Brief
- EDPB has published guidelines on how personal data must be stored and accessible on blockchains, aimed at aligning the RGPD rules.
- The storage of personal chain data must be avoided if it may violate the principles of basic data protection, warns the board of directors.
- Experts are divided on the impact – some see the rules as late railings, while others argue that they threaten decentralization and innovation of confidentiality.
The European Data Protection Office has approved the draft rules governing how personal data is stored and shared on blockchains, marking another step towards alignment of decentralized technology with existing standards.
The new guidelines Limit access to stored information and comply with general data protection regulations (GDPR), according to the EDPB, which ratified the rules this month and opened the public comment until June 9.
“Blockchains have certain properties that can lead to challenges when they deal with RGPD requirements,” said EDPB in a version of online directives. “The directives highlight the need for data protection by design and default and adequate organizational and technical measures.
The document added: “As a rule, storage of personal data on a blockchain must be avoided if this conflicts with the principles of data protection.”
Directives are involved in continuous concerns about blockchain technology safety. The GDPR describes a list of rights so that individuals protect their personal information.
The guidelines advised organizations to implement technical measures and on the scale of the structure at the start of the design stages of data Treatment and underlined the importance of transparency, rectification and erasure of personal data.
This includes taking into account the different roles of the actors involved in separate steps in the processing of the blockchain of personal data.
EDPB said organizations should carry out data protection impact assessments (DPIAS) before processing personal data using blockchain technology. This presumes that the treatment is likely to result in a high risk for the rights and freedoms of individuals.
The board of directors has urged organizations to focus on the guarantee that the personal data of individuals are not made available to an “indefinite number of people by default”.
Data confidentiality experts have mixed opinions on the role of blockchain in data confidentiality and new directives.
Bryn Bennett, Senior BD in Hacken, a Ukrainian Web3 security company, said Decipher that “EDPB directives are a timely reminder that decentralization does not mean deregulation”.
“We see confidentiality as part of the basic infrastructure – not a post -launching module,” said Bennet. “Projects that process user data risk both the return of flame and legal security violations. Confidentiality by design, out -of -chain storage and good governance are not only best practices – these are survival tools. ”
However, in an interview with DecipherHarry Halpin, the founder and CEO of the decentralized confidentiality company NYM Technologies, said that “it is a mistake to put personal data on the blockchain”.
“The use cases I have seen, such as digital identity systems, or worse, hairstyle passports, intrinsically violates privacy and lead to authoritarianism,” said Halpin. “Personal data must use evidence of zero knowledge outside chain and have the confidentiality of the network via mixtnets, as we use with payment information on NYM.”
He added: “It is also an error to apply data protection laws to blockchain data, because the” right to be forgotten “would actually require decentralized blockchains to be mutable and censored by regulators. If it is the lens, then simply use normal centralized databases.”
Edited by Sebastian Sinclair
Daily debriefing Bulletin
Start every day with the best reports at the moment, as well as original features, a podcast, videos and more.
