Distributed ledger technology in the light of GDPR compliance Last week I met with the blockchain startup , which promises to solve the blockchain vs. GDPR conflict on a technological layer. Why should you care about what they have to say? Lition These folks cooperate with the largest German software company SAP They launched a consumer-ready decentralized energy market place They have the recently discussed STO regulations with the German government Icons by Freepik and Smashicons via Flaticon Let’s just jump into the expert contribution of Lition’s CEO Richard Lohwasser about (A) , (B) to make blockchains GDPR compliant and . the background of GDPR four existing compliance solutions a fifth solution proposed by Lition A. Background of GDPR In May of 2018, near the peak of blockchain mania, the European Union (EU) rolled out the General Data Protection Regulation (GDPR) in an that had become commonplace by internet giants like , , and . attempt to prevent the gross exploitation of data Facebook Google Amazon The GDPR protects individuals by laying down strict rules for data use and management by companies, including the “ ” and requiring data to stay within the borders of its native country. The “right to be forgotten” forces companies to delete user data after an individual leaves the network. right to be forgotten Violating GDPR can lead to , which can be hundreds of millions of dollars for large corporations. fines of up to 4 percent of a company’s global annual revenue The GDPR helps combat an incredibly pressing issue in our digital world. Companies have profited off of user data without curtail for far too long. Facebook has, at some point, with nearly every tech company you can think of to circumvent its own privacy policies. conspired But the GDPR comes with a catch. The legislation is in direct conflict with another effort to empower users to take back control of their data: blockchain. With the rampant abuse of user data in the last decade or so, the EU seems unlikely to back down and amend their legislation any time soon, but how can blockchain technology move forward and comply without destroying the systems that make it so useful in the first place? B. Existing compliance solutions Let’s take a look at several possible solutions… This tactic keeps sensitive user data off the blockchain, allowing a continuous blockchain record and the ability for data to be deleted. Unfortunately, off-chain systems largely defeat the purpose of blockchain by storing data via traditional methods, meaning data is more vulnerable to hacks, edits and other trickery. Deleting encrypted keys keeps sensitive data on the blockchain but throws away the ability to access the information. This method deletes the data by rendering it inaccessible, but does not technically erase it. The GDPR explicitly calls for the deletion of data, and while the deletion is not clearly defined in the legislation, making something inaccessible and destroying it all together are not the same thing. essentially While there are a couple different ways to go about anonymizing data, most solutions involve the same version of our already defunct off-chain storage method. On-chain pointers connect mainchain information to sensitive off-chain information. Once the off-chain data is destroyed, the link is broken and the on-chain information is anonymous. However, this method still leaves data on the mainchain, and while tough, identifying information could still be obtained from the blockchain. Another proposition is to completely overhaul the concept of blockchain and create centralized back end systems, that allow data to be anonymized without interrupting any chains. While this would allow GDPR and blockchain to peacefully coexist, you have basically gutted the fundamentals of blockchain by doing so. Centralized back-ends give data control back to companies and require users to once again trust companies with their information behind closed doors. That worked great the first time? A better solution? . Public-private deletable blockchain infrastructure Public-private deletable blockchain infrastructure could remedy blockchain and GDPRs incompatibility by preserving blockchain functionality while protecting user data in accordance with the GDPR. Software giant ’s Chief Technology Officer, Dr. Juergen Mueller, has been advising , a German tech startup, in the development of their blockchain platform with true deletability through the use of private side chains that stem from the mainchain. The team was presenting their at the SAP Data Space in Berlin. SAP Lition MVP on February the 21st Lition’s MVP launch event Lition’s network tracks metadata in the mainchain to ensure network functionality. This is where things like consensus are maintained, token balances are tracked, and transparency is provided. Smart contracts are executed on the main network, but invoke private permissioned sidechains where sensitive data is kept. These side chains can be deleted, destroying the information contained with in them, while preserving the block hashes to maintain network integrity. Source: What Does Lition’s Blockchain Architecture Look Like? The public private infrastructure is the first protocol that both allows true deletion of data and abides by the fundamentals of blockchain. The GDPR and blockchain initiatives were both attempts to reclaim our information and put an end to the rampant abuse of data Silicon valley’s top dogs have orchestrated for too long. Although they emerged from different ends of the ideological spectrum, permanent deletion versus un-tamperable transparency, the end goal was mostly the same. Through the use of public-private deletable platforms, we will be able to diversify our tool set for the fight to take back our digital identities. The GDPR doesn’t cripple blockchain, rather, it challenges it to innovate and incorporate all the best strategies to ensure our data is secure and protected. Want to dive deeper into the topic? Get in touch with Lition’s CEO Richard Lohwasser on or follow him on . Linkedin Twitter Let’s stay in touch
