r/europrivacy • u/Electrical_Mine1912 • 7h ago
Discussion How does GDPR handle immutable blockchain data?
One thing I’ve never fully understood is how GDPR rights like “right to be forgotten” work with blockchain systems.
If data is written to a public ledger, it’s practically immutable. So:
Is hashing personal data enough to comply?
Are most “GDPR-compliant blockchain” systems just avoiding storing personal data entirely?
Has there been any real legal precedent in the EU?
Would love insights from anyone working in compliance or legal tech.
3
u/fane1967 4h ago
How does GDPR purpose limitation principle handle AI model training using personal data?
Answer: Not well.
1
u/Constant_Natural3304 1h ago
You said it. Data. The "right to be forgotten" would apply to a site publishing a link between the wallet address and the actual name. Not the blockchain.
If you need actual legal consultancy, you could hire a European IT legal expert who can explain this in a more American context, perhaps?
3
u/Maxstate90 4h ago
I haven't looked into 3, but if by hash you mean that the pii is anonymized without possibility of identification then yes.
I don't understand the problem with 2 but it might be my lack of comprehension of the technology - that something is stored in an immutable ledger isn't really the issue for the gdpr, rather who has access to that stored data. So can you paint me a situation in which you envision a problem?