When considering the legal landscape emerging after the General Data Protection Regulation went into effect on May 25, 2018, the uncertainty surrounding the Regulation reaches its peak when it is applied to blockchain technology. While the goals of storing personal data on permissioned blockchains may align with the goals of accuracy and transparency emulated by the GDPR, the language of the Regulation makes it likely that blockchain technology, as a whole, violates the GDPR. Permissioned blockchains have promising use cases and developments that have not only streamlined data storage, but also allowed users to have increased control over who accesses their data. Accordingly, this Note proposes that to ensure innovation and technological growth of permissioned blockchains are not stifled, the GDPR must release guidance that exempts permissioned blockchains that store personal data from the daunting violation fines of the GDPR. First, this Note discusses the background of blockchain technology, highlighting the benefits of permissioned blockchains. This Note then discusses the relevant regulations of the GDPR, focusing on the right to rectification, the right to be forgotten, and the right to data portability. Next, this Note discusses how blockchain technology violates users’ data access rights. The last part of this Note discusses why permissioned blockchains should be exempt from the GDPR and proposes solutions on how to facilitate this exemption, concluding that the most efficient way to ensure that the technological growth of permissioned blockchains is not stifled is immediate guidance from the GDPR that interprets definitions from the Regulation in a way that exempt permissioned blockchains from violations.
The GDPR-Blockchain Paradox: Exempting Permissioned Blockchains from the GDPR,
29 Fordham Intell. Prop. Media & Ent. L.J. 1201
Available at: https://ir.lawnet.fordham.edu/iplj/vol29/iss4/5