The European Data Protection Board Approves Guidelines for Personal Data on Blockchains
The European Data Protection Board (EDPB) has recently approved draft rules governing the storage and sharing of personal data on blockchains. This move represents a significant step towards aligning decentralized technology with existing data protection standards.
The new guidelines aim to limit access to stored information and ensure compliance with the General Data Protection Regulation (GDPR) protections. The EDPB ratified the rules this month and has opened them up for public comment until June 9.
Challenges and Recommendations
The EDPB acknowledges that blockchains present unique challenges when it comes to GDPR compliance. The guidelines emphasize the importance of Data Protection by Design and by Default, as well as the implementation of appropriate organizational and technical measures.
One key recommendation highlighted in the guidelines is that storing personal data on a blockchain should be avoided if it conflicts with data protection principles.
Data Privacy Concerns and Recommendations
Amid ongoing concerns about blockchain security, the guidelines stress the importance of early implementation of technical and structural measures in the design stages of data processing. Transparency, rectification, and erasure of personal data are also emphasized.
Organizations are advised to conduct Data Protection Impact Assessments (DPIAs) before processing any personal data using blockchain technology, especially if the processing is likely to pose a high risk to individuals’ rights and freedoms.
The EDPB also urges organizations to ensure that individuals’ personal data is not made available to an indefinite number of persons by default.
Expert Opinions
Experts in data privacy have varied opinions on blockchain’s role in data protection. Bryn Bennett, Senior BD at Hacken, emphasizes the importance of privacy-by-design and proper governance to avoid legal repercussions and security breaches.
However, Harry Halpin, the founder and CEO of Nym Technologies, believes that personal data should not be stored on the blockchain. He argues that using zero-knowledge proofs off-chain and ensuring network privacy via mixnets are more effective approaches.
Halpin also warns against applying data protection laws to data on the blockchain, as it could lead to censorship and mutability of decentralized blockchains.
Overall, the EDPB’s guidelines serve as a timely reminder of the importance of balancing decentralization with data protection regulations in the evolving landscape of blockchain technology.
Edited by Sebastian Sinclair