
Blockchain technology is on a collision course with EU privacy law - searchencrypt
https://iapp.org/news/a/blockchain-technology-is-on-a-collision-course-with-eu-privacy-law/
======
GlitchMr
Well, yeah, there is a rather straightforward solution - just don't store any
personal information on a blockchain.

Is it practical? Sometimes yes. Some usecases won't be able to do that, and
this is fine, they should just consider technologies other than a blockchain.
Or if they really want to have blockchain, perhaps consider storing personal
information in an external database with references to its fields on a
blockchain. Possibly with a salted hash stored in a blockchain, so that it's
possible to verify whether a value was changed. A matching checksum or an
empty value (meaning a value removed due to GDPR requirements) would be fine.

Edit: A removed comment suggested storing an encryption key in a database to
decrypt data on a blockchain. This is another way of looking at it -
essentially keep two parts, one on a blockchain, another outside of blockchain
- and you need both to decode the data while the part outside of blockchain
could be removed.

~~~
marknadal
Yes, I wish more people followed your advice... for anything, not just
blockchain.

If you don't want your personal information leaked, never post it anywhere,
blockchain or not.

Now, unfortunately, as you comment, this isn't necessarily always practical.
So what do we do about that?

Well, ugh! This is why buzzwords of "blockchain" like this article is trying
to cash in on, are annoying.

A blockchain does NOT have to be an immutable ledger, all a blockchain has to
be is cryptographically signed/linked data. Sure, Bitcoin uses a blockchain
that is computationally difficult to rewrite, and therefore for all practical
purposes immutable, but it also isn't scalable for storing everybody's
personal information.

Instead, you can store people's personal information in a blockchain, and
since they are the cryptographic holders of that key, they can null out their
data if they want!

This will actually make it easier to comply with the laws they reference, not
harder, because people are self-sovereign over their own data and identity.

In fact, we've already implemented a system like this, check it out at
[https://hackernoon.com/so-you-want-to-build-a-p2p-twitter-
wi...](https://hackernoon.com/so-you-want-to-build-a-p2p-twitter-
with-e2e-encryption-f90505b2ff8) .

------
antsykarbo
Clickbaity headline. It's not the "blockchain technology" as a whole, but some
specific use of it that can _potentially_ violate the GDPR. You don't need a
blockchain to violate the law: you can do it with paper or mysql or usb keys.

Bottom line is: don't put your customers' personal data onto anything that you
don't control.

Nothing to see here.

~~~
cjbprime
I don't think it's clickbaity. There is a legitimate conflict in goals between
this legislation and the increasingly popular use of public blockchains to
store personal data.

You don't _need_ a public blockchain to violate the law, but it's hard to have
a public blockchain _without_ violating this law, if you use that blockchain
to store personal data.

~~~
fastball
That is a simple problem to solve.

You encrypt all data stored on the blockchain. You have the private key to
your encrypted personal data on the blockchain. You can share this key with
private corporations who want to use your data. In order to invoke your "right
to be forgotten", you just ask the 3rd party to delete any record of your
private key. Now they can't access your data. Simple.

~~~
Fnoord
What if the cryptography gets broken? Who's responsible then?

~~~
fastball
What if a bad actor hacks a centralized database? Which is more likely?

------
mamon
There's a very naive assumption in the article that Blockchain being
incompatible with GDPR issue can be resolved by altering GDPR.

I think it is impossible: GDPR is specifically designed to prevent sensitive
personal information from leaking and information about one's financial
transactions is one of the most sensitive pieces of information there is.

So, if GDPR versus Blockchain case ever reaches any EU court the only possible
ruling is to outlaw the Blockchain technology (at least in it's current
incarnation).

~~~
wyldfire
Laws are mutable, in general blockchains aren't. It is the case that the law
can be modified.

