Extract from article by Rhys Dipshan
Out of all the challenges facing EU regulators tasked with translating the EU’s General Data Protection Regulation (GDPR) from text to reality, none is more potentially troublesome than how to apply the data law to blockchain technologies. Blockchain, after all, seems to inherently conflict with all that the GDPR demands. Data cannot be erased on the blockchain, nor can many blockchain networks be easily monitored or controlled by a central authority.
But among other things, the GDPR requires that enterprises honor any EU citizen’s request to erase their personal data from any system, and obtain an EU citizen’s “affirmative consent” before storing or processing personal data. So how can the GDPR and blockchain live side by side?
In late September 2018, France’s data protection authority Commission Nationale de l’informatique et des Libertés (CNIL) became the first, and so far only, EU agency to weigh in. But while CNIL’s recently released guidance does offer some solutions in allowing blockchain to exist under the GDPR, it creates even more questions about how these solutions would work in practice.