The European Data Protection Board has approved the concept rules that determine how personal data is stored and shared on block chains, so that a new step is marked to tailor decentralized technology to existing standards.
The new guidelines Limit access to stored information and meets the protection of the General Data Protection Regulation (GDPR), according to the EDPB, which ratified the rules this month and opened public comments until 9 June.
“Blockchains have certain characteristics that can lead to challenges when dealing with the requirements of the AVG,” the EDPB said in a version of the available guidelines available. “The guidelines emphasize the need for data protection through design and standard and adequate organizational and technical measures.
The document added: “As a general rule, saving personal data on a blockchain should be avoided if this is contrary to the principles of data protection.”
The guidelines come in the midst of continuous concerns about the security of blockchain technology. GDPR outlines a list of rights for individuals to protect their personal information.
The guidelines advised organizations to implement technical and structural measures at the start of the design phases of facts Processing and emphasized the importance of transparency, rectification and deletion of personal data.
This includes the accounting for the different roles of actors involved in individual phases of blockchain processing of personal data.
The EDPB said that organizations must carry out the impact assessments of data protection (DPIAs) before they process personal data using blockchain technology. This assumes that processing will probably lead to a high risk to the rights and freedoms of individuals.
The board urged organizations to concentrate on guaranteeing the personal data of individuals that are not made available to an “indefinite number of people as standard”.
Datprivacy experts have mixed opinions about the role of blockchain in data privacy and the new guidelines.
Bryn Bennett, senior BD at Hacken, a Ukrainian web3 security company, told Decrypt That “the guidelines of the EDPB are a timely memory that decentralization does not mean deregulation.”
“We see privacy as part of the core infrastructure-no add-on after the launch,” said Bennet. “Projects that handle user data in an end risks both legal recoil and infringements of security. Privacy-per-design, off-chain storage and good governance are not only the best practice-so survival tools.”
However, in an interview with DecryptHarry Halpin, the founder and CEO of decentralized privacy company Nym Technologies, said that “it is a mistake to place personal information on the blockchain.”
“The use cases I have seen, such as digital identity systems, or worse, COVID passports, violate inherent privacy and lead to authoritarianism,” Halpin said. “Personal data must use zero knowledge certificates off-chain and have network privacy via mixnets, as we use with payment information on NYM.”
He added: “It is also a mistake to apply data protection laws to data on the blockchain, because it would require ‘right to be forgotten’ effectively decentralized blockchains to be changeable and censored by regulators. If the goal is, simply use normal centralized databases.”
Edited by Sebastian Sinclair