Blockchain, Personal Data And The Gdpr Right To Be Forgotten
Home > GDPR > Blockchain, Personal Data and the GDPR Right to be Forgotten Blockchain, Personal Data and the GDPR Right to be Forgotten Posted in European Union, GDPR, International The effective date of the EUs General Data Protection Regulation (GDPR) is fast approaching (May 25, 2018), and its impacts are already being felt across various industries. Specifically, the conflicts between the GDPR and the technical realities of blockchains raise important legal considerations for companies seeking to implement blockchain solutions that involve the personal data of EU data subjects. Proskauer is a leading international law firm focused on creating value. Our roots go back to 1875, when we were founded in New York City. With 725+ lawyers active in virtually every major market worldwide, we are recognized not only for our legal excellence, but also our dedication to client service. Our clients include many of the worlds top companies, financial institutions, investment funds, not-for-profit institutions, governmental entities and other organizations across industries and borders. We also represent individuals in transactions and other matters. In addition to New York, we have offices in Beijing, Boston, Chicago, Hong Kong, London, Los Angeles, Paris, So Paulo and Washington, D.C., as well as Boca Raton, Newark and New Orleans. Continue reading >>
Gdpr And Blockchain: Is The New Eu Data Protection Regulation A Threat Or An Incentive?
GDPR and Blockchain: Is the New EU Data Protection Regulation a Threat or an Incentive? New European data protection regulation to trigger even more blockchain innovation. The General Data Protection Regulation (GDPR) , a sweeping and stringent European Union (EU) wide legal framework for personal data privacy, became effective on May 25. Ready or not, this framework is going to drastically transform the business of any digital venture. The International Association of Privacy Professionals (IAPP) forecast that at least 75,000 privacy jobs will be created as a result, and that Fortune's Global 500 companies will spend close to $8 bln in order to ensure they are compliant with the GDPR . But what does this mean for the blockchain? The GDPRs goals are: to create a uniform data regulation framework within Europe, and to strengthen individuals control over the storage and use of their personal data. It was adopted in 2016 , and after a two-year transition period, is now in force. The GDPR introduces new procedural and organizational obligations for "data processors" - including corporate as well as public entities, and gives more rights to data subjects - the term it uses for individuals. Public and private organizations, when left to themselves, tend to accumulate data even before knowing what they will do with it, sort of "gold rush" in personal data acquisition. The GDPR goes against this habit by specifying that data processors should not collect data beyond what is directly useful to their immediate interaction with consumers. In effect, the data harvest should be adequate, relevant and limited to the minimum necessary in relation to the purposes for which they are processed (Article 39 of the GDPR). Besides setting out what is or isnt allowed, the GDPR also specifies Continue reading >>
Blockchain Technology May Not Be The Best Solution For Gdpr Compliance
Blockchain technology may not be the best solution for GDPR compliance Use commas to separate multiple email addresses GDPR deadline looms: The price and penalties | Salted Hash Ep 20 (13:48) With the General Data Protection Regulation (GDPR) deadline fast approaching, host Steve Ragan explores the implications of noncompliance for companies -- and possible penalties -- with Greg Reber, founder/CEO of AsTech Consulting. GDPR deadline looms: The price and penalties | Salted Hash Ep 20(13:48) Despite facing attacks from Chinese regulators and even Jamie Dimon last month, Bitcoin has never been more popular. In fact, a single bitcoin is currently valued at over $5,000 and rising up from roughly $630 at this point last year.Part of the cryptocurrencys appeal can be traced to its use of blockchain, a decentralized ledger technology that anonymizes person-to-person transactions and updates client transactions and balances without going through a bank or other centralized authority. This helps ensure that transactions are not only anonymous, but difficult to taint or tamper. Many companiesincluding those in the financial industryare exploring new ways to incorporate this into day-to-day business activities. Companies such as NASDAQ, Bank of America, and Goldman Sachs, for example, have already filed patents that apply blockchain technology towards day-to-day financial tasks. Some of these patents, for example, apply blockchain principles to creating audit-friendly backup databases for financial documents , streamlining securities settlements , and creating buyer & seller aliases to anonymize person-to-person payments . [ Learn how to protect PII under GDPR . | Get the latest from CSO by signing up for our newsletters . ] Can companies also use blockchain technology to meet th Continue reading >>
How Blockchain Tech Can Facilitate Gdpr Compliance
