The GDPR blockchain blind-spot: Regulating data and everything else!


The apparent incompatibility of blockchain technology with General Data Protection Regulation (GDPR), marks the entering the age of post-industrial proactive regulation that some identify with the age of Web 3.0.

On May 25 of this year, the ground-breaking data privacy regulation of GDPR came into effect. While it is an important step in the direction of regarding data not just a resource (“data is the new oil”, anyone?), but something intrinsically linked to its subjects , the regulation falls short spectacularly in capturing the reality it wants to regulate. The conceptualization of data privacy looks different when we factor in the existence of technologies that make every data movement consensual as opposite to unilateral. For example, is a digital picture that I send to you regulated by our consensus or by your unilateral decision to send it to a third party.

Thus, blockchains make it possible for data to never really detach from the person and makes sure the data is always used for a pre-defined purpose. This is the idea behind the [elf-sovereign identity, new trust economy enabled by blockchains.

Without regulators learning the technology behind blockchain, GDPR will only be a victim of its own intent. Once this is changed, not only will blockchains not be blocked by GDPR but effective food safety, carbon cap and trade, and a transparent jewellery supply chain will be regulations that can be effectively enforced, collectively marking the beginning of the era of proactive regulations.