An added benefit of deletion by encryption is that it
preserves the immutable nature of the blockchain, as the
data on the blockchain itself is not altered. Additionally, it
offers another way to achieve "pruning" of a blockchain
(as discussed above). Every block added to the chain could
be encrypted with a key and, after the specified time,
every participant on the network could be required to
delete the keys to blocks older than that a particular age.
4 - Potential solution: Editable blockchains
Editable blockchains are a new solution that enable the
deletion and rectification of data on the blockchain.
They are divisive (in certain areas of the blockchain
community) because they are not immutable, which is
seen by some to undermine one of the fundamental
premises of blockchain technology. That being said, we
believe it is important at this stage to strike a pragmatic
balance between the ideological purity of a blockchain
solution and the commercial need for privacy compliance.
As described in a recently granted U.S. patent, editable
blockchains function in a manner which allows certain
permissioned members to be able to apply hash functions
to existing blocks, to substitute or remove the data
contained in the blocks.32 The hash functions used to
edit the blockchain can be programmed to leave a "scar"
on the edited blocks, enabling all network members to
identify which blocks have been edited.33
If an editable blockchain solution is adopted, then
members must implement well-defined governance rules
that control who can edit the blocks and what situations
allow or require editing of the blockchain. To enable GDPR
compliance, the governance rules should mandate the
editing of blocks that contain personal data when the data
are no longer necessary for the purpose for which they are
processed or when data subjects exercise their rights to
erasure and rectification.
5 - Potential solution: Deletion by "forking"
the blockchain
As a last resort, it is possible to "fork" a blockchain to
remove personal data. To perform a fork of the blockchain,
a majority of nodes on a pre-existing blockchain must
agree to a new set of initial rules, and then update the
software used to run the blockchain so that a majority of
nodes on a blockchain network agree to the new ledger.
As part of these initial conditions, network members can
agree to remove the blocks in the blockchain that contain
personal data. However, this technique requires re-running
the hashes for every subsequent block that built upon any
removed blocks.
It is important to note that network members should set
out what events merit performing a fork of the blockchain
within their governance regime. Further, that governance
regime should also obligate network members to update
the blockchain's software when a fork is conducted,
thereby avoiding contentious forking situations that
could lead to different groups of network members
claiming different branches of a blockchain are the one
true branch. By inserting these requirements into the
governance framework, members can control when and
how the drastic step of forking the blockchain occurs.
32 I GDPR and the Blockchain