GDPR & Blockchain

General Data Protection Regulation & Blockchain

Let’s not fool ourselves, the cryptocurrency wave has rolled back. Just like the 2000 web FOMO, this winter was a 10X in valuation coming from no real use of the technology. We even had scams (bitconnect) and completely outrageous projects like ICO for my aquarium…

Limiting the blockchain technology to cryptocurrencies is just like limiting the internet to email. When the internet was very slow, as the blockchain is today, no one imagined what smartphones and high speed would bring… Things like Uber or Facebook or even video chat platforms. As a technology of consensus, blockchain has a lot to bring to law, administration and regulation. If “Law becomes Code”, blockchain will enforce it. GDPR, as the new European data regulation, is a perfect example of such a match between regulation, cryptography, and decentralized technology.

GDPR and Blockchain

The total market cap of personal data is around 300 billion dollars. Where do people share their data, in what quantity, and what kind of data do they share? And, most importantly, why do people give away their data without expecting any kind of reward?

The GDPR is based on three main aspects: data storage, flow, and control. The only concrete way to effectively manage these three aspects while complying with legislation is to set up a Blockchain platform strictly dedicated to the storage, control and transfer of data in a secure way. When analyzing the solutions offered by the market today, most deal with only one or two aspects at maximum. The law makes it very clear that users can and should have full control of their data and even goes so far as to grant them the possibility of being compensated for their personal data with several possible options.
Thus, the question arises: why not propose a solution that takes into account the three aforementioned aspects and that would allow companies to comply with the GDPR while continuing to draw a benefit from the data they collect?

At this point it’s clear- users should be paid for their data. This GDPR specificity can be accomplished by a “win-win” logic strategy where companies could advertise with a more precise orientation through consent…  This would no longer be in a “binary form” but would have diverse options. Our use of “binary form” refers to when websites today ask you to agree on their terms if you want to use their services. If you don’t agree you can’t use their services. That is a “numerical kidnaping” totally forbidden by the GDPR regulation. It is specifically articulated that you should have several options to choose from regarding what data you want to give away and what data you refuse to give.  Such a scenario can only technically exist through a Blockchain and more precisely through Smart Contracts in order to manage the storage and traceability of data as well as the remuneration of the various protagonists. These could be paid in fiat-currencies or in crypto-currencies exchangeable at any time for real currency. The interest of such a transaction is that these currencies, regarded as speculative assets rather than really usable money, would henceforth have a real use case. As an example, the startup encontrole is developing this model


In addition, this would provide a real response to the GDPR regulation insofar as the interests of the user will be protected and the user will have the choice to cash her/his data or not. On the other hand, companies will also be able to continue to make their customers’ data profitable in full transparency and in full compliance. The solutions proposed today, in addition to being very expensive on account of legal fees, only bypass the GDPR legislation by proposing outdated and groundless measures (shortening of the general conditions of use, recourse to anonymity by separating databases, etc). However, the power remains in the hands of the user because the user, once well-informed and fully aware of the value of her/his data, can work to assert her/his rights and contribute to a fair and sustainable application of GDPR.

Written by: Rafik Kheffache

Leave a Reply

Your email address will not be published. Required fields are marked *