It is managed in legislative circles that a new legislation is about to be enacted in the European Union (EU) on data protection and privacy. This could negatively impact the blockchain companies in general since one of their fundamental premises will be in a position of potential questioning, and it is precisely about privacy.The European Union promulgated an update to its General Data Protection Regulation (GDPR). This regulatory update will take effect as of May 25, 2018, and regulate how companies in the European jurisdiction should handle the confidential information of their users.
Among these regulations we can mention that companies have the obligation to meet and comply with the request of any citizen of the European Union to eliminate completely the user information stored by the company on their websites. This provides a margin of safety for users and the possibility of coercing companies so that they do not incur abuses with the handling of confidential personal information.
It is important to note that these regulations highlight controversial situations such as those of Cambridge Analytica and Facebook, which allow us to understand the magnitude of the unethical handling of users’ confidential information.
Now, while these regulations mean that user data now belongs firmly to each user, it could also imply a potential condemnation for many blockchain companies operating in European community territory.
The adaptation to the new regulations assumes in principle that the information of the users contained by the websites, and in particular for the case of blockchain companies, must be subject to the approval of use and possible withdrawal of said information by express request of the user. In other words, if the chain of blocks is immutable, its processes can not be reversed, therefore the practical adaptation of the new regulations becomes impossible to apply, and brings a practical conflict whose consequences can be incalculable for blockchain companies . This practical reality could motivate a development on the progress of technological solutions applicable to blockchain, with which an important evolution could occur.
There are, however, opinions that suggest that EU regulators have before them the crossroads of deciding the option of banning blockchain applications in Europe or adjusting the GDPR to establish some exceptions for blockchain applications in European territory. It is also perfectly predictable that these regulations will cause a setback in the development of blockchain-based ventures, and that would not be desirable in any scenario.
If we stop to study the new regulations, for example that personal information is defined by the GDPR as anything that is related to an identifiable living individual, we find the lack of clarity in the interpretation of this rule, because it opens subjective possibilities of interpretation and therefore, everything could enter into that concept. Think of the bitcoin addresses for example, they would fit in that definition, and with that, they would be subject to loss of anonymity nominally speaking. This would be a case of many possible in which the encrypted data would qualify as personal data instead of as anonymous data.
Thinking about solutions that can be achieved in the short term, the blockchain companies that operate in European territory will be forced to redesign and reorient part of their systems in order to comply with the new regulations, creating databases outside the block chain, for example. everything that implies.
The truth is that the solutions have to be given immediately given the proximity of the entry into force of the new regulations, and the impact, although still speculative, on blockchain companies can hardly be starting to project.