Blockchain – data protection asset or risk?

To reach its full potential as a technology of the future, blockchain must comply with data protection standards.

Blockchain and data protection can be reconciled.
Image: © Maksym Yemelyanov / AdobeStock

What is blockchain?

Blockchain is one of the most promising technologies for shaping future digital life. Built on immutable data blocks that are strung together, blockchain technology is currently mainly being used to securely document transfers and as proof of authenticity of digital assets such as NFTs and cryptocurrencies. The linking of the blocks makes the data contained in them tamperproof (theoretically). However, there have been numerous cases in the past where this technology has also been used to trick users online, often resulting in their invested money being stolen. Since fraudsters take advantage of the fact that blockchain is completely anonymized and pseudonymized, the investigating authorities are not able to identify the individuals behind the transactions.

In another story, we explain in greater detail how blockchain, the metaverse, and NFTs tie in together.

How is data protected on the blockchain?

Experts all agree that the wide range of applications opened up by blockchain technology offers enormous potential for Web3, the Internet’s next stage of evolution. However, high data protection standards have to be met at the same time, especially in the EU due to its General Data Protection Regulation (GDPR). European companies in particular, but also businesses in other parts of the world, have recognized the economic significance of data protection in recent years, given that it is extremely important to customers and can therefore make all the difference when competing on an international scale. In addition to building customers’ trust in your brand, a pragmatic benefit of complying with data protection legislation is that you avoid being fined.

Companies wanting to further develop and use blockchain technology must meet legal data protection standards. But how can blockchain and data protection be reconciled, and what problems can arise in this context? We asked the data protection experts at caralegal. The legal tech company develops data protection management software for companies to efficiently implement the requirements of the GDPR and also addresses the topic of blockchain in the process. Its co-founder and COO Dennis Kurpierz was on hand to answer our questions.

Dennis Kurpierz is co-founder and COO of caralegal

Is blockchain technology a blessing or curse for data protection?

Dennis Kurpierz: “There is no clear answer to that because it depends on how the technology is implemented and used. Generally, blockchain comes with both opportunities and risks for data protection. Since it is based on decentralized networks where data is stored on different computers, it is especially difficult for external parties to access or tamper with the data. A change in one block would affect all subsequent blocks and would therefore never go unnoticed.

What’s interesting from a data protection perspective is that the technology has the potential to strengthen trust in data processing because transactions are transparently and immutably recorded in a blockchain. That could benefit industries that work with sensitive data, for example financial services and supply chains.”

What problems can blockchain pose in terms of data protection?

Dennis Kurpierz: “The immutability of the data is not just an opportunity to build trust, it also presents data protection risks because it cannot be changed or deleted. That becomes a real problem when personal data has been stored by mistake or illegally. These errors can then only be rectified with a great deal of effort, if at all. That is especially problematic, given that the EU’s GDPR prescribes a very high level of protection as well as erasure options for personal data.

It should also be considered that while blockchain is regarded as extremely secure, systems built on this technology can still be attacked, leaving the data contained in them exposed to unauthorized access. For example, if an attacker gets their hands on a private digital key or exploits potential weaknesses in how blockchain has been implemented, they may be able to view sensitive data.”

Blockchain: a forward-looking technology with relevance to data protection

Blockchain and data protection – it’s clear that this issue will be a dominant factor for companies and users in the coming years. Against the backdrop of the GDPR, blockchain isn’t an ideal solution because it doesn’t allow for the practical implementation of the right to erasure. However, you only have to consider how complicated the criminal prosecution procedure is to appreciate that the technology offers complete anonymization and pseudonymization and can therefore effectively protect individuals and their data. With that in mind, blockchain is a double-edged sword when it comes to data protection.

Data protection in business is a sensitive issue that has gained momentum in recent years and will become increasingly important in the current and future data-driven era. You should therefore think carefully about the types of data your company implements blockchain technology for. When used appropriately though, it can set new standards with regard to functionality and data security, so it shouldn’t be disregarded, but instead leveraged to boost your growth and innovativeness.