Do GDPR and Blockchain complement or contradict each other?

Author: Jeremy Lilley, Policy Manager for Data Protection, techUK

In this comment piece as part of the Observatory's Data Fortnight, Jeremy Lilley of techUK discusses the impact of GDPR on Blockchain technologies. He argues that they have a similar approach to data and are both an opportunity for the citizen to gain greater control over their data.

GDPR and Blockchain are certainly two ‘buzz words’ in tech and policy at the moment, given that GDPR is just around the corner and blockchain technologies are receiving significant attention.

The implications of GDPR on Blockchain technologies, and the extent to which they can be compliant, is an interesting one. Blockchain, or Distributed Ledger Technology (DLT), is still relatively nascent. That said, there are a whole range of possible applications of DLT which offer transformational opportunities from financial services to healthcare. However, with GDPR coming into effect in less than two months’ time, the focus is now on how the opportunities of blockchain can be realised while still complying with new data protection rules which provide greater access and erasure rights. The key question is whether these new rights are in conflict with the architecture and purpose of Blockchain.

There was recently a fascinating discussion in the European Parliament which techUK spoke at, on the interactions between GDPR and Blockchain, with a variety of perspectives on offer. Issues raised include the suitability of the hashing and encryption offered by DLT, the difference between public and private blockchains, the different permissions offered and the decentralised nature of blockchain – all of which have different implications for complying with data protection rules.

Ultimately though, there seemed to be a consensus around one of the key principles that techUK set out during the discussion. Blockchain and GDPR have a very similar approach to data. They are both about giving the consumer or citizen greater control over how their information is used and who has access to it. Depending on the exact architecture of a DLT, which can be varied, this technology can precisely achieve the aims of, and compliance with, the GDPR. This approach should be welcomed so consumers can benefit from the opportunities offered by blockchain while also being confident their information is being contained within the remits of new data protection laws.

There is a huge opportunity to utilise new technologies, such as DLT, and data for improved consumer experiences. However, this won’t be realised if people don’t have trust in the way their information is being stored. The UK’s data-driven revolution is expected to be worth £240 billion by 2020, but only if consumers have trust in data use. As new technologies develop they will have to do so while ensuring suitable levels of data protection, as required by new laws. Taking blockchain as an example, it would appear that the conflicts between this new tech and GDPR are not as extreme as some might think. Indeed, they both seek to achieve the same goals.

techUK are currently running a Data Protection Week and have been publishing guest blogs on their website.