How Blockchain Tech Can Facilitate GDPR Compliance How Blockchain Tech Can Facilitate GDPR Compliance Posted on March 8, 2018 at March 7, 2018 by Armin Ebrahimi 639 0 The Role of BYOID in Meeting Requirements With the deadline fast approaching to have solutions in place that comply with GDPR regulations, its predicted that 80 percent of companies wont be ready. Blockchain technology offers a new, innovative and purpose-built way to meet the regulations requirements. Heres what you need to know about blockchain-based identity management, BYOID and how they address the same principles and goals of GDPR. The blockchain, the technology behind Bitcoin and cryptocurrency in general, has far-reaching applications. The underlying capabilities of the blockchain that of a decentralized, immutable ledger can be applied to multiple industries to protect data and identify information of users and companies and to meet compliance standards. With the enforcement of the EUs General Data Protection Regulation (GDPR) beginning on May 25, 2018, all companies processing or handling the personal data of persons residing in the EU, including U.S.-based companies, are searching for data-handling solutions that find innovative ways to comply with the new regulations. The GDPR is designed to give people more power over their own data, giving less to the organizations that collect and use it for monetary gain. Blockchain-based identity management enables the concept of bring your own identity, or BYOID, which aims to accomplish much of the same things as GDPR giving back to users control over their data. Predicted to Fail, Companies Search for Solutions Because the legislation is so new, companies are still exploring what it will mean to be GDPR compliant. Forrester recently predicted that 80 p Continue reading >>
Blockchain And Gdpr: Can They Get Along?
A community of CIOs discussing the future of business and IT Blockchain promises immutable records. GDPR promises the right to be forgotten. How will this work out? Blockchain ranks right up there as the tech hype darling of the moment. Though blockchain is much less mature than say, AI , IT leaders are keeping a close eye on how blockchain may reshape vertical markets(such as finance) and functions (such as supply chain). Now some industry watchersare asking whether blockchain is headed for a bit of a collision with the European Unions General Data Protection Regulation (GDPR) . The GDPR privacy regulations take effect today, May 25, and are applicable to many US and multinational organizations. They are the most sweeping privacy change most IT leaders have encountered to date, complete with potentially hefty fines. What is the potential clash between blockchain and the privacy manifesto? As Red Hat technology evangelist Gordon Haff recently noted , blockchains first characteristic that makes it an interesting fit for business applications isimmutability. Once something has been put on a blockchain, it cant be removed or altered, Haff notes. Thats one reason blockchain has captured developers imagination for legal, financial, and supply chain uses, he adds. GDPR, on the other hand, promises an individuals right to be forgotten to have personally identifiable data removed. One benefit of this for a consumer might be that after a breach, you would no longer have to worry about what password you used in that long-forgotten service or online store, for example. What areas should IT and business leaders be watching for as GDPR takes effect, with regard to blockchain? Here are fiveitems to watch: Much depends on theregulators' behavior: How much blockchain and GDPR clash de Continue reading >>
Making Sense Of The Eu Gdpr/blockchain Dichotomy
Making sense of the EU GDPR/Blockchain dichotomy A look into what implications the looming General Data Protection Regulation (GDPR) will have for blockchain and public ledger technology: The ICO train isnt showing any sign of reaching its last stop just yet. Were only five months into 2018, but an already staggering $6 billion has been raised across 195 crowd-sales (including pre-sales, private pre-sales, and other convoluted process). For reference, the entirety of 2017 saw 210, with the (considerably smaller) grand total of $3.8 billion raised. In the midst of the hype, many seem to forget the massive change that European privacy laws are undergoing: the General Data Protection Regulation (or GDPR), set to come into force on May 25th, aims to assert the rights of individuals over their own data. Specifically, it takes aim at organisations storing sensitive information belonging to its users. Failure to comply comes with steep sanctions, with companies being taxed 20 million (or 4% of their annual turnover, if it exceeds this). Under GDPR, consumers have a much greater degree of sovereignty over their data. The legislation demands not only that companies ensure users' data is kept secure in an adequate manner, but that they also adhere to the right to be forgotten the principle that allows an individual to request the erasure of their information from a businesss database. Outside of the blockchain space, multiple companies have ceased offering their services to EU based customers, citing the overbearing GDPR as the key cause. Key companies include MMORPG Ragnorak Online , mobile marketing platform Verve and consultancy firm Brent Ozar. Do you know what isnt compatible with privacy and deletion of data? Public and immutable ledgers. Arguably one of the most important Continue reading >>
Blockchains And The Gdpr
