The Correlation between GDPR and Cryptocurrency
By now we are all aware what GDPR AKA General Data Protection Regulation is all about. The focus of GDPR and cryptocurrency is on countries in the EU at the moment. If you still don’t know what is GDPR? It dictates organizations on how to use data rather than utilizing it without the owner’s consent.
For people, it is great news since no private information of their will be used without their prior consent. However, for organizations, it is going to get tough for them. Mostly organizations thrive on a model where they sell data to advertisers and in the process make money.
Come May 25th, every company in EU will have to comply with GDPR and cryptocurrency guidelines. The most affected by all this implementation are IT companies. But what of cryptocurrencies?
Now, people should be able to remove their entire presence from the internet, such as what searches they performed on Google, their Facebook account and every comment, post and “like” ever made and so on and so forth. It is the right of every individual, more appropriately for every online user.
Why GDPR matters for Cryptocurrencies?
In short, any or all platforms with the Blockchain technology will be adversely affected. It is likely that cryptocurrencies are facing an end for when GDPR and cryptocurrency implements. Be it Bitcoin or Ethereum for that matter, there is no workaround to it. Imagine if all these companies choose to ignore this regulation, they will be charged 20 million euros in fine, Or, 4% of the revenues of that company (basically, whichever is higher). So those of you out there, seeking to store their user data on a publicly distributed ledger, will soon find themselves in hot water.
Today there are 100s of cryptocurrency mining projects as well as companies which trade in these coins. Therefore, storing data is one thing, but when it comes to deleting that same data (which is practically the reason why the implementation of GDPR and cryptocurrency is so important), Blockchain technology does not allow any of it.
So if you are storing user data anywhere where it is impossible to get data protection removed, you cannot do that. In other words, steer clear!
Are the laws applicable outside of the EU?
Whether or not the laws are applicable outside the bounds of EU GDPR, only time will tell. However, for instance, if a call center located in Bangladesh is not in compliance with GDPR and cryptocurrency how is EU going to bring it to account for violating GDPR terms? Or even better, if an organization is operating on a Blockchain platform but is not located in EU GDPR, how do you get around to getting them to comply?
Surely extradition treaty doesn’t factor in here.
We are not talking about an individual here instead of an organization. The answer to these must be answered and soon. For this very reason, implementation of GDPR framework (according to experts) is the need of the hour across a variety of regions.
We’ve all seen how important the application of GDPR and cryptocurrency is. Now let us introduce you to the GDPR overview points, as a whole.
- Organizations will be required to obtain prior consent from users before gathering data on them.
- Organizations ought to keep a provision ready for users, should they decide on withdrawing information to which they have explicitly agreed upon earlier.
- Ensuring the safety and security of the data in their databases.
- Any data which is transferred outside of the EU bounds ought to be very strictly monitored
- Users or individuals must have the option to revise or remove their personal information.
The Blockchain-GDPR Paradox
We already answered the basic question above. For those of you still seeking answers, it’s a BIG no! Since the minds behind GDPR and cryptocurrency, it feels, only took in to account the fact that the storages of user data will always be traditional databases as in Google, Facebook etc. and not on absolute databases such as Blockchain.
The erasure of data is possible in the case of former, and it wouldn’t be difficult come May 25th for say, Amazon Web Services to become GDPR and cryptocurrency compliant. Whereas Blockchain, governed by a decentralized network has no workaround by means of which it can comply with GDPR rules.
David Fragale of Atonomi had this to say about the whole situation:
“GDPR presents an opportunity for EU citizens to exercise control over their personal data. From a Blockchain perspective, this aligns well with the community’s ethos of moving away from central authorities. However, technologically, this conflicts with Blockchain’s immutable ledger and decentralized data storage architecture.”
On the same subject, Serafin Lion Engel from Datawallet has a different view and weighs in the following manner:
“An interesting solution to the problem is a dual data handling architecture, where contractual elements of a transaction happen on-chain via smart contracts and the actual data transfer happens off-chain. This also solves scalability issues we’re facing with Blockchain technology in its current state.
I think GDPR is a great step towards the future of a data empowered user, specifically by requiring companies to allow users to download it and move it to other platforms, or even delete it entirely and there are definitely companies, like Datawallet looking to ensure this necessary regulation and exciting technology don’t need to be mutually exclusive.”
Now how good or great traditional databases may appear, but the concerns are still relevant. Such as should we take off-chain (traditional) databases for granted? Meaning, can they be trusted for managing the user data efficiently? Or that there are no leaks in their system whereby a hacker can gain access to sensitive information?
So becoming one with GDPR and cryptocurrency is a thing but should this be the only valid aspect of these off-chain databases. Well, here’s to expecting that with GDPR and cryptocurrency, every piece of the puzzle will fall into place, automatically.
The firms working towards providing Blockchain solutions are deeply worried about how to become GDPR compliant given the restrictions already posed as part of Blockchain by design. In the words of Rob Viglione the co-founder and team lead at ZenCash:
“We are working with several companies that want to bring digital identity protocols to Blockchain but nobody has solved the GDPR compliance issue yet. The EU framework is hard to apply to Blockchain technology and is definitely causing these projects concern”
The major assumption
Everything aside, the assumption which GDPR and cryptocurrency take into account for when implementation comes to pass, is that all the corporate leaders are a class who considers user data protection as their responsibility and when it comes to following/complying with regulatory standards, they do so in complete spirit. Which is wrong! That is not how the world works. And certainly not the world of Blockchain. Period.
Only time will tell, how much in letter and spirit practical application of GDPR will happen. Until then, it is the job of the policymakers to try and develop rules keeping in mind different online platforms as in the case of cryptocurrencies.
Right away, not every firm will become GDPR and cryptocurrency compliant. During this time, policymakers must ponder on the way to accommodate every domain out there or else (it gives out the impression), the implementation itself was not feasible from the outset.