As more personal data is stored and transferred online, it’s reassuring that regulators are taking steps to enhance consumer privacy. However, these privacy laws – such as the "right to be forgotten" or the ability to query what data companies hold about you – might conflict with the decentralized web that blockchain technology is creating, often referred to as Web3.

Blockchain’s fundamental advantages come from being open, transparent, and immutable. Unlike traditional, centralized systems, blockchain-based applications are designed with a different approach, which presents a challenge when complying with privacy laws that were written with the older web in mind.

A key question remains: can blockchain technology evolve to meet modern digital privacy regulations without losing the very features that make it unique and valuable? This is particularly relevant for the most significant privacy law in place today, the European Union's General Data Protection Regulation (GDPR).

Overview of Europe’s GDPR

The GDPR is one of the most comprehensive privacy frameworks in the world. It governs how companies use individuals' personal data across various industries within the European Union (EU), even if the businesses themselves are based outside the EU. Under GDPR, companies must handle private information responsibly, which ranges from a person's online search history to their social media interactions.

GDPR operates under the principle of privacy by design, meaning that user privacy must be considered during the development of any product or service, and it has far-reaching implications for blockchain, where data is generally stored in a public and immutable manner. The challenge for blockchain developers is to balance the need for transparency with the requirement to minimize personal data collection.

GDPR Section 3 Articles 16-17: Right to Data Rectification and Erasure

Article 17 of the GDPR outlines an individual’s right to request the deletion of their personal data, while Article 16 grants users the right to correct inaccurate data. These rights are at odds with blockchain’s core principle of immutability, where data, once written, cannot easily be changed or deleted.

One possible solution is for blockchain projects to store sensitive data off-chain while using cryptographic methods, such as hashing, for on-chain verification. This allows for data rectification and erasure without compromising the integrity of the blockchain.

GDPR Article 15: Right of Access

Under Article 15 of GDPR, users have the right to access their personal data held by a company and ensure that only necessary information is collected. This could conflict with the design of public blockchains, which allow anyone to view data stored on the ledger without restrictions on who can access it or how often.

To reconcile these differences, developers are turning to technologies like zero-knowledge proofs (zk-proofs) and multi-party computation (MPC). These tools enable data to remain verifiable on-chain without being directly linked to an individual’s identity, thereby offering a solution to blockchain’s transparency issues while respecting privacy laws.

GDPR Chapter 4: Data Controllers and Processors

One of the most significant challenges blockchain faces under GDPR is the requirement to identify a specific data controller—the party responsible for ensuring compliance with data protection laws. Since blockchain is decentralized, it’s nearly impossible to pinpoint a single entity responsible for the data stored on the network.

Decentralized Autonomous Organizations (DAOs), which operate without a centralized authority, complicate matters further. While some DAOs may register as legal entities, it’s unlikely that all decentralized projects will have a clear legal entity to hold accountable for every action that occurs on the network.

To mitigate risks, crypto projects may need to adopt stricter KYC (Know Your Customer) and AML (Anti-Money Laundering) policies, reducing the likelihood of malicious activity that could expose the entire network to legal issues.

Telcoin’s Approach to Privacy

Telcoin is committed to minimizing the collection of personally identifiable data and only gathers what is essential to provide services and operate its business. This includes information collected through its platforms, during registration, and in communications with users. Telcoin’s policy also ensures users have the right to:

• Access their personal data
• Request the deletion of their data
• Request that their data be transferred to another service in a portable format