The imminent entry into force of the EU General Data Protection Regulation (GDPR) coincides with pronounced hype surrounding blockchains as a new method of data storage and management. Blockchains and other forms of Distributed Ledger Technology (DLT) are an emergent technology that remains immature and only time will tell whether they are here to stay. Blockchains are currently being avidly experimented with in Europe and beyond. These replicated and tamper-proof databases provide new methods of data handling. Their characteristics contrast with those of centralized forms of data management that regulators had in mind when fashioning the GDPR. In a recent paper I examinewhether a technology based on the decentralized collection, management and storage of data can be compatible with the GDPR, which was fashioned for data silos. This question is of pivotal importance as, in light of its expansive geographical scope, the GDPR is not only relevant for blockchain projects in Europe but around the world. I conclude that a legal framework designed for a sphere of centralization cannot easily be applied to one of decentralization. The GDPR embraces a broad definition of personal data as any information relating to an identified or identifiable natural person, the data subject. Where data qualifies as personal data, it can only be processed subject to a number of conditions and data subjects derive specific substantive rights in respect of their data. Blockchains are essentially an append-only replicated database that is maintained by a consensus algorithm and stored on multiple nodes (computers). Data can be stored on blockchains in plain text or it can be encrypted or hashed to the chain. It is well-established that data that has been encrypted or hashed still qualifies as p Continue reading >>
Achieving Gdpr Compliance And Data Privacy Using Blockchain Technology
Achieving GDPR compliance and data privacy using blockchain technology CxOs, data engineers, programmers, and software developers A basic understanding of blockchain technology Learn how to use open source blockchain technologies such as Hyperledger to implement the European Union's General Data Protection Regulation (GDPR) regulation The General Data Protection Regulation (GDPR) is an EU regulation acting as a one-stop shop for all data privacy rules across the EU. GDPR governs all global entities dealing with EU citizens data in any form or shape. Ajay Mothukuri, Arunkumar Ramanatha, and Vijay Srinivas Agneeswaran explain how to use open source blockchain technologies such as Hyperledger to implement GDPR. GDPR aims to ensure the data privacy of EU citizens through a single set of rules for data protection, increased responsibility and accountability for those entities processing personal data, required notification of any data breaches in stipulated timelines, the pseudonymization of personal data in such a way that resulting data cannot be attributed to a specific data subject without use of additional nonpersonal information, more accessible personal data, the ability to transfer personal data from one service provider to another easily (data portability), a right to be forgotten, and data protection by design and by default. These rules apply to all foreign companies and entities that are active in EU market and offer their services to EU citizens, and there are heavy sanctions for any violations, that can total up to 4% of annual global turnover. Blockchain technologies can help companies fall in line with GDPR directives. Pseudonymization is built into the blockchain, as all the data in a blockchain is encrypted and undersigned with the users digital signatures Continue reading >>
General Data Protection Regulation And Blockchain Technology
General Data Protection Regulation and Blockchain Technology General Data Protection Regulation and Blockchain Technology In the fourth blog post by Austrian law firm Stadler Vlkel Arthur Stadler and Sarah Pichler focus on the General Data Protection Regulation (GDPR) and Blockchain Technology. General Data Protection Regulation and Blockchain Technology The most important reason for the interest in Blockchain and the latest discussions about its potential areas of application are the positive attributes linked to its mode of operation: security, anonymity and data integrity, without any third party serving as an authority and being in control of the transactions. Blockchains thus are not only decentralized, but based on distributed ledgers. Data integrity is ensured by the creation of new blocks in a consensus procedure, meaning that each subsequent block contains a cryptographic image of the previous block. Each block therefore consists of multiple data points. This also leads to the fact that data cannot be manipulated or deleted once it is written, entered into the block and linked to the previously written block. Transparency in all aspects is given, as the public can see all transactions, but allegedly without information linking these transactions to identities. Personal Data in Blockchains Anonymous Content? From a legal point of view, many aspects have to be considered when applying effective legal frameworks to rather new technical systems like Blockchain national legislation as well as EU law have to be taken into account. One of the most recent Acts on EU level creating implementation requirements of great impact for companies is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, Continue reading >>
How Does The Eus Gdpr Apply To Hashed Data On The Blockchain?
