The third event of the Blockchain Open Lab in the new digital format will be hosted by Francesco Montesi. Moderator of the session, Jacopo Montigiani, accompanied by Duccio Micela.
The main critical issues related to the application of the Data Protection Regulation (GDPR) with reference to blockchain technology were discussed. If, on the one hand, the concept of blockchain, is synonymous with security and certainty of transactions, as well as the succession of time and the immutability of the data contained, on the other hand, it would appear to conflict with certain rights guaranteed by the GDPR to data subjects.
Reasons for criticism are represented by some rights of the person concerned:
- Right of access to data
- Right to rectification of data
- Right to oblivion, that is to the cancellation of the same.
L ‘Avv. Montesi explained that, while awaiting a necessary regulatory intervention to regulate just some aspects of the privacy related to the blockchain, the exercise of the right to ‘oblivion can be guaranteed, especially through the anonymization of data, a practice which does not make the latter attributable to identified or identifiable persons. Although it is therefore not possible to delete the data from blockchain, the right to delete them can still be protected.
It is possible, although difficult, especially within open blockchain also the identification of privacy actors (Owner, Manager, etc.), just as the prior assessment which the controller or the controllers must carry out regarding the balancing of interests, that is, the legitimacy of using blockchain technology for the processing of certain data, is crucial (privacy by design and by default).
Although characterized by properties that are difficult to adapt to certain requirements of the GDPR, the blockchain respects the appropriate security measures to protect data, rights and freedoms of data subjects. This is possible through the use of pseudonymization techniques, that is techniques that increase the impossibility of assigning personal data to a specific data subject without the use of additional information, and encryption, techniques that favor the denial of data itself without access credentials.