Skip links

GDPR Stops Blockchain from Challenging Big Tech’s Data Monopoly

Analysis. Permissionless public blockchain technology could challenge large social networks such as Facebook, where users have to accept the fact that they have to give away their data in order to be a part of the network. With the European General Data Protection Regulation (GDPR) now, that might change in Europe.

Today it is possible to create social networks based on permissionless public blockchain technology. Steem is an online platform that allows people to do just this. Social networks based on open blockchain technology allow users to control their data. In other words, data autonomy is given back to the users.

The European General Data Protection Regulation also seeks to protect the users right to their own data, but because it is practically impossible to delete data in a blockchain system, these new social networks are not compliant with GDPR and the “right to be forgotten”. This is a dilemma. Open blockchain technology can be used to create networks where users are in control of their own data and is therefore fundamentally in alignment with the general intention of GDPR, but at the same time is stopped by it.

According to Roman Beck, Head of European Blockchain Center, one might argue that the user has less need for the “right to be forgotten” in blockchain systems, since they never lost control of their data to begin with, if you design the systems in that way. He foresees three possible solutions to the limitations GDPR imposes to blockchain technology:

  1. Every nation might find their own way of enforcing GDPR and might relax, when it comes to open blockchain systems, because of the benefits for the user, because they are enforcing the user’s data control and not limiting it.
  2. Adjust GDPR and rewrite it to fit the possibilities presented by blockchain technology. This will take a lot of work, but the benefits from doing it will be higher compared to pushing open blockchain technology out of Europe.
  3. GDPR holds the Data Controller accountable for the data, but one might argue, that since there is no Data Controller in a permissionless public blockchain network, GDPR might not be applicable on permissionless public blockchain systems.

Right now, open blockchain solutions and systems are limited in the EU by not being GDPR compliant. But since both open blockchain systems and GDPR are ways to enforcing the data autonomy of users, it is a dilemma that the development of open blockchain systems in EU are being blocked by exactly GDPR.

If we do not want blockchain businesses to be forced out of the EU and be developed in other regions of the world, a solution to how permissionless public blockchain systems can be compliant with GDPR needs to be found.

Signe Agerskov is a member of the European Group on Blockchain Ethics (EGBE) and is researching blockchain ethics at the European Blockchain Center