“There is a high degree of complexity and uncertainty in the distributed character of blockchain and affiliated complex mathematical concepts,” the European Data Protection Committee (EDSA) describes its now in its guidelines published on the use of decentralized database technology. “In principle, storage of personal data should be avoided in a blockchain if it opposed data security principles.”
The objective of the blockchain is to ensure the integrity of the data and its traceability. Premilly correcting errors or removing data is not currently intended because only new information can be added ideologically. To ensure that the general data protection regulation (GDPR) is complied with in the state of blockchain use, which will be responsible to carefully assess the rights and risks of the affected people “.
EDSA provides in its document It is clear that roles and responsibilities should be prescribed in the conception phase when processing personal information with blockchain. In addition, organizations must already complete data security results if the blockchain use “possibly brings high risk of natural individuals’ rights and freedom”.
Problems with the right to forget
According to the merger of data protection officers of the European Union member states, blockchain operators should “ensure the greatest possible protection of personal data during processing so that they do not be accessible by the standard”. Data security should be directly integrated into technology, ie privacy by design).
This includes the implementation of principles such as memory limit and data minimalization. In addition, affected rights, such as reforms, deletion and forgotten, have to be followed. Therefore, the responsible person should carefully examine any targeted blockchain solution.
Blockchain data only anonymously
Right -wasting experts such as Malte Engeller had already said that the right to forget was not possible with blockchain. EDSA explains: “Since the entire blockchain or the information stored in it cannot be easily removed, the responsible people should already take into account this requirement in the design phase.” You have to ensure that “all personal data stored in blockchain can be effectively anonymous in the case of extinguishing apps or objections”. This determines that relevant transactions have been stored which does not allow direct identity of the affected people.
All additional off-chain information that enables indirect identity with appropriate means, then it will have to be removed. In view of the related implementation difficulties, EDSA recommends considering other devices compared to blockchain.
(DS)