How does the EUs GDPR apply to hashed data on the blockchain? Despite blockchains superior technical capacity for data privacy and security, lack of control over personal data is a major issue for the many companies subject to the EUs new digital data privacy lawthe General Data Protection Regulation (GDPR)which comes into effect May 2018. In May 2015, the European Commission published its Digital Single Market strategy, designed to produce a seamless commercial market across national borders to improve online access to goods and services, set a level playing field for competing firms, and spur economic growth. As part of this regulatory harmonization, the EU adopted the GDPR to facilitate net neutrality, cloud computing, access to big data and protection of citizens personal data. Traditionally, Europe has followed stricter standards of data privacy than their American counterparts who often place a stronger emphasis on free expression and access to information. The GDPR focuses on digital identity governance , to give citizens more control of their personal data, limit the scope of lawful data processing by data controllers and enforce 1) a right to erasure of data, aka the right to be forgotten, 2) a right to data portability, and 3) a right to consent to uses of ones personal data. Enter blockchain, dubbed data protection by design and default in which data is either two-way encrypted, so as to be unreadable without a private key, or hashed in one direction. Blockchain hashing is very important for commercial functions like automated cross-border authentication of documents that do not contain personally identifiable information. But what happens when personal data is being processed in a blockchain? The GDPR does not apply to anonymized data that cannot be traced Continue reading >>
Major Blockchain Group Says Europe Should Exempt Bitcoin From New Data Privacy Rule
Major blockchain group says Europe should exempt Bitcoin from new data privacy rule Since people can store personal data in blockchains, the technology could fall under the purview of the upcoming European change to privacy law. But blockchain technology may be fundamentally incompatible with Europes new privacy rules, Washington, DC think tank Coin Center said today in a new post . The General Data Protection Regulation (GDPR) will take effect on May 25th this year, more than two years after it was first signed into law. Under the new rule, if an EU citizen requests that their personal data be erased from a companys records, the company will have to obey. But with blockchain, a complete erasure of any stored personal data might not be possible, experts told The Verge. Modifying data on a blockchain is very hard, Oxford Law lecturer Michle Finck told The Verge, If you were to delete or modify data from the blockchain to comply with the GDPRs rights to amendment or the right to be forgotten, you wouldnt just change that piece of data, but the hash of the block containing the data and of all subsequent blocks. Finck added, I think its safe to say that currently, most blockchains are incompatible with the GDPR, especially permissionless blockchains. She said that although many blockchain projects are currently thinking about how to design tech that would be GDPR-compliant, the problem is that there are so many points of tension...way beyond the right [for personal data] to be forgotten. Its the basics of blockchain technology. By their very nature, transactions on a blockchain arent meant to be deleted but to be recorded permanently. It would also be difficult to stop every place transmitting a Bitcoin transaction. This is by design, Andries Van Humbeeck, co-founder and b Continue reading >>
What Does The Eus Gdpr Mean For Blockchain?
What Does the EUs GDPR Mean for Blockchain? Thomas Delahunty | April 6, 2018 | 1:32 am What Does the EUs GDPR Mean for Blockchain? Thomas Delahunty | April 6, 2018 | 1:32 am Generally we know that blockchain technology underpins cryptocurrencies, and there are many organizations using the technology for a myriad of other applications: executingcontracts, modernizingland registries, even providing new systems foridentity management. But theres a small problem on the horizon. According to aposttoday from Washington, DC-based think tank Coin Center, blockchain technology may be fundamentally incompatible with Europes new privacy laws that will come into effect in May of this year. TheGeneral Data Protection Regulation (GDPR)will take effect on May 25th, under the new rule companies will be required tocompletely erase the personal dataof any EU citizen who requests that they do so. The problem is that with blockchain, a complete erasure of any stored personal data might not be possible, experts told The Verge . Modifying data on a blockchain is very hard, Oxford Law lecturer Michle Finck toldThe Verge, If you were to delete or modify data from the blockchain to comply with the GDPRs rights to amendment or the right to be forgotten, you wouldnt just change that piece of data, but the hash of the block containing the data and of all subsequent blocks. Finck continued, I think its safe to say that currently, most blockchains are incompatible with the GDPR, especially permissionless blockchains. She said that although some blockchain projects are currently thinking about applications that would be GDPR-compliant, the problem is that there are so many points of tensionway beyond the right [for personal data] to be forgotten. By their very nature, transactions on a blockchain ar Continue reading >>