> I think it is impossible

Unless they create an exemption for technologies which effectively partition
transaction details from identity details. Or they could require the use of
masking/ambiguation features like Ring signatures, mixer/tumblers, etc.

~~~
geocar
> Laws are mutable, in general blockchains aren't. It is the case that the law
> can be modified.

Or storing someone else's personal information on the blockchain opens you up
to an effectively unlimited liability: Not smart.

It really depends on _what_ is being stored. Is it that there is €30 in
account 123 and €50 in account 234? It's unclear if this is personal
information if someone can have multiple accounts and access them anonymously.

------
KaiserPro
Well yes and no.

The prevention of fraud countermands GDPR, so keeping the financial
transactions of anonymous IDs in a public, reasonbly immutable format, is not
going to be a problem, infact its going to be encouraged, because data
portability is also another key feature of GDPR.

Storing people's personal pictures, well then yes, you have a problem. But
then its a stupid place to keep private, non-public interest photos.

------
professorTuring
Definitely it was a good read, but let me just focus on the main point.

It is true that Blockchain technology has been thought as a replacement of a
trusted third party like a notary or central register, but usually those are
public registries: household ownerships, public offers... And those registries
are usually exceptions or are treated in a different way (and usually they are
explicitly regulated by each country). A few of them are even public, like the
defaulters list in Spain.

Also, it is quite naive to think that an European citizen can erase "any
personal data", that could be quite convenient to erase your fresh new
mortgage or obligations. You are only allowed to ask for irrelevant
information to be removed not for specific business related log even if they
have your personal data in them.

~~~
GlitchMr
Even in case of mortgages, you need to be prepared for requests. At least
where I live, it's legally allowed to remove all information about a loan once
you paid the entire cost of it.

~~~
professorTuring
I am not an expert on Spanish regulation, but I can tell you that sometimes
the regulator oblige enterprises to store this records for long times
(eventually it will expire).

Public records are store forever (unless broken)... =), at least, up to date.

------
TomK32
Wouldn't it easy for a blockchain to just reference external data which then
get deleted to comply with GDPR? I know, breaks some ideas about storing data
in the chain, but if that's the compromise that works. In the end it will all
be about the specific implementation of each blockchain, the idea of
blockchains in general will never be endangered like u/mamon suggested.

------
emef
If you put data that's considered personal into a public blockchain, or any
decentralized system, who becomes the owner of that data? Was it the
company/service that originally published it on the blockchain? or is every
node required to treat it as their own GDPR-compliant data?

~~~
dullgiulio
Not just a _public_ blockchain, any blockchain. Say an employee leaves, they
should have the right to have records removed. The internal Enterprise
Blockchain doesn't allow that.

But because of hype, every big company has to have some sort of blockchain
somewhere, for no good reason. The EU will get a lot of bad publicity while
actually doing something very reasonable.

~~~
GlitchMr
Huh? If that was the case, it would go a bit too far, as it would make
technologies like e-mail or git illegal to use internally, considering those
are likely to have a real name of a person who sent an e-mail/committed.

~~~
vertex-four
Git history can be modified, as can email headers, but yeah - the law is more
about e.g. disciplinary records, stuff stored on your section of the company
file server, and other things which the company really has no legitimate use
for once you’ve left.

In practice, the best solution to this is for companies to check over their
data retention policies and making sure they’re not holding on to data for
longer than they need to - which may involve creating processes to take
information out of emails and put it somewhere more structured/permanent -
rather than being blindsided with a request without the infrastructure to
handle it. The best response, after all, is “we deleted/modified that data so
as to comply with your request already”, rather than “we’ll be back to you
once we’ve read through your 50,000 emails and decided which ones we need to
keep”.

------
AlexandrB
Some of the comments By interviewees in this article are so backwards it's
comical:

> "From a practitioner's perspective, it sounds to me that it was drafted by
> trying to implement a certain perspective of how the world should be without
> taking into account how technology actually works," Steiner said. "The way
> [public decentralized network] architecture works, means there is no such
> thing as the deletion of personal data. The issue with information is once
> it's out, it's out."

My answer to this is - don't put personal information in the blockchain then!
What's the purpose of technology that doesn't serve human needs?

It's a bizarre worldview that positions technology as the master, not the
servant of mankind.

~~~
atomical
> It's a bizarre worldview that positions technology as the master, not the
> servant of mankind.

Your comment is at odds with this statement. Blockchain and smart contracts
appeal to those who want lines of code to have the final say in transactions.
Most people want our institutions to make those decisions!

~~~
mamon
Current technology is great but still sometimes it fails. It's comforting to
know that there's an actual human being that you can talk to and ask them to
fix the mistake made by software.

