One of the originally envisioned benefits of blockchain technology was its ability to conduct publicly reviewable transactions that retained a user’s anonymity.  In actually, blockchains only provide pseudonymity (the ability conduct transactions under an alias) rather than true anonymity, but even the promise of this lesser form of anonymity provides the potential for enhanced privacy.

An unanticipated consequence of pseudonymity, however, is that the immutable records stored on a blockchain can be tracked and in many circumstances, the identity of transaction parties can be discovered.  Furthermore, because the strongest benefit of blockchains arises from the immutability of the transaction log it maintains, it appears to run afoul of a new raft of privacy regulations that demand that those keeping records of other peoples’ activities afford those other people The Right To Be Forgotten, aka The Right To Erasure. That is, that once a person transacts on the blockchain, the record of their activity is permanent an cannot be erased.

The immediate legal implications of this dilemma have not caused problems with early blockchains.  While blockchains such as Bitcoin and Ethereum may run afoul of the legal requirements of a growing number of privacy laws including the EU’s General Data Protection Regulation, the California Consumer Privacy Act (CCPA), the California DELETE Act, the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA), they have been spared legal repercussions because there is no clear “owner” of these distributed datastore that could be held liable for their inability to comply.

Blockchain is a technology, not just a few popular implementations.  And as that technology spreads, the possibility of having a determinable owner or group of owners for “private” blockchains may subject them to liability.  In fact, some developers may have shied away from using blockchain technology to avoid the dilemma of having a consumer request “erasure” of their records from the “immutable” blockchain.

At one time, one of the leading global accounting/consulting firms announced that they had developed a mutable blockchain.  The notion of a mutable blockchain was antithetical and the concept was never implemented.  But what if there could be a way to maintain an immutable transaction record AND enable  consumers with the ability to have their data expunged.  While this sounds impossible at first blush, there is at least one technique that can enable the removal of personal data without compromising the integrity of the blockchain:  versioning.

We developed just such a solution.  Here is how it works:

Addressing the Conflict Between Blockchain and GDPR Article 17