Gdpr: A Stumbling Block For Blockchain Technology? | Mindtree
These are interesting times. Around the world, new and emerging technologies are disrupting and transforming traditional trade practices. In Europe, a deadline is approaching (25 May 2018) for implementation of a new regulation on data protection that will contribute to this transformation for anyone doing business within the European Union (EU). The General Data Protection Regulation (GDPR), the European Parliament and the European Commission intend to strengthen data protection for all individuals within the EU. Non-compliance can lead to a fine of up to 4% of the annual global turnover of the organization. The GDPR includes a number of provisions affecting digital identity governance that provide individuals with control over their personal data. Key provisions are: Right to Consent: Individuals must provide consent before their personal data can be used, and they can revoke that consent at any time. Right to be Forgotten: Individuals can request erasure of any or all of their personal data Right to Portability: Individuals have the right to receive the personal data they previously provided to a processor in an easy-to-use digital format and transmit the data to another processor. Right of Data Minimization: A processor can use an individuals personal data only if it is necessary for the specific purpose. For example, using the minimum data required. GDPR compliance is a top priority for organizations in the EU. In addition, many organizations are keen to adopt the emerging blockchain technology. While there are benefits to both, blockchain technology has the potential to disrupt operating models when viewed in conjunction with GDPR compliance. Blockchain is a distributed database that maintains a continuously growing list of records which is called blocks. Each bl Continue reading >>
Blockchain Data Protection Law | Deloitte Legal Deutschland
IV. Potential conflicts with data protection law Blockchain applications are currently amongst the most discussed topics when it comes to the precursors of the fourth industrial revolution. Within the global Deloitte network, the Deloitte Blockchain Institute was founded in order to analyze and consult on the technical and economic potentials and risks of blockchain applications for sector-specific industries (e.g. telecommunications or media ). The following article deals with blockchain applications from the perspective of data protection law, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation - "GDPR"), which will enter into force in May 2018. In addition to an approximation to the term blockchain (cf. section I.), the main question addressed by this article is, to what extent this technology will impact on those areas of life that have been traditionally regulated by analogue law and institutions (cf. section II.). Finally, the potential of blockchain is briefly addressed as an instrument of data protection (cf. section III.) and explains the extent to which data protection law may create certain boundaries to potential applications of blockchain technology (cf. section IV.). As the term already suggests, one of the essential characteristics of a blockchain is the concatenation of blocks. More specifically, such blocks are comprised of a certain number of cumulative records, the contents of which are interconnected in such manner that each subsequent block contains a cryptographic image of the previous block. Thus it can be ensured that data cannot be manipulated unrecognized after the respective data has been entered into a block, completed and "attached" to a subsequent blo Continue reading >>
Blockchains And The Gdpr
The imminent entry into force of the EU General Data Protection Regulation (GDPR) coincides with pronounced hype surrounding blockchains as a new method of data storage and management. Blockchains and other forms of Distributed Ledger Technology (DLT) are an emergent technology that remains immature and only time will tell whether they are here to stay. Blockchains are currently being avidly experimented with in Europe and beyond. These replicated and tamper-proof databases provide new methods of data handling. Their characteristics contrast with those of centralized forms of data management that regulators had in mind when fashioning the GDPR. In a recent paper I examinewhether a technology based on the decentralized collection, management and storage of data can be compatible with the GDPR, which was fashioned for data silos. This question is of pivotal importance as, in light of its expansive geographical scope, the GDPR is not only relevant for blockchain projects in Europe but around the world. I conclude that a legal framework designed for a sphere of centralization cannot easily be applied to one of decentralization. The GDPR embraces a broad definition of personal data as any information relating to an identified or identifiable natural person, the data subject. Where data qualifies as personal data, it can only be processed subject to a number of conditions and data subjects derive specific substantive rights in respect of their data. Blockchains are essentially an append-only replicated database that is maintained by a consensus algorithm and stored on multiple nodes (computers). Data can be stored on blockchains in plain text or it can be encrypted or hashed to the chain. It is well-established that data that has been encrypted or hashed still qualifies as p Continue reading >>
How To Design A Gdpr-compliant Blockchain
How to design a GDPR-compliant blockchain Transform: The AI event of the year for growth marketers. Aug. 21 - 22 VB Summit: The best in AI. An invite-only executive event. Oct. 22 - 23 General Data Protection Regulation (GDPR), the farreaching personal data privacy regulationgoing into effect Friday,aims to give individuals more control over their personal information. Among otherrequirements,itestablishesthe right of erasure the rightof an individualto request that any personal data about them bepermanentlydeleted. This right, also known as the right to be forgotten, has caused somenotableheartachein the blockchain community, as it appears to go against one of thefundamentalunderlying tenets of blockchain: immutabilityofpostedinformation. So how do we reconcile this right with thestructuralelement of blockchain that essentially makes it impossible to deletedataonce itis enteredontothe chain? It appearsthat thereare only two leading viablesolutions given current technology: Convincingregulatorsthat erasure doesnt have to mean data is literally deleted and that making data permanently inaccessible without deletion should produce the same effect Figuring out a way to use blockchainwhilekeepingsensitive data off chain. The final workable solution might be some combination of the two. Hashing is one of the fundamental elements of blockchain and, in very abbreviated terms, means that data is transformed in such a way that it cannot be reverse-engineered into its original state. GDPRlimits the definition of personal data to information that is linked or could be linked to a specific person, with the understanding that if data is completely anonymized so that it cannot be re-linked to a person,even with additional external information, then it falls outsidethescope of persona Continue reading >>
How Does The Eus Gdpr Apply To Hashed Data On The Blockchain?
