I contributed to an insightful piece at Bloomberg Law on how EU’s “Right to be forgotten” clashes with the intricate and private nature of Blockchain technology.
I posit that chain analysis companies already profile cryptocurrency wallets based on public blockchain data and that even though data can be anonymized, it can be pseudonymized, it can be hashed, and so on, there are always ways to recover them using advance tracing and analytics techniques. In that sense, it is always possible to penetrate the veil.
The article argues that there are some areas that need further theorizing to mesh with privacy regulations, like blockchain’s rejection of centralized authorities that control data flows. Blockchain’s fixed nature also could pose a challenge for modifying or deleting personal data. Under Europe’s GDPR, even encrypted data that can only be linked to a digital wallet counts as personal data because of the potential to identify wallet holders.
Regardless of the analytical traces of blockchain, we should also consider the impact on decentralized identity, since this kind of identity architecture is premised on people’s ability to navigate their set of cryptographic keys. Digital ID puts a lot of ownership on the citizen, who would have to manage actively their credentials to ensure they don’t fall into the wrong hands.