EDPB Releases New Guidelines for GDPR Compliance in Blockchain Technologies
The European Data Protection Board (EDPB) has introduced new guidelines for managing personal data in blockchain technologies, emphasizing GDPR compliance amid rising blockchain use.
The guidelines, effective from April 14, address challenges in aligning blockchain's immutability and decentralization with personal data protection. Key points include:
- Avoid direct storage of personal data on blockchain; recommend off-chain storage with cryptographic protection.
- Utilize techniques like encrypted storage, salted hashes, and cryptographic commitments to safeguard privacy.
- Conduct thorough Data Protection Impact Assessments (DPIAs) before implementing blockchain solutions.
- Document the necessity of using blockchain and detail technical and organizational measures taken.
- Highlight complexities in international transfers involving public blockchains outside the EU, requiring Standard Contractual Clauses for GDPR compliance.
- Reinforce obligations to uphold data subject rights despite blockchain limitations.
The guidelines are currently open for public consultation, aiming to ensure responsible blockchain adoption that respects data protection rights.
Recent Scrutiny of Crypto Companies
Several cryptocurrency firms have faced legal challenges related to GDPR violations:
- Worldcoin (2024): Temporarily banned in Spain due to concerns over user information and consent mechanisms.
- Crypto.com (2022): Experienced a security breach affecting user accounts, raising GDPR compliance concerns.
- Stake.com (2024): Users reported issues with exercising their GDPR rights, indicating potential non-compliance.