How does the EUs GDPR apply to hashed data on the blockchain? Despite blockchains superior technical capacity for data privacy and security, lack of control over personal data is a major issue for the many companies subject to the EUs new digital data privacy lawthe General Data Protection Regulation (GDPR)which comes into effect May 2018. In May 2015, the European Commission published its Digital Single Market strategy, designed to produce a seamless commercial market across national borders to improve online access to goods and services, set a level playing field for competing firms, and spur economic growth. As part of this regulatory harmonization, the EU adopted the GDPR to facilitate net neutrality, cloud computing, access to big data and protection of citizens personal data. Traditionally, Europe has followed stricter standards of data privacy than their American counterparts who often place a stronger emphasis on free expression and access to information. The GDPR focuses on digital identity governance , to give citizens more control of their personal data, limit the scope of lawful data processing by data controllers and enforce 1) a right to erasure of data, aka the right to be forgotten, 2) a right to data portability, and 3) a right to consent to uses of ones personal data. Enter blockchain, dubbed data protection by design and default in which data is either two-way encrypted, so as to be unreadable without a private key, or hashed in one direction. Blockchain hashing is very important for commercial functions like automated cross-border authentication of documents that do not contain personally identifiable information. But what happens when personal data is being processed in a blockchain? The GDPR does not apply to anonymized data that cannot be traced Continue reading >>
Will Gdpr Block Blockchain?
Achieving Gdpr Compliance And Data Privacy Using Blockchain Technology
Achieving GDPR compliance and data privacy using blockchain technology CxOs, data engineers, programmers, and software developers A basic understanding of blockchain technology Learn how to use open source blockchain technologies such as Hyperledger to implement the European Union's General Data Protection Regulation (GDPR) regulation The General Data Protection Regulation (GDPR) is an EU regulation acting as a one-stop shop for all data privacy rules across the EU. GDPR governs all global entities dealing with EU citizens data in any form or shape. Ajay Mothukuri, Arunkumar Ramanatha, and Vijay Srinivas Agneeswaran explain how to use open source blockchain technologies such as Hyperledger to implement GDPR. GDPR aims to ensure the data privacy of EU citizens through a single set of rules for data protection, increased responsibility and accountability for those entities processing personal data, required notification of any data breaches in stipulated timelines, the pseudonymization of personal data in such a way that resulting data cannot be attributed to a specific data subject without use of additional nonpersonal information, more accessible personal data, the ability to transfer personal data from one service provider to another easily (data portability), a right to be forgotten, and data protection by design and by default. These rules apply to all foreign companies and entities that are active in EU market and offer their services to EU citizens, and there are heavy sanctions for any violations, that can total up to 4% of annual global turnover. Blockchain technologies can help companies fall in line with GDPR directives. Pseudonymization is built into the blockchain, as all the data in a blockchain is encrypted and undersigned with the users digital signatures Continue reading >>
Blockchain Technology May Not Be The Best Solution For Gdpr Compliance
Blockchain technology may not be the best solution for GDPR compliance Use commas to separate multiple email addresses GDPR deadline looms: The price and penalties | Salted Hash Ep 20 (13:48) With the General Data Protection Regulation (GDPR) deadline fast approaching, host Steve Ragan explores the implications of noncompliance for companies -- and possible penalties -- with Greg Reber, founder/CEO of AsTech Consulting. GDPR deadline looms: The price and penalties | Salted Hash Ep 20(13:48) Despite facing attacks from Chinese regulators and even Jamie Dimon last month, Bitcoin has never been more popular. In fact, a single bitcoin is currently valued at over $5,000 and rising up from roughly $630 at this point last year.Part of the cryptocurrencys appeal can be traced to its use of blockchain, a decentralized ledger technology that anonymizes person-to-person transactions and updates client transactions and balances without going through a bank