Blog manager: Giovanni Capaccioli

Translated by: Lawlinguists

The blockchain and the problem of personal data processing

The blockchain and the problem of personal data processing

edited by: 
Dane Marciano, CEO of Affidaty S.p.A
Giovanni Capaccioli, R&D of Affidaty S.p.A


If in the previous article we covered the efficiency theme, underlying how “it was always thought that since it (Bitcoin and Blockchain) was born, new, better and more heterogeneous scenarios would have presented”.

One of the most unpredictable subjects is security. In the latest years, web-based ecosystems developed and consequently did the security issue, regarding the safety of the data both for the company and user side. 

that’s why in the latest months and years new laws concerning data treatment have been studied, discussed and approved. 

It is clear that every instrument if improperly used, may cause different degrees of harm.

That’s why this concept also applies to the digital world. The blockchain is the instrument that if misused, may lead to breaches in the national or supranational laws, that were put in place to safeguard the citizens. 

What are the most common errors that could lead the blockchain to be misused by a company?

A perfect example is the personal data treatment in the case in which one wants to use the blockchain to store all the user data instead of creating a private network to store sensitive information and coupling it a “notarial” blockchain. What happens?

  1. The data contained inside the blockchain is tamper proof, implying the impossibility (due to its coding) to cancel the data once inserted in the shared chain.
  2. Blockchains are distributed and so is data control which is delegated to all participants (at most miners, which cannot be considered Data Protection Officer as required by the GDPR).
  3. Smart Contracts exist to be automated under the decisional profile, opening non-trivial criticalities especially if litigation is brought to court.

Generally, what collides with the GDPR, in this case, are two principles that defined until today value and power of the blockchain:

  • the data inserted is public and accessible to everyone participates in the chain
  • the data remain indefinitely stored, to secure and protect the ledger. 

The GDPR can be summarized in three words: centralization, limitation and removability, or deletion. These collide with the three base concepts of blockchain: decentralization, distribution, and immutability.

as stated in previous paragraphs, the GDPR gives EU citizens exclusive rights concerning their personal data among which stand out:

  • the right to deletion of personal data when these are not necessary for the scope, when the user withdraws consent or when the permanent collection is illegal.
  • the right to require the correction of incorrect data
  • The right to limit data elaboration when its accuracy is contested or when it is not necessary anymore.

These rights are comprehensible in a centralized database context, controlled by a single data handler with a finite set of processors. What will be the solutions that will allow the use of blockchain in these circumstances?

In Affidaty we created the wallet synkrony and its alias with the aim of building a possible solution in line with the regulations in force and that does not compromise the effectiveness and stability of the blockchain technology.