Companies that use blockchain to store data could face new troubles in Europe due to the European Union’s General Data Protection Regulation (GDPR).
Starting May 25, all 28 EU nations will be applying the GDPR, which sets new standards for any holder of sensitive data, from Amazon to your local government council. From then on, companies will have to post clear notices for users and get their unambiguous consent to collect data. This means that the EU will no longer tolerate confusing “terms and conditions” that must be agreed to when signing up for something trivial that does not even need that sort of information in the first place.
Now, companies will be required to completely erase the personal data of any citizen who requests that they do so. But for some blockchain-based businesses, notably those that have publicly available data trails such as Bitcoin and Ethereum, it could prove impossible to erase that data, especially considering that thousands of apps are Ethereum-based in one way or another, according to Bloomberg.
The problem lies mostly in the fact that the definition of “personal data” to be erased is deliberately very broad under the GDPR. It relates to any information that can identify an individual, directly or indirectly. According to Bloomberg, the problem is, even a cryptocurrency wallet address could qualify as personal data: “Encrypted data will often qualify as personal data and not as anonymous data,” wrote law firm Hogan Lovells in a recent note.
For companies that do not comply with these regulations, this could mean either pulling out of Europe or facing heavy fines. Complying with them, on the other hand, could mean moving information off the blockchain, an expensive process after which it be tampered with much more easily than before. But if blockchain can find a way to adapt, it could open a myriad of new possibilities for application and adoption.