A joint study between Queen Mary University of London and the University of Cambridge concluded that, whilst challenging, it is theoretically possible for organizations to design blockchain applications that fully comply with recently implemented EU ‘General Data Protection Regulation’.
The research was published in the ‘Richmond Journal of Law and Technology’ and cited challenges such as exorbitant fines and uncertainty as major deterrents which prevent companies in the region from attempting to work with blockchain.
What is the GDPR?
The GDPR (EU 2016/679) was proposed back in 2012, however, was not fully defined and implemented until 2016 and 2018 respectively. Companies which fail to comply with the regulation are subject to a fine valued at either £17million or 3% of the organization’s annual turnover (whichever is valued higher).
The purpose of the legislation is to put the onus on the companies which handle user data for the sanctity of those users’ rights, pertaining to said data.
Generally speaking: the law garnered a combination of controversy and ridicule from many parties – with consequences ranging from changes to privacy policies and service agreements to some operations deciding to fully cease operations in the region.
Jumping the Hurdle
Due to innate aspects of blockchain technology, like the immutability and inability to retrospectively remove customer data recorded as such, the problems become obvious when it comes to creating a solution compatible with this European regulation.
According to the website of Queen Mary University of London,
“Promising examples include encrypting entries and then deleting the relevant decryption keys – leaving only indecipherable data on-chain – or using so-called ‘off-chain’ storage models.”
The EU wouldn’t be the first legislative region in which new regulations have threatened blockchain related industry and we have elsewhere seen examples of the results of this.
In China, increasing restrictions have led to a crypto-flight where many companies have moved their headquarters to neighboring states such as Hong Kong, Taiwan and Singapore to avoid the risk of persecution.
Meanwhile, the policies implemented by agencies such as the Securities and Exchange Commission (SEC) in the United States of America have resulted in many companies disallowing American investors from participation in ICO events.