Page 0011

Over the past decade, blockchain-based

technologies have evolved in a wide range

of directions. As businesses have developed

increasingly innovative blockchain solutions to

an increasingly broad range of problems,

governments, regulators and organisations have

become more active in creating meaningful

support for blockchain's huge potential. Indeed,

the European Commission announced plans

last year to increase funding for projects

drawing on blockchain technologies by up to

340 million euros by 2020.1 The European Union's

Blockchain Roundtable in November 2018 further

highlighted the desire to create a comprehensive

European strategy to boost innovation and

exploitation of blockchain technology.2

There remains, however, significant concern about the

application of the GDPR to blockchain technology, and

the difficulty of achieving a GDPR compliant blockchain

solution. Indeed, a number of recent publications have

discussed at length the tensions between the GDPR and

blockchain technology.3 Some commentators have even

gone as far as to call blockchain fundamentally incompatible

with the GDPR.4 While we take a more optimistic view, their

concerns are not entirely misplaced.

"… the development and uptake of this new

technology requires close cooperation between the

public and private sectors. Governments and economic

actors must work together to overcome regulatory

obstacles, increase legal predictability, lead

international standardisation efforts and accelerate

research and innovation …" EU Blockchain Roundtable

report, 20 November 2018" 5

Some of the most revolutionary aspects of blockchain

technology, such as the distribution of ledger data

and its generally immutable nature, do not sit neatly

with key obligations in the GDPR. These features may

lead to many applications of blockchain technology

(such as most public, permissionless blockchains) not

being compliant with the GDPR. However, in our view, they

do not necessarily render GDPR compliance impossible.

In particular, we believe it should generally be possible

to deploy a blockchain solution in compliance with the

GDPR, at least where that solution involves a defined

group of participants, all of whom agree to a common

contractual governance framework.

In this paper we analyse some of the key requirements

of the GDPR that present a compliance challenge for

blockchain solutions. We then consider how a blockchain

solution can be deployed to meet that challenge. We then

progress beyond discussion in the abstract by looking at

how these issues apply to a realworld use case developed

by Marine Transport International (MTI), a UK-based

digital logistics enabler. By analysing the compliance

challenge and considering various means of meeting that

challenge in the context of MTI's blockchain solution,

this paper aims to be of practical use to those looking to

deploy blockchain solutions in their business.

Finally, it should be noted that this publication is intended

for general information only and is not intended to

provide legal advice.

GDPR and the Blockchain I 9


  1. Page 0001
  2. Page 0002
  3. Page 0003
  4. Page 0004
  5. Page 0005
  6. Page 0006
  7. Page 0007
  8. Page 0008
  9. Page 0009
  10. Page 0010
  11. Page 0011
  12. Page 0012
  13. Page 0013
  14. Page 0014
  15. Page 0015
  16. Page 0016
  17. Page 0017
  18. Page 0018
  19. Page 0019
  20. Page 0020
  21. Page 0021
  22. Page 0022
  23. Page 0023
  24. Page 0024
  25. Page 0025
  26. Page 0026
  27. Page 0027
  28. Page 0028
  29. Page 0029
  30. Page 0030
  31. Page 0031
  32. Page 0032
  33. Page 0033
  34. Page 0034
  35. Page 0035
  36. Page 0036
  37. Page 0037
  38. Page 0038
  39. Page 0039
  40. Page 0040
  41. Page 0041
  42. Page 0042
  43. Page 0043
  44. Page 0044
  45. Page 0045
  46. Page 0046
  47. Page 0047
  48. Page 0048
  49. Page 0049
  50. Page 0050
  51. Page 0051
  52. Page 0052