Going Dutch: New partnership claims GDPR compliant blockchain

Two Dutch blockchain companies, LTO Network and V-ID, have entered into a partnership this week, and announced what they claim is a GDPR-compliant blockchain solution for companies and governments.

One of the stipulations of Europe’s General Data Protection Regulation (GDPR) – cast into UK law under the Data Protection Act 2018 – is that data subjects can request the permanent erasure of their personal data, under the Right to be Forgotten. This has long been seen as a challenge to blockchain-based systems, as data stored on them cannot be changed or deleted without invalidating the blockchain as a distributed ledger of agreed transactions. As a result, blockchain and GDPR have long been seen as incompatible.

The European Commission recently launched an exploration of specific legislation for GDPR-compliant blockchain applications. In that context, CMS, LTO Network and V-ID came together with lawyers, technicians, consultants and use case experts to design a compliant framework.

According to an announcement from the companies this morning, LTO Network’s blockchain platform solves the regulatory compliance problem by means of the decentralised stamping of data as proof of its existence at a certain moment. In this way, the confirmation data, and not the data object itself, is stored on the public blockchain, and can only be accessed by “the owner of a certain type of password”.

Previous attempts at GDPR compliance in blockchain solutions have been open to the objection that the continued existence of a subject’s data could be inferred from data hashes, even if the data itself is no longer accessible (meaning that it had not been permanently destroyed, as stipulated by GDPR).

According to an announcement from the companies this morning, the blockchain solution from LTO Network is already in production at the Ministry of Infrastructure and Water Management, SignRequest and CMS Law & Tax.

On its side in the partnership, V-ID has developed a platform to authenticate digital files. After validation, a recipient can check the authenticity of the file within five seconds, claims the announcement, making it possible to “share digital documents freely, without the risk of unlawful manipulation on the way to the receiver”.

V-ID’s customers include Airbus Space & Defence, Krohne, BaanVelgen, and JWC Superyachts.

Nonetheless, a continuing ‘big picture’ objection to blockchain and distributed ledger-based systems is that they replace trust with complexity, not to mention with power-hungry processing that, in many cases, pushes energy costs onto networks’ participants. This complexity may make certain types of fraud harder, not easier, to detect.

Despite these challenges, the technology has been widely adopted within the banking and financial services sector to date, often as a means to track and authenticate cross-border payments via the transfer of digital tokens and the storing of the proof-of- transaction data on distributed ledgers.