Digital identity, the blockchain and the GDPR: A round peg in a square hole?

Can an immutable record and GDPR data subject rights co-exist? Why blockchain might not be able to deliver on data privacy requirements.

3 blockchain
Getty Images

Sometimes in the tech industry you have to work with opposing needs or even contradictions. Often, we find ourselves in a situation of balancing human nature versus security or legal versus technology. An example of the former is in the area of password policies where you would naturally expect a strong password requires a complex policy. The reality is more complicated. People write complex passwords down, which makes them vulnerable.

This contradiction in terms is where we find ourselves with the blockchain and data privacy. The blockchain creates an irreversible (sometimes public) record of something that seems, on the surface, at least, to contravene the expectations of privacy law.

In the world of digital identity, the idea of self-sovereign identity (SSI) is being floated. SSI, in a nutshell, is a way to use blockchain technology to decentralize digital identity. At the same time, new and improved data privacy legislation is being enacted, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

These regulations have set a high bar for data privacy, and the heady heights of this bar are reached through user choice and control. The question that is being asked is, “Can you accommodate the nuances of data privacy and user control when you create an immutable ledger of identity and data using a blockchain?”

Identity on a blockchain

Before answering the question above, we need to think about what “identity on a blockchain” actually means. Currently, the industry discussion around blockchains and identity is to promote the idea of SSI, but there are other ways of using blockchain to register a digital identity or attribute status (for example).

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.