GDPR Begins to Count Blockchain-based Victims
The upcoming General Data Protection Regulation (GDPR) law in the EU was already predicted to pose new issues for businesses, especially those based on blockchain. This fear is not unfounded.
The Parity ICO Passport Service (PICOPS) has announced it will close doors later this month on May 24 as a result of the restrictive nature of GDPR, which starts May 25. The project is providing KYC (know your customer) services for initial coin offerings (ICOs) by validating the owners of Ethereum wallets who have successfully passed ID background checks.
Vitalik Buterin, the co-founder of Ethereum, expressed his disappointment over Twitter. “This is very sad. A potentially very useful service in the ethereum ecosystem discontinued due to GDPR issues,” he wrote.
ICOs need these KYC services if they want to stay compliant with regulations, for example making sure that participants do not reside in countries where participation is banned, such as China.
However, other startups are keeping GDPR compliance in mind. Hive Project and DENT are two of them, having taken to Twitter to let potential investors know that their projects are GDPR-compliant with no cause for worry.
Starting May 25, all 28 EU nations should start applying the GDPR, which sets new standards for any holder of sensitive data, from Amazon to your local government council, as reported by Cryptonews.com. From then on, companies will have to post clear notices for users and get their unambiguous consent to collect data. Also, companies will be required to completely erase the personal data of any citizen who requests that they do so. But for some blockchain-based businesses, notably those that have publicly available data trails such as Bitcoin and Ethereum, it could prove impossible to erase that data, especially considering that thousands of apps are Ethereum-based in one way or another. Even a cryptocurrency wallet address could qualify as personal data.
Blockchain technology may be fundamentally incompatible with Europe’s new privacy rules, Coin Center, a Washington DC based think tank backed by major blockchain industry players, stressed in April.
According to them, this means that either blockchain in Europe or the GDPR needs to change. Blockchain developers could utilize new technologies to make personal data anonymous, which would keep blockchains out of the GDPR’s scope, while European judges could make an exception for blockchain in the GDPR.
Meanwhile, Twitter user @nilskp designed a handy Venn diagram of the interaction between GDPR and blockchain, suggesting that these two things have nothing in common.