Blockchain Can Both Enhance and Undermine Compliance but Is Not Inherently at Odds with EU Privacy Laws

Journal of Investment Compliance

14 Apr 2021

Despite the fact that blockchain technology (BC) is not yet widely deployed, we have already seen quite some publications about the data protection issues raised by BC. Initially, these publications touted the promise of BC increasing privacy protection by, e.g. facilitating decentralized identity management and allowing the sharing of data with trusted third parties only (Mainelli, 2017; Zyskind et al., 2015; Sater, 2017; Connor-Green, 2017; Tobin and Reed, 2017). In a second wave of publications, we saw a more in-depth discussion of the data protection issues raised by this new technology, generally concluding that public BC features are “on a collision course” and “profoundly incompatible at a conceptual level” with the EU General Data Protection Regulation (GDPR). Indeed, the current conception amongst industry stakeholders is that BC is not compatible with the GDPR, resulting in a call [4] for urgent revision already right after the GDPR came into force. The concerns are fed by public statements of Jan-Philipp Albrecht (the MEP responsible for coordinating the Parliament’s input for the GDPR), that BC “probably cannot be used for the processing of personal data” and the CNIL cautioning in its guidelines [5] that public BC may not be the most appropriate technology for processing of personal data and that priority should be given to other processing solutions that can achieve the same purpose. As the same results can currently always be achieved with another solution, this is a difficult standard to meet.

Read the full article.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.