The Center for Global Enterprise (CGE), a non-profit research institution and law firms Slaughter and May and Cravath, Swaine & Moore, have released research that provides a framework for creating Blockchain solutions that comply with European Union privacy law.

March of the blocks

The pioneering report counters views it is not possible to implement Blockchain solutions that are compliant with the EU’s recently enacted general data protection regulation (GDPR). Entitled ‘March of the Blocks: GDPR and the Blockchain,’ researchers examine a real world use-case developed by Marine Transport International (a UK-based digital logistics firm) to offer practical solutions to the key issues the GDPR poses to Blockchain implementers. The report explains blockchain technology has advanced tremendously over the past decade, and provides unique capability, beyond that provided by traditional databases, for cross-enterprise transformation. While proper workflow selection remains the single most important element for a successful blockchain deployment, the GDPR poses significant compliance hurdles to the ongoing development of Blockchain-based solutions that involve storing and transacting data about individuals. David Kappos, a partner at Cravath, Swaine & Moore, said ‘our goal is to explain how the GDPR is not an insurmountable barrier, instead, a carefully designed blockchain can work in tandem with GDPR to produce a more secure system for commercial activities that respects the letter and spirit of GDPR’s commitment to the privacy rights of individuals.’

Call for clarity

The report acknowledges and identifies some of these hurdles, such as the right under the GDPR to have one’s personal data deleted or corrected, which sit at odds with the very concept of an immutable Blockchain. It also calls on regulatory authorities and lawmakers to provide clear guidance on the interaction between Blockchain and data protection legislation, so that the development of innovative Blockchain solutions is not prevented by any ongoing legal uncertainty. The authors recognise that not all of the Blockchain challenges posed by the GDPR and other privacy regimes can currently be bridged. However, they feel that the gap left by those challenges is relatively small.  Critically, the fundamental freedoms forming the policy behind such privacy laws can be maintained and protected, but only with the help of a pragmatic approach by lawmakers and regulators alike. Rob Sumroy, a partner at Slaughter and May, said ‘we call on regulators to help bridge any gaps with clear and pragmatic guidance for Blockchain entrepreneurs.’