or other centralized authority. This helps ensure that transactions are not only anonymous, but difficult to taint or tamper. Many companiesincluding those in the financial industryare exploring new ways to incorporate this into day-to-day business activities. Companies such as NASDAQ, Bank of America, and Goldman Sachs, for example, have already filed patents that apply blockchain technology towards day-to-day financial tasks. Some of these patents, for example, apply blockchain principles to creating audit-friendly backup databases for financial documents , streamlining securities settlements , and creating buyer & seller aliases to anonymize person-to-person payments . [ Learn how to protect PII under GDPR . | Get the latest from CSO by signing up for our newsletters . ] Can companies also use blockchain technology to meet th Continue reading >>
Comment: Can Gdpr And Blockchain Co-exist?
Home > Regions > Europe > Comment: Can GDPR and blockchain co-exist? Comment: Can GDPR and blockchain co-exist? The EUs General Data Protection Regulation (GDPR), due to be enforced on 25 May, implements new rights for people accessing the information companies hold about them and business obligations for better data management. GDPR defines personal data as anything that relates to an identifiable, living individual whether it actually identifies them or makes them identifiable. Luke Sayer asks if the two are in any way compatible. We are continuously advising companies of the need to explain their data processing through applicable policies. How companies handle personal data will vary; the GDPR recognises this by creating distinctions between data controllers and data processors. A data controller is an entity that determines the purpose and manner that personal data is used. A data processor processes the data on behalf of the controller, i.e. obtaining, recording, adapting and holding personal data. The GDPR aims to give individuals the right of control and power over who can access their data. One such right is the right to have inaccurate personal data rectified, blocked or destroyed where applicable. Further to this, individuals will have the right to be forgotten; their data transferred to another data storage provider, or deleted entirely. Companies will be more accountable than ever for their handling of data, so how can the much-heralded blockchain technology assist. Originally developed as the accounting method for the virtual currency Bitcoin, blockchains which use what is known as distributed ledger technology (DLT) are appearing in many commercial applications today. The technology is primarily used to verify transactions within digital currencies thoug Continue reading >>
January Reader Favorite: The Role Of Blockchain In Helping Organizations Meet Gdpr Compliance | Information Management
January reader favorite: The role of blockchain in helping organizations meet GDPR compliance Opinion January reader favorite: The role of blockchain in helping organizations meet GDPR compliance While blockchain and the General Data Protection Regulation are currently two of the data management industrys hottest buzzwords, they have more than just buzz in common as the industry continues to ponder their respective impact. They share the same level of excitement as well as the same level of scepticism. Interestingly, they may be linked in another way the fact that blockchain could play an important role in helping organizations comply with GDPR rules. PWC defines blockchain as a digital, decentralized ledger that keeps a record of all transactions that take place across a peer-to-peer network so that participants can transfer assets across the Internet without the need for a centralized third party. According to Gartners Emerging Technologies Hype Cycle , blockchain is at the peak of inflated expectations, meaning that it is a hot topic among audiences, and there are numerous ideas and theories about how it can be used. While there are many use cases, the reality is very few are up and running. And, although its predicted to become an important technology, nobody really knows if it will go mainstream, what it will mean, which technology will become the de-facto standard, and when it all will happen. The GDPR, on the other hand, is a good bit more tangible with a deadline for compliance of May 25, 2018. By this date, all organizations worldwide doing business with EU customers must assess their information strategy, technology, processes and staff against GDPR rules regarding personal data and implement changes to remain compliant. The GDPR has an enormous impact to com Continue reading >>
Why Blockchain Poses An Unusual Challenge For Gdpr Compliance
What Does The Eus Gdpr Mean For Blockchain?
