4 - Potential solution: Hashing personal data
A third useful way to keep personal data off the
blockchain is to ensure that any data containing personal
data is communicated via a side channel, with only a hash
of that personal data then stored on the blockchain.
These side channels could be managed by middleware,
as discussed above, and made transparent to the user.
This enables those in possession of the personal data
sent via the side channel to confirm that the data they
have is correct by running the hashing function over that
personal data and checking that the result matches the
hash recorded on the blockchain. However, as outlined
earlier, anyone who has only the hash generally cannot
use it to obtain the underlying personal data.
There is, however, some debate as to whether a hash of
personal data is truly anonymous (and so not subject to
the GDPR), or whether it is in fact merely pseudonymous
(and therefore within the scope of the GDPR by virtue of
being re-identifiable as personal data). In particular, the
Article 29 Data Protection Working Party, the EU advisory
body charged with issuing guidance on the application
of the former EU Data Protection Directive (95/46/EC),12
identified in a 2014 opinion13 that hashing was a means of
pseudonymisation rather than a means of anonymisation.
This view seems to have been reached in part on the basis
that a hash function can effectively be reversed by trying
all possible input values to find the one that produces
the sought-after hash. In some cases this may be feasible,
such as where the data that has been hashed is a name or
a phone number - it may be possible to compute a hash
of many possible names or phone numbers and identify
the matching hash. In many cases, however, if the input
data is sufficiently complex (such as a paragraph of text
or a digital file such as a pdf document or a JPEG image),
trying all possible input values in the hopes of achieving
the same output hash would be practically impossible.
Some hashing techniques, such as salted or peppered
hashes (as discussed earlier in this publication) can also
help to increase the complexity of input data and thus
reduce the susceptibility of the hash to a brute force
attempt at reversal.
Importantly, the European Data Protection Board (the
body that replaced the Article 29 Data Protection Working
Party under the GDPR) did not formally endorse this
particular opinion of the Article 29 Data Protection
Working Party in its formal endorsement statement.14
The Article 29 Data Protection Working Party's opinion
also perhaps relied, in part, on the wording of Recital 26 of
the former EU Data Protection Directive, which somewhat
equivocally, suggested that data is only anonymous if
re-identification of the individual is "no longer possible".
The same wording is not present in Recital 26 of the
GDPR, which states that:
24 I GDPR and the Blockchain