That's what makes technologies like Blockchain at odds with human needs:
unless you can formally prove that your software does not contain any bugs and
therefore does not make mistakes there always has to be the room for manual
intervention (like deleting personal data from blockchain).

------
giancarlostoro
This assumes if it's a direct fork of Bitcoin and not focused on privacy like
Monero or Bytecoin.

------
BjoernKW
GDPR is not only conflicting with some Blockchain use cases but with old-
fashioned ledgers and paper-based accounting as well because the same
principles apply here, too (an entry cannot be deleted, its effect can merely
be reversed).

If followed to the letter GDPR would've major repercussions on tax regulations
because as a company you're legally bound to keep accounting records for at
least 10 years whereas according to GDPR you're required to delete any record
if asked by a person whose personal data appears in that record.

The solution in that case is that GDPR only applies if it doesn't contradict
other, already existing laws.

So, where Blockchain applications facilitate legal requirements or don't
manage personal data this should be perfectly fine but yes, other types of
Blockchain applications are pretty much ruled out by GDPR.

~~~
geocar
> If followed to the letter GDPR would've major repercussions on tax
> regulations because as a company you're legally bound to keep accounting
> records for at least 10 years whereas according to GDPR you're required to
> delete any record if asked by a person whose personal data appears in that
> record.

[http://www.privacy-regulation.eu/en/recital-65-GDPR.htm](http://www.privacy-
regulation.eu/en/recital-65-GDPR.htm)

False. You're allowed to retain the data where it is necessary to comply with
other legal obligations, or to protect yourself legally (e.g. failure to pay
invoices), among other reasons.

~~~
BjoernKW
That‘s exactly what I said. For instance, you have to retain accounting
records such as invoices even if the invoice recipient asks you to delete the
personal data on that invoice.

Anything else would open up new avenues for tax fraud.

~~~
geocar
You are allowed to ignore (refuse) to delete personal data from the Invoice:
You may need their name to file suit against them for refusing to pay the
invoice.

------
fastball
1\. Encrypt your personal data with a private key that you control.

2\. Put encrypted personal data on a blockchain.

3\. When a 3rd party wants to use your data, give them your private key. They
can store this in their own database so that they can access your blockchain
data whenever they wish.

4\. To invoke your "right to be forgotten", simply ask the 3rd party to delete
your private key.

Am I missing something?

~~~
Kalium
This is cryptoshredding, more or less. There are a couple of wrinkles to your
good idea.

* It potentially makes updates complicated.

* In the event of a key compromise, you're forever hosed.

* You probably shouldn't hand out your private key like that.

* They wouldn't need your private key to read the data you've described, requiring your _public_ key instead.

* You have no ability to revoke someone's access - grant it once and it's eternal.

It's a good start! Cryptography is very powerful and can do a lot to solve
this problem. Thank you so much for caring and putting forward an interesting
idea.

~~~
neltnerb
How about if the owner of the blockchain (here I'm assuming, say, a land-
ownership database run by the state) have a private key for each person in
their own system which they use to put the relevant data into a blockchain.
Then they delete the private key for that person to scramble entries that need
deleting so no one can ever access it again. The person doesn't need to have
or know their own private key since it's a backend for the municipal service.

Now why anyone would want to do this with a blockchain instead of a simple
encrypted database... well, maybe someone else can explain that. I'm still
assuming you visit deeds.mass.gov or something and have an interface you would
use to find out who owns what, so the end user isn't actually touching the
blockchain in this case.

~~~
Kalium
As I understand PKI, and my understanding is limited so I could of course be
very wrong, but in the scenario you describe the deletion of the private key
would do nothing to prevent people from decrypting data readable with a public
key.

This would work with a symmetric key! But as you say, I'm struggling to think
of any real advantages to using a blockchain here.

------
gruez
one drunken night you decide to put some random piece of private information
on the bitcoin/etherum blockchain. can you invoke your "right to be
forgotten"? if so, can you c&d every node in the EU to take down your info?

~~~
Grangar
That would be completely your own fault. Drinking and banking is risky too, or
drinking and driving. Make it a best practice to only interact with blockchain
systems when sober. Not a very strange idea IMO.

------
arisAlexis
blockchain technology is the most transparent

