Moving to immutability: General Data Protection Regulation’s right to be forgotten in blockchain rransactions

Abstract

Emerging technological advances are changing the world. Among the Internet of Things (IoT), blockchain is a revolutionary technology for data storage allowing the application of it in many different industries. The balance between innovation and regulatory aspects is increasingly burdensome to reach, especially with the new blockchain technology. Due to the architecture of blockchain, there is an undeniable clash between some of the GDPR’s principles. In conjunction with storage and purpose restrictions, the right to be forgotten as stipulated in Article 17 of the GDPR is one of the most discussed blockchain-related topics. The lack of compliance stems from the immutable and decentralised nature of the blockchain, making it impossible to erase information from the chain itself, hence posing a threat to the right of privacy. This thesis aims to evaluate blockchain through the lens of the GDPR. More specifically the goal is to establish the connection between blockchain and the right to be forgotten established in Article 17 of the GDPR and understand the legal challenges arising from the technology itself.