Blockchain technologies vs the EU Right to be Forgotten


The right to be forgotten, set out in the new General Data Protection Regulation (GDPR) of the European Union and which will come into force on 28th May 2017, empowers any person to rectify or delete his personal data that affects him and stop being treated if they are no longer necessary for the purposes collected or if you have not withdrawn your consent.

This right could conflict with Blockchain, since one of the uses that is being given to this technology is the storage of documents and its immutability and inalterability the main feature of this new technology and so it could clash head on. It has to be taken into consideration that when a data is registered becomes unique, unrepeatable and indelible. This is the basis of its robustness and solidity since trying to modify or change it, or part of it, is cryptographically impossible.

This feature is a double-edged sword, on the one hand guarantees informations security and allows the system to be able to defend itself against illegal or duplicate transactions but in the other hand prevents the possibility of eliminating it. In addition, the inability to correct false data can end up causing harm to users.

What if someone decides to enforce their right to be forgotten and delete their personal information from Blockchain?

The answer is that would be an almost imposible task. In current systems on which Blockchain is based, delete data would be record, which would result in a bifurcation of information, that is, while in the new chain will not exist data, in the old one would continue existing.

An alternative to the data destruction, which we have seen is impossible, is removing Blockchains credentials and access so the information contained is inaccessible to anyone. However, these credentials could be recovered by different methods, “bruce forcé” included (cryptographic procedure to retrieve a password by testing all possible combinations).

The last and most realistic option is creating a new accounting system, editable Blockchain, that allows one or more designated administrators to rewrite or change data blocks.

What is intended to be emphasized is that legislators should interpretate too restrictive but represents a balance between protecting citizens privacy and the understanding of the implications of how technology envolves. In this sense, European Union regulation should limit the scope of the right to be forgotten in blockchain systems, accepting an indefinite locking of data as compliance rather than forcing it to be abolished.