Page 0033

Operationally, however, pruning may prove to be an

unattractive option for many blockchain solutions. Many

blockchain solutions use the blockchain to record a

base state and subsequent transactions. The only way

to ascertain the current world state from the blockchain

is to start with the base state and track through every

subsequent transaction. If a blockchain like this were to

be pruned, it would be necessary for the participants on

the network to formulate and agree, and to record in a

similarly immutable and decentralised way to the original

blockchain, a new base state that will replace the original

base state and all transactions up to the most recent block

that has been pruned. There are technical means available

to help achieve this, but the blockchain technology

employed by the solution will inevitably be somewhat

more complex.

Additionally, while pruning would assist compliance with

the obligation to delete data after it is no longer required

for the purpose for which it was collected, it is usually not

a viable means of complying with ad hoc requests from

data subjects for personal data about them to be erased

or rectified.

3 - Potential solution: Deletion by way of encryption

Alternatively, it may be possible to delete personal data

stored on the blockchain by irreversibly encrypting the

data. Under this approach, the encrypted data containing

the personal data would remain permanently on the

blockchain, but the personal data would be "deleted"

from the blockchain by deleting all keys that enable

decryption of the encrypted data. This method appears

to be a natural extension of the view held by the German

Blockchain Federation (Blockchain Bundesverband) and

the UK Anonymisation Network that data is no longer

personal data if it has been irreversibly anonymised.

However, the Article 29 Data Protection Working Party

previously classified encryption as pseudonymisation,

not anonymisation.28 One pseudonymisation technique

mentioned in the Article 29 Data Protection Working

Party opinion included using a keyed-hash function to

produce a hash and then deleting the key.29 The opinion

did note that employing this technique would make it

"computationally hard for an attacker to decrypt or replay

the function, as it would imply testing every possible key,

given that the key is not available."30

Nonetheless, it remains unclear whether the Working

Party opinion considers personal data that is irreversibly

encrypted and keyless to be anonymised for the purposes

of the GDPR and thus theoretically deleted from a

blockchain network.

It is for this reason that we are calling on the

European Data Protection Board and national data

protection authorities to settle this point and set

standards for encryption and key deletion that can

achieve an adequate level of anonymisation.

If deletion by encryption is a feasible solution, then any

blockchain network employing deletion by encryption

will need to ensure its governance framework obligates

its members to delete keys in response to a data subject's

request for erasure. If any member does not delete its key,

then the data would not be considered anonymised under

the Article 29 Working Party's definition of anonymised

data, which holds that data are only considered to be

anonymised when no person can re-identify them.31

GDPR and the Blockchain I 31


  1. Page 0001
  2. Page 0002
  3. Page 0003
  4. Page 0004
  5. Page 0005
  6. Page 0006
  7. Page 0007
  8. Page 0008
  9. Page 0009
  10. Page 0010
  11. Page 0011
  12. Page 0012
  13. Page 0013
  14. Page 0014
  15. Page 0015
  16. Page 0016
  17. Page 0017
  18. Page 0018
  19. Page 0019
  20. Page 0020
  21. Page 0021
  22. Page 0022
  23. Page 0023
  24. Page 0024
  25. Page 0025
  26. Page 0026
  27. Page 0027
  28. Page 0028
  29. Page 0029
  30. Page 0030
  31. Page 0031
  32. Page 0032
  33. Page 0033
  34. Page 0034
  35. Page 0035
  36. Page 0036
  37. Page 0037
  38. Page 0038
  39. Page 0039
  40. Page 0040
  41. Page 0041
  42. Page 0042
  43. Page 0043
  44. Page 0044
  45. Page 0045
  46. Page 0046
  47. Page 0047
  48. Page 0048
  49. Page 0049
  50. Page 0050
  51. Page 0051
  52. Page 0052