the rights granted by GDPR, especially for blockchains that are public. This is particularly the case for those deemed "original", which is used for bitcoin, for example. It was created to provide a decentralised system that no government or society can control.

Several points can cause issues: the identification of personal data registered in blockchain, the data’s treatment and conservation. Thus, while the complexity, or even the impossibility, of modifying data is one of the major attractions of blockchain, in the context of securing transactions or traceability, this proves to be in contradiction with the European regulation which enforced the right for personal data to be deleted.

For Anne Toth, Head of Data Policy for the World Economic Forum, blockchain is not "GDRP- compatible" as the regulations exist today.

High stakes

Several legal experts choose to nuance the subject. For Isabelle Renard, a lawyer at the Paris Bar and engineer, there is "no incompatibility in principle" but rather "a difficulty in application" related to both the complexity of the regulation, the technology and the challenge in garnering consent. "Every solution has to be evaluated in context," she says. In addition, companies can go through private blockchains that are controlled by an administrator and allow them to modify information.

However, the fear is real amongst users. The CNIL, the national French Data Protection Authority, responsible for enforcing the new regulation in France, confirms that it has received numerous requests from public and private institutions. Soon, it will have to give concrete guidelines in order to reconcile both parties.

The stakes are high, at an economic level and in terms of responsible transformation. Blockchain is at the heart of the start-up business, which is attracting investors, such as WPO, which uses the technology for energy transition. It is also tested by firms and large groups to combat child labour in Congolese cobalt mines.

Béatrice Héraud @beatriceheraud

© 2021 Novethic - Tous droits réservés

‹‹ Retour à la liste des articles