The European Data Protection Commission has approved draft rules governing how personal data is stored and shared on the blockchain, marking another step in keeping decentralized technology with existing standards.
new Guidelines According to EDPB, which ratified this month’s rules and opened public comments until June 9th, it restricts access to stored information and complies with General Data Protection Regulation (GDPR) protection.
“Blockchain has certain properties that can lead to challenges in addressing GDPR requirements,” EDPB says in a version of the guidelines available online. “The guidelines highlight the need for data protection through design and defaults and appropriate organizational and technical measurements.
The document states, “A general rule is that if this conflicts with data protection principles, we should avoid storing personal data on the blockchain.”
The guidelines come amid continuing concerns regarding the security of blockchain technology. The GDPR provides an overview of the list of rights that individuals have to protect their personal information.
This guideline advised organizations to implement technical and structural overall measures. data It emphasized the importance of processing and transparency, correction and erasure of personal data.
This includes explaining the different roles of actors involved in separate stages of blockchain processing of personal data.
EDPB said that before using blockchain technology to process personal data, organizations need to perform a Data Protection Impact Assessment (DPIA). This speculates that processing is likely to pose a high risk to individual rights and freedoms.
The board urged organizations to focus on making individual personal data unavailable to “an indefinite number of people by default.”
Data privacy experts have a variety of opinions on the role of blockchain in data privacy and new guidelines.
Bryn Bennett, senior BD at Hacken, a Ukrainian web3 security company, said Decryption “EDPB guidelines are timely reminders that decentralization does not imply deregulation.”
“We consider privacy to be part of our core infrastructure, not an add-on after launch,” Bennett said. “Projects that treat user data casually take risks both legal blows and security breaches. Privacy-by-privacy design, off-chain storage, and proper governance are more than just best practices. It’s a survival tool.”
However, in the interview Decryption“It’s a mistake to put personal data on the blockchain,” said Harry Halpin, founder and CEO of decentralized privacy firm NYM Technologies.
“Use cases I’ve seen, such as digital identity systems, or worse, Covid Passports are essentially a violation of privacy and lead to authoritarianism,” Halpin said. “Personal data must be using chain off-chain zero knowledge proofs and have network privacy through a mixnet, as used in NYM payment information.”
He added: “It’s also a mistake to apply data protection laws to blockchain data, as “right to be forgotten” effectively requires a decentralized blockchain to be changed and censored by regulators. If this is the goal, use a regular centralized database. ”
edit Sebastian Sinclair
