In this article we delineate two ways in which Blockchain technology could be utilised to store personal data in compliance with the requirements of the General Data Protection Regulation 2016/679, and what their up- and downsides are.
[1] Corporate Law and European Law, section Law & IT, Groningen University, Oude Kijk in ‘t Jatstraat 9, 9712 EK Groningen, The Netherlands.
[2] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation.
[3] For the difference in meaning between data and information see e.g. R.L. Ackoff, ‘From Data to Wisdom’ in Journal of Applies Systems Analysis, Volume 16, 1989 p 3-9.
[4] Seeing the use of, and distinction between, the terms data and information in the GDPR is confusing at best, even though there is a significant difference between them, hereafter the terms data and information will be used as they are in the GDPR.
[5] In cases where there is a discrepancy between the different ledgers – for instance because 10 changes were made simultaneously – the network resolves this by polling all nodes and the majority rules.
[6] If a new block were to be added for each alteration this would create a security-risk of cryptanalysis. See E. Biham & A. Shamir, ‘Differential Crypt analysis of DES-like Cryptosystems’ in, Lecture Notes in Computer Science, Springer-Verlag, Berlin, 1990, p. 2-22. Freely accessible at https://link.springer.com/ content/pdf/10.1007/3-540-38424-3.pdf.
[7] A hash-function is a function in information sciences which converts a very large dataset into (most often) a much smaller dataset.
[8] For the reliability of hashing see e.g. C. Malinowsky & R. Noble, ‘Hashing and data integrity: Reliability of hashing and granularity size reduction’ in Digital Investigation, Volume 4 issue 2, 2007, p. 98-104.
[9] In this case the term ‘transaction’ means any alteration i.e. addition to the chain and not necessarily any financial transaction.
[10] van Heukelom et.al., Whitepaper Juridische aspecten van Blockchain, p. 7-11.Freely accessible at <www.pelsrijcken.nl/actueel/publicaties/whitepaperjuridische-aspecten-van... (Dutch only). Instead of the terms transparent- and opaque Blockchain they refer to them as open- and closed Blockchains.