Blockchain’s Immutability is in Conflict With GDPR’s “Right to be Forgotten”
Legaltechnews reported about the French’s Commission Nationale de l’informatique et des Libertés (CNIL) guidance on Blockchain regarding the “right to be forgotten” since “…private blockchains can be managed and controlled, public blockchains are a free-for-all that will likely pose an ongoing challenge for CNIL and other EU regulators.” The October 5, 2018 report entitled “France’s Regulatory Guidance on GDPR, Blockchain Leaves More Questions Than Answers” about the September 2018 Blockchain report including these comments about GDPR and data controllers:
CNIL declared that users who interact with blockchain ledgers for professional or commercial purposes, such as sending funds through a blockchain to pay for a service, can be classified as data controllers.
Under the GDPR, data controllers are entities that must determine the purposes for which personal data is processed, and they have a responsibility to ensure such processing complies with EU regulations and is done in a secure fashion.
Controllers also must issue binding contracts to data processors with instructions on how to process their information.
Normally, data services, such as social media platforms, decide and publicly disclose how they will process their users’ data instead of having each user contractually dictate how their data is to be managed.
Allowing users to run the show, after all, likely creates operational burdens, not in the least because of the sheer amount of contracts needed.
Stay tuned to see how other EU states speak out about Blockchain.