The European Parliament Committee on Civil Liberties, Justice and Home Affairs has weighed in on blockchain with the following key points:
- If you want to use a blockchain structure to handle personal data you need to specifically design the blockchain platform to support data sovereignty.
- Personal data in the blockchain is generally not anonymous and GDPR obligations would apply; future blockchain applications should integrate mechanisms that ensure that data can be fully anonymous.
- You should not process personal data on the blockchain until you are able to guarantee compliance with the GDPR, especially the rights to the rectification and erasure of data.
- Blockchain users may be both data controllers, for the personal data that they upload onto the ledger, and data processors, by virtue of storing a full copy of the ledger on their own computer.
- Because there are many copies of the data on the chain, blockchain is likely to be incompatible with the GDPR data minimization principle.
- The European Commission and the Member States should fund research and innovation on new blockchain technologies that are compatible with the GDPR.
Read the full text of the European Parliament Committee on Civil Liberties, Justice and Home Affairs Opinion.