The Center for Global Enterprise (CGE), a non-profit research institution and leading international law firms Slaughter and May and Cravath, Swaine & Moore LLP, today released research that provides a framework for creating Blockchain solutions that comply with European Union privacy law. The pioneering report counters commonly held views that it is not possible to implement Blockchain solutions that are compliant with the EU’s recently enacted General Data Protection Regulation (GDPR).
March of the Blocks: GDPR and the Blockchain is a joint law firm report, commissioned by CGE, which evaluates the challenges posed to the implementation of Blockchain solutions by the EU GDPR privacy regulation. The report examines a real?world use-case developed by Marine Transport International (a UK-based digital logistics firm) to offer practical solutions to the key issues the GDPR poses to Blockchain implementers.
This report recognises that Blockchain technology has advanced tremendously over the past decade, and provides unique capability, beyond that provided by traditional databases, for cross-enterprise transformation. While proper workflow selection remains the single most important element for a successful blockchain deployment, the EU’s General Data Protection Regulation (GDPR) poses significant compliance hurdles to the ongoing development of Blockchain-based solutions that involve storing and transacting data about individuals.
March of the Blocks acknowledges and identifies some of these hurdles, such as the right under the GDPR to have one’s personal data deleted or corrected, which sit at odds with the very concept of an immutable Blockchain. It also calls on regulatory authorities and lawmakers to provide clear guidance on the interaction between Blockchain and data protection legislation, so that the development of innovative Blockchain solutions is not prevented by any ongoing legal uncertainty.
The authors recognise that not all of the Blockchain challenges posed by the GDPR and other privacy regimes can currently be bridged. However, they feel that the gap left by those challenges is relatively small. Critically, the fundamental freedoms forming the policy behind such privacy laws can be maintained and protected, but only with the help of a pragmatic approach by lawmakers and regulators alike.
March of the Blocks calls on regulatory authorities and technology providers to take any reasonable remaining steps necessary to address the outstanding privacy challenges posed by Blockchain. If these steps are not taken, there is a risk of a stall in (or even end to) investments into Blockchain companies who are developing solutions that could, in the long run, benefit the world as a whole.
Christopher Caine, president at The Center for Global Enterprise:
“We firmly believe that blockchain is an important business transformation technology that provides significant benefits when properly deployed. If we can help people achieve demonstrable Blockchain outcomes while navigating the integration with GDPR, then we will enable this revolutionary technology to achieve its full potential.”
Rob Sumroy, a partner at Slaughter and May:
“A lot has been written about the problems and challenges posed by GDPR on Blockchain technology. We were delighted to be asked by CGE to approach this question from the other end of the telescope: what are the few areas of GDPR that remain to be bridged? The gap is small – the aim of GDPR is to protect the rights of individuals, not to block good commercial activities that respect those individuals’ rights. We call on regulators to help bridge any gaps with clear and pragmatic guidance for Blockchain entrepreneurs. It has been an immense pleasure producing this report with our colleagues at Cravath, Swaine & Moore LLP.”
David Kappos, a partner at Cravath, Swaine & Moore:
“Blockchain holds transformational power if implemented in a way that unlocks its full potential. Our goal is to explain how the GDPR is not an insurmountable barrier – instead, a carefully designed blockchain can work in tandem with GDPR to produce a more secure system for commercial activities that respects the letter and spirit of GDPR’s commitment to the privacy rights of individuals. We’re proud to present this report following our collaboration with the team from Slaughter and May.”
The Center for Global Enterprise (CGE) is a nonprofit, nonpartisan research institution devoted to the study of global management best practices, the contemporary corporation, and economic integration. CGE’s Digital Supply Chain Institute (DSCI) a leading-edge research institute, is focused on the evolution of enterprise supply chains in the digital economy and the creation and practical application of supply chain management best practices. Over the past two years, Blockchain has been a major focus of our applied research with the Institute members.
Cravath, Swaine & Moore and Slaughter and May are widely recognised as two of the world’s leading law firms. They bring legal expertise and renowned business judgment to a range of matters involving the rapidly evolving landscapes of emerging technology, artificial intelligence, data protection and privacy, blockchain and e-commerce.
CGE: Ira Sager, [email protected] , +1.516.286.2567
Slaughter and May: Ben Girdlestone [email protected] +44 (0)20 7090 3421
Cravath, Swaine & Moore: Naren Daniel, [email protected], +1.212.474.3417