Over the past decade, blockchain-based
technologies have evolved in a wide range
of directions. As businesses have developed
increasingly innovative blockchain solutions to
an increasingly broad range of problems,
governments, regulators and organisations have
become more active in creating meaningful
support for blockchain's huge potential. Indeed,
the European Commission announced plans
last year to increase funding for projects
drawing on blockchain technologies by up to
340 million euros by 2020.1 The European Union's
Blockchain Roundtable in November 2018 further
highlighted the desire to create a comprehensive
European strategy to boost innovation and
exploitation of blockchain technology.2
There remains, however, significant concern about the
application of the GDPR to blockchain technology, and
the difficulty of achieving a GDPR compliant blockchain
solution. Indeed, a number of recent publications have
discussed at length the tensions between the GDPR and
blockchain technology.3 Some commentators have even
gone as far as to call blockchain fundamentally incompatible
with the GDPR.4 While we take a more optimistic view, their
concerns are not entirely misplaced.
"… the development and uptake of this new
technology requires close cooperation between the
public and private sectors. Governments and economic
actors must work together to overcome regulatory
obstacles, increase legal predictability, lead
international standardisation efforts and accelerate
research and innovation …" EU Blockchain Roundtable
report, 20 November 2018" 5
Some of the most revolutionary aspects of blockchain
technology, such as the distribution of ledger data
and its generally immutable nature, do not sit neatly
with key obligations in the GDPR. These features may
lead to many applications of blockchain technology
(such as most public, permissionless blockchains) not
being compliant with the GDPR. However, in our view, they
do not necessarily render GDPR compliance impossible.
In particular, we believe it should generally be possible
to deploy a blockchain solution in compliance with the
GDPR, at least where that solution involves a defined
group of participants, all of whom agree to a common
contractual governance framework.
In this paper we analyse some of the key requirements
of the GDPR that present a compliance challenge for
blockchain solutions. We then consider how a blockchain
solution can be deployed to meet that challenge. We then
progress beyond discussion in the abstract by looking at
how these issues apply to a realworld use case developed
by Marine Transport International (MTI), a UK-based
digital logistics enabler. By analysing the compliance
challenge and considering various means of meeting that
challenge in the context of MTI's blockchain solution,
this paper aims to be of practical use to those looking to
deploy blockchain solutions in their business.
Finally, it should be noted that this publication is intended
for general information only and is not intended to
provide legal advice.
GDPR and the Blockchain I 9