The right to be forgotten has its origins in a Spanish case where a person whose debts were rescheduled wanted his past to be hidden in Google. A few iterations later it now is incorporated with 2018’s GDPR, which gives everyone the right to have his or her data deleted, barring a few exceptions.
The privacy movement, which culminated into the GDPR, seems however irreconcilable with the arrival of blockchain technology. As a quick, oversimplified recap of blockchain technology: it is open, distributed ledger of which the data is verifiable and permanent.
That permanent nature which blockchain implies seems conflicting with GDPR’s right to be forgotten. Although encrypted identifiers can be stored in the blockchain, so one’s privacy can be secured, this will not always be considered (Juskalian, 2018).
This poses the problem that whenever sensitive personal data will be stored on a blockchain this can very likely never be undone. Knowledge of your address, social security number and bank account, among other things, can for example quite possible become public domain. In this “worst case scenario” there is no real solution in some countries where your social security number cannot be changed. This means that for the rest of your life your identity can be misused by anyone with access to the specific blockchain.
One can see that this poses a real problem when one of a human’s basic rights should be control over their own personal data. Blockchain technology implicitly disables you of invoking that right.
The third variable in this “triangle of doom” is your data itself. What is the nature of it, how can specific data be used and whom do you trust it to. For example, in the Netherlands social security numbers found their origin as a secret code of a trusting relationship between state and subject in the 80’s (Sociale zekerheidsstelsel, date unknown). However the times have changed; not only was this before the mainstream use of the internet but since then your social security number is required for a wide range of uses, ranging from banks to magazine subscriptions. By questioning what we deem as personal data and for what it can be used, steps in the right direction can very likely be made as well.
But one thing is for sure: one of the challenges of the 21st century will be reconciling privacy and trustworthy permanent data, so all human rights can upheld whilst our data is reliable and unchangeable.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016)
https://www.socialezekerheidsstelsel.nl/id/vk9roac9d1wc/sociaal_fiscaal_nummer
Juskalian, R., (2018) Inside the Jordan refugee camp that runs on blockchain. MIT Technology Review. Retrieved from: https://www.technologyreview.com/s/610806/inside-the-jordan-refugee-camp-that-runs-on-blockchain/, Accessed on 15 October 2018.
Author and date unknown: Sociaal Fiscaal nummer. Sociale Zekerheidsstelsel Retrieved from https://www.socialezekerheidsstelsel.nl/id/vk9roac9d1wc/sociaal_fiscaal_nummer, Accessed on 15 October 2018.
Dear Willem,
Thank you for your blogpost. I agree with the fact that data privacy is very important, and that current technological innovations are sometimes breaking this privacy. However, some applications of the Blockchain Technology are also focussed on improving the privacy aspect, having customers’ data being more protected. Finding the balance between technological innovations and privacy rules will undoubtably be one of the biggest challenges that we have to face. I believe there will be Blockchain applications that do satisfy the new privacy movement including GDPR, which won’t be used for managing personal data.
What is your opinion on this?
Scott van der Wel