What Does the EUs GDPR Mean for Blockchain? Thomas Delahunty | April 6, 2018 | 1:32 am What Does the EUs GDPR Mean for Blockchain? Thomas Delahunty | April 6, 2018 | 1:32 am Generally we know that blockchain technology underpins cryptocurrencies, and there are many organizations using the technology for a myriad of other applications: executingcontracts, modernizingland registries, even providing new systems foridentity management. But theres a small problem on the horizon. According to aposttoday from Washington, DC-based think tank Coin Center, blockchain technology may be fundamentally incompatible with Europes new privacy laws that will come into effect in May of this year. TheGeneral Data Protection Regulation (GDPR)will take effect on May 25th, under the new rule companies will be required tocompletely erase the personal dataof any EU citizen who requests that they do so. The problem is that with blockchain, a complete erasure of any stored personal data might not be possible, experts told The Verge . Modifying data on a blockchain is very hard, Oxford Law lecturer Michle Finck toldThe Verge, If you were to delete or modify data from the blockchain to comply with the GDPRs rights to amendment or the right to be forgotten, you wouldnt just change that piece of data, but the hash of the block containing the data and of all subsequent blocks. Finck continued, I think its safe to say that currently, most blockchains are incompatible with the GDPR, especially permissionless blockchains. She said that although some blockchain projects are currently thinking about applications that would be GDPR-compliant, the problem is that there are so many points of tensionway beyond the right [for personal data] to be forgotten. By their very nature, transactions on a blockchain ar Continue reading >>
How To Deploy Blockchain Tech For Gdpr Compliance
How to deploy blockchain tech for GDPR compliance As companies look for solutions, Armin Ebrahimi, CEO of ShoCard, shares with The Paypers ways to deploy blockchain to enable businesses to meet GDPR compliance. Enforcement of the EUs General Data Protection Regulation (GDPR) is approaching quickly. On May 25, 2018, any company, foreign or domestic, that processes the personal data of EU inhabitants is expected to have solutions in place to meet the regulations requirements. The GDPR is designed to give prospects, customers, contractors, employees, etc., more power over their data and less power to the organizations that collect and use it for monetary gain. However, decentralized solutions based on blockchain technology are innovating how data is collected, stored and distributed, and these solutions provide options not available through traditional data protection methods. Blockchain technology enables the actualization of completely digital identities, allowing for the concept of Bring Your Own ID (BYOID) to gain traction and adoption. Staring down the new GDPR requirements and the social and business pressures to not become the next Equifax, companies are searching for innovative solutions to put themselves ahead of the curve when it comes to protecting the data of their clients, customers and users. The public is also putting much of this pressure on enterprises, searching for a way to gain more control over their own data. If a solution that allows them to control their own data is available, why should they entrust its protection to companies vulnerable to hacks? A blockchain identity management (IM) system, uses public/private key encryption and data hashing to safely verify data via the blockchain. A persons identity and data are stored on their device, and the Continue reading >>
Blockchain - Solution Or Obstacle For Gdpr Compliance? - Eu Gdpr Compliant
in Compliance , Rights , Security by Laura Vegh 0 Comments Not long ago we discussed in an article the way we approach security will be changed by the GDPR. Today we will tackle a more sensitive subject in the area of security blockchains. But what exactly is blockchain? A simple definition, found on Wikipedia, states that a blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. There are a few main traits of blockchains that make them both a benefit and a challenge for data protection. First of all, blockchains are distributed and decentralized. Because of this, it is almost impossible to identify the person responsible for the data. Second, there is the fact that blockchains are public, which means that all information on the blockchain is accessible to everyone. Finally, blockchains are not editable, meaning you cant make changes to the personal data they contain. Now, if we go back and think about some of the requirements of the GDPR, we might start to see why the basic properties of blockchains can be both pros and cons for compliance, which we will discuss in the following paragraphs. Opinions surrounding blockchain are generally divided between those who believe its the best invention in terms of security and those who believe it wont work well with the GDPR. Some say data subjects rights are harder to guarantee using blockchain. Others believe this is a trend that could go away any time and with it all the personal data would be gone. The GDPR is essentially about data subjects rights. So the fact that blockchain protects identity by making data almost unidentifiable is at first sight a good thing. However, this is not the only right the GDPR focuses on. Other rights, such as the right to access, to Continue reading >>
The Role Of Blockchain In Gdpr Compliance