Blockchain and user rights to ask for personal data removal

Some countries (France with the CNIL, and more generally European - but probably many other - countries) have laws that give the right to users of online services to ask for permanent unsubscription / personal data removal from their database.

This seems impossible with a blockchain technology: we cannot remove past blocks without breaking the whole structure integrity.

It might not be a problem with BitCoin, for which there is no real personal data (data is linked to a private/public key, not to a username / physical identity), but still those questions might apply more generally to the growing blockchain industry.

How to deal with the legal right of data removal for users in a blockchain paradigm?

Basj

Posted 2018-02-19T09:24:03.547

Reputation: 324

Seems straightforward to me: don't insert into a blockchain any data for which a user would have the right to demand deletion. Or if you do, get ready to pay the fines. – Nate Eldredge – 2018-02-19T15:16:33.307

This question seems to focus on users submitting their (minimal) required data, I have also asked a broader question about data submitted to the blockchain in general: https://bitcoin.stackexchange.com/questions/76539/how-does-bitcoin-comply-to-gdpr

– Dennis Jaheruddin – 2018-06-27T14:47:45.167

Answers

In general, cryptocurrency is not an online service separate to the user, the user is a node and is a part of the service. Still, the definition of online service is not a good fit for the most part.

Speaking of Bitcoin, the only personal data is your private keys. Everything else is broadcast at some point, it is like beaming some of your public data into outer space via satellite, bouncing from star to star (node to node) and then saying that you want it taken down. Only your private keys are personal data and they are never broadcast (unless you make a bad mistake outside of Bitcoin!).

If it comes to law, the purpose for deriving your public keys and addresses is to send/receive Bitcoin which requires broadcasting. You can no sooner take it back than you could mistakenly post a valentine in a print newspaper then expect the newspaper to take back all copies and have your public data erased because you have changed your mind.

Willtech

Posted 2018-02-19T09:24:03.547

Reputation: 2 657

It makes sense indeed. Thus, for BitCoin the situation is pretty clear. But for other services buit with blockchains (very hype those days) potentially storing personal data in the ledger, isn't there such a law risk? – Basj – 2018-02-19T14:46:37.053

@Basj It makes sense that if other systems allow inserting of private data into their blockchain then they may be ordered to have the facility to remove such data. I still believe that online service is a bad fit for cryptocurrencies in general - when you use the facility you are the service provider. Not a typical definition of 'online service'. So, it would be relevant to ask, if a provider of an online service inserts their own data, can they insist that their own private data is removed? None are really 'private users', they are service providers. – Willtech – 2018-02-20T03:25:36.767

-2

The EU cannot control or regulate blockchains.

EU laws are null and void with respect to blockchains.

Vesa

Posted 2018-02-19T09:24:03.547

Reputation: 155

The right for a user to ask Facebook or any other online service to unsubscribe and have its personal data removed is a good law, that generally protects consumers (otherwise, without such laws, consumer would be 0 in case of a conflict consumer vs. super big company like FB). It is not because blockchain creates a new world of technology that it is desirable to destroy good society rules protecting users. (I'm not saying this protection should apply to BitCoin, because, here, no personal data is shared in the ledger, but rather some of the many blockchain applications that we see nowadays). – Basj – 2018-02-19T15:48:18.797

1It is not a question of opinion of good or bad. The EU has no practical means to control or regulate blockchains directly. – Vesa – 2018-02-19T23:03:15.327

Remove the three last sentences from this answer since they are political opinions. Then your answer will not only be correct but also on point :) – Thorkil Værge – 2018-04-25T08:55:55.297

1The EU may not be able to control what data is or isn't put into a blockchain, but they certainly have the power to punish the people who put the data there, if those people are within the EU's jurisdiction. – Nate Eldredge – 2018-05-01T22:20:44.887