To what extent does the right to be forgotten apply to blockchain, the technology behind Bitcoin and other ledger-based systems? Not only is it technically impossible but, following the end of the post-Brexit transition period, the EU General Data Protection Regulation (GDPR) no longer strictly applies (although the GDPR’s provisions have been incorporated into domestic law).
It’s a fascinating conundrum and specialist lawyers may need to be involved in blockchain projects from the outset ‘to assess their suitability for compliance’, according to Dean Armstrong QC & Paul Schwartfeger, of 36 Commercial, writing in this week’s NLJ.
They write: ‘The technology-agnostic nature of the GDPR ignores entirely the realities of whether (and how) the right might be realised.
‘Indeed, when it comes to blockchain, this agnosticism creates something of a paradox. That is that, while the right is legally enshrined, it is also seemingly technically impossible to achieve, given the mantra that data stored on a blockchain is immutable. This fundamental issue, having real relevance to public or permissionless blockchains which, for example, underpin Bitcoin and Ethereum, has been the subject of much debate since the inception of the GDPR.’
In their article, Armstrong & Schwartfeger identify some possible solutions as well as guidance on how data controllers might respond to erasure requests.