Blockchain Is On A Collision Course With Eu Privacy Law
Blockchain is on a collision course with EU privacy law Those who have heard of blockchain technology generally know it as the underpinning of the Bitcoin virtual currency, but there are myriad organizations planning different kinds of applications for it: executing contracts , modernizing land registries , even providing new systems for identity management . Theres one huge problem on the horizon, though: European privacy law. The blocs General Data Protection law, which will come into effect in a few months time, says people must be able to demand that their personal data is rectified or deleted under many circumstances. A blockchain is essentially a growing, shared record of past activity thats distributed across many computers, and the whole point is that this chain of transactions (or other fragments of information) is in practice unchangeable this is what ensures the reliability of the information stored in the blockchain. For blockchain projects that involve the storage of personal data, these two facts do not mix well. And with sanctions for flouting the GDPR including fines of up to 20 million or 4 percent of global revenues, many businesses may find the ultra-buzzy blockchain trend a lot less palatable than they first thought. [The GDPR] is agnostic about which specific technology is used for the processing, but it introduces a mandatory obligation for data controllers to apply the principle of data protection by design, said Jan Philipp Albrecht, the member of the European Parliament who shepherded the GDPR through the legislative process. This means for example that the data subjects rights can be easily exercised, including the right to deletion of data when it is no longer needed. This is where blockchain applications will run into problems and will proba Continue reading >>
Blockchain And Gdpr: Between A Block And A Hard Place
Home News Blockchain and GDPR: Between a Block and a Blockchain and GDPR: Between a Block and a Hard Place Blockchain and other emerging distributed ledger technologies offer the promise of increased security, transparency and resilience based on the use of distributed, immutable records. At the same time, the European Union General Data Protection Regulation ( GDPR ), which takes effect May 25, 2018, governs the use and protection of personal data collected from or about any European Union resident. Personal data is defined very broadly and includes any information relating to an identified or identifiable natural person. Under current EU legal interpretations, this includes encrypted or hashed personal data, as well as public cryptographic keys that can be tied to a private individual. The penalties for failing to comply with the GDPR are harsh including fines of up to the greater of 20 million or 4 percent of a companys annual worldwide revenue. The GDPR: Centralized, Restricted and Removable The GDPR was developed based on an assumption that collected personal data would be controlled by an identifiable data controller and processed by the data controller or by a finite number of identifiable data processors and sub-processors. In order to protect the use of personal data, data controllers and processors must control who accesses the personal data, where and to whom it is transferred, and by whom it is accessed. The GDPR gives EU residents enforceable rights with respect to their personal data, including: the right to erasure of personal data when the personal data is no longer needed for the purpose for which it was collected, when the individual withdraws consent, or when continued processing of the data is unlawful; the right to require correction of incorrect d Continue reading >>
The Effect Of Gdpr On Blockchain And Cryptocurrency Services
The Effect of GDPR on Blockchain and Cryptocurrency Services The European Union (EU) General Data Protection Regulation (GDPR) is a law designed to enhance the protection of personal data and give individuals greater control over their own data. While the law applies to individuals and personal data resident in the EU, many organizations and services are taking the opportunity to revise their policies and practices for all users. As the GDPR comes into effect today, May 25, 2018, many cryptocurrency service providers have made changes to bring their policies and practices into compliance. A key objective of the GDPR empowers individuals (or data subjects) with various rights. Some of these rights align well with blockchain technology. For example, the GDPR includes a right to information, giving individuals the right to request how their personal data is being shared and processed. The right to access is also a step towards greater transparency, as it allows individuals the opportunity to view their own personal data that has been collected by an organization or service.IBM has released a white paper outlining some key ways that blockchain technology can be used to support the goals of GDPR and enhance compliance. However, the GDPR also enforces the right to be forgotten, which provides individual data subjects with a right to request the deletion of personal data. Immutability is a core feature of blockchain technology, and without a central authority to oversee the erasure of any personal data, this part of the GDPR presents a considerable challenge for any open blockchain network that has stored personal data on the blockchain. Andries Van Humbeeck, Blockchain consultant for TheLedger.be , highlights this potential clash between GDPR and the blockchain: And here is Continue reading >>