Blockchain and GDPR. Data protection and opportunities

Blockchain and GDPR. Data protection and opportunities

Blockchain: what is it and how does it work?

Blockchain technology is part of the Distributed Ledger family and the complex universe of the Internet of value, one of the paradigms of Digital Transformation. It is also the symbol of the digital and currency revolution that began with cryptocurrencies and Bitcoin.

The applications of the Blockchain are many. For example, the financial sector, intellectual property, healthcare, logistics, real estate, cyber security, insurance. But also the monitoring and counting of electoral votes, the agri-food chain, the academic world, sports betting and online music.

What is the Blockchain? The Blockchain is a digital register structured as a “chain of blocks” linked in chronological order, which can store data records commonly called “transactions“.

The integrity of the blocks is guaranteed by cryptography and each block can be associated with one or more transactions. Furthermore, each block contains a hash pointer that links it to the previous one, and a timestamp. The data saved on the Blockchain are for this reason considered incorruptible.

Before inserting a data into a block and a block into the chain, they undergo a validation process, called mining, in which anyone can participate. In other words, authentication takes place through mass collaboration that depends on collective interests. Therefore, the Blockchain is a cooperative model that does not have a central control and verification entity.

The main advantages of systems based on Blockchain technologies are the possibility of creating a decentralized, shared and immutable archive. In fact, once written, a content can no longer be modified or eliminated, unless the entire structure is invalidated.

What are the main characteristics of Blockchain technology?

To better understand the potential of the Blockchain and the impact it can have, let’s see together its seven main characteristics:

  1. Digitization: All transactions are in digital format
  2. Decentralization: the information in the digital ledger is distributed among multiple nodes (computers that connect to the Blockchain) to ensure IT security. In this way, there is no centralization that the cracker (hacker) can exploit to break down the entire system. The Blockchain also uses public key and private key cryptography;
  3. Traceability: each element in the register is traceable in its entirety and this allows users to discover the exact origin and any changes made over time;
  4. Disintermediation: the single nodes of the Blockchain certify the information, thus making the presence of central bodies or companies for data certification completely useless;
  5. Transparency and Verifiability: the contents of the register are visible to anyone and are easily accessible and verifiable. This means that no one can hide or modify data without the entire network knowing about it;
  6. Immutability of the register: after adding information to the register it is no longer possible to modify it without the consent of the entire network;
  7. Transfer scheduling: transaction operations can also be scheduled over time, so users can wait for certain conditions to occur before proceeding with the insertion or modification.

Permissioned and permissionless: the types of Blockchain

There are different types of Blockchain. We can divide them into two large groups:

  • Permissionless Blockchain: anyone can participate in the transaction validation process and anyone can become a network node. Among the most famous permissionless are Bitcoin and Ethereum;
  • Permissioned Blockchain: only a limited number of authorized participants have access to this type of Blockchain, which is also based on a validation process entrusted to a small group of subjects. Among the most famous examples are Corda and Hyperledger.

We must also mention hybrid Blockchains that allow anyone to participate in the network but only some actors can take care of the validation of transactions.

Data protection at the heart of Blockchain technology and the GDPR

Within the framework of the “Resolution on distributed ledger technologies and blockchains: building trust with disintermediation” (2017/2772 (RSP)), the European Parliament declared that the Blockchain must be considered a “tool that strengthens the autonomy of citizens by giving them the opportunity to check their data and decide which ones to share in the register, as well as the ability to choose who can see such data”, thus promoting transparency of transactions.

In fact, the Blockchain is a technology that can define a framework of transparency, reduce corruption, detect tax evasion, allow the traceability of illicit payments, facilitate anti-money laundering policies and identify the misappropriation of goods since it is able to memorize all transactions in blocks connected to each other in chronological order, in order to ensure data integrity.

Therefore, the pillars of this technology are the immutability and transparency of the data that call into question the GDPR (General Data Protection Regulation). This is the European legislation on the protection of personal data approved with EU Regulation 2016/679 by the European Parliament and the European Council on April 27, 2016. The GDPR was published in the Official Journal of the European Union on May 4, 2016, it entered into force on 24 May of the same year, and has been operational since 25 May 2018.

If properly designed, Blockchain technologies share the same objectives with the GDPR. These are: creating an environment in which data security is guaranteed and giving back control to subjects. So, despite the differences, there are some points of contact between the two in terms of data protection:

  • Use of asymmetric cryptography based on a double public and private key system;
  • Use of pseudonymisation techniques (decoupling of data from individual identity) and data minimization (collection of only data absolutely necessary for the specific purpose), which recall the principle of privacy by design introduced by EU Regulation 2016/679;
  • Control by the user of their data;
  • Resistance to attacks or events related to cyber crime.
Articolo precedenteArt.17 GDPR and the right to be forgotten
Articolo successivoTwo-Factor Authentication: why you should use it