[This article was first published on LinkdIn]
Recently I was asked this question, “is there a fundamental clash between blockchain technology and the “right to erasure” under the General Data Protection Regulation (GDPR)”?
One of the foundations of blockchain technology is the notion of immutability. Once data has been committed to a blockchain it cannot be undone or changed. At least not without the consensus of the majority the network safeguarding the blockchain.
However the GDPR brings with it enhanced consumer protection. One new consumer right is the right to erasure. To quote the UK ICO:
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
This ‘right to be forgotten’ is not an absolute right and there are a number of caveats preventing erasure, including when retaining the data retention is in the public interest.
The question is therefore, can personal data that is stored in the blockchain be successfully removed to comply with the terms of the GDPR?
Currently I do not have an answer to this question and I am raising it here to encourage debate.
One suggestion has been to use a form of anonymisation token to break the sequence between the “natural person” (a GDPR name for living human) and the personal data being stored in the blockchain.
As far as my understanding of blockchain technology goes the current sequence is:
The true owner of the public key being pseudo anonymous. The identity of the owner may well be hard to find out but not impossible.
When using an anonymisation token the sequence would be:
A record of who owns the token (and thus the public key) would be stored outside the target blockchain.
If the token is destroyed then there would be no back link to the person and no forward impact on to the blockchain. The public key and the data in the blockchain would remain, we simply would not know who owned it.
As a colleague pointed out, another key tenent of blockchain technology is that it is decentralised. Anyone who participates in using a public blockchain can see all the data in it. Even if personal data were to be removed from a blockchain, other “nodes” in the chain would have seen it already. The information would have been, at some sate, in the public domain. The toothpaste would be out of the tube!
Should organisations consider what data they choose to store in a blockchain? Even when the blockchain is private a fully permissioned?
What would happen if you attacked the database holding the information on the owner of the token and changed ownership from one person to another?
If the only (secure) solution is to amend the blockchain then could the cost (time and energy) of making the change be too great to warrant attempting to change it? Legislation would play a part here.
What would be the impact on a “smart contact”? One that has been executed or one that has yet to be executed.
I suspect the answers to the initial question will be resolved through a combination of a test case, legislation and technology. The bounds of anonymity will probably also be tested.
Please share your thoughts below
Same principle applies to other products and software - document management software for instance. one of the major aspects of security and audit trails in such systems is that it should not be possible to delete documents......