We live in an era of rapid technological development. Though this provides humanity with amazing opportunities to enhance our standard of living, it also forces lawmakers to work around the clock to analyse and capture the implications of the technology into legislation. The same is true for the subject of this paper – the tension between the relatively new General Data Protection Regulation (GDPR) and the quick rise of blockchain and other distributed ledger technologies (DLTs).
GDPR was drafted based on a world in which centralised and identifiable actors control personal data. Blockchain works radically differently. This technology aims to move the power over personal data away from centralised entities by processing it in a decentralised environment. One could imagine that the process of applying legislation based on a centralised view to technology without a clearly identifiable centralised entity might cause some tension. However, the decentralised nature of blockchain technology is not the only factor that causes legal and compliance challenges.
The near immutability of transactions, of code (e.g., smart contracts) and, in general, of blocks in a blockchain potentially affects the rights of data subjects.
This paper briefly addresses three main issues arising out of the tension between the GDPR and blockchain.