Can Personal Data on the Blockchain Be Forgotten? European Data Protection Board Releases Guidelines on Blockchain Data Processing, Collaborating with the AI Office to Promote New Regulations
Featured 

Can Personal Data on the Blockchain Be Forgotten? European Data Protection Board Releases Guidelines on Blockchain Data Processing, Collaborating with the AI Office to Promote New Regulations

Facing the Rapid Development of Blockchain and Artificial Intelligence (AI) Technologies

In light of the rapid advancements in blockchain and artificial intelligence (AI) technologies, the European Data Protection Board (EDPB) took action during its plenary meeting in April 2025, issuing new guidelines for the processing of personal data using blockchain technology. It also announced a collaboration with the AI Office to develop guidelines on the interaction between AI legislation and EU data protection laws.

Compliance with GDPR: New Guidelines for Blockchain Data Processing Officially Launched

Blockchain, as a decentralized digital ledger technology, can verify transactions and prove ownership of digital assets (such as cryptocurrencies) at a specific point in time. It is also commonly used to securely manage and transmit data, ensuring data integrity and traceability.

As blockchain applications become increasingly widespread, the EDPB recognizes the necessity of assisting organizations that utilize this technology to ensure compliance with the General Data Protection Regulation (GDPR). The new guidelines provide an in-depth analysis of how blockchain operates, various architectural forms, and the implications of these designs on personal data processing.

Data Protection Must Be Considered from the Design Stage

The EDPB emphasizes the need to introduce appropriate technical and organizational measures at the early stages of data processing design to prevent future data protection issues. Additionally, organizations should clarify the roles and responsibilities of all parties involved in the data processing workflow when designing blockchain processing procedures.

If the processing of personal data via blockchain poses a high risk to individuals’ rights and freedoms, organizations must conduct a Data Protection Impact Assessment (DPIA) in advance to proactively identify and mitigate potential risks.

Minimizing the Risk of Personal Data Breaches is Paramount

According to the guidelines, organizations must ensure that personal data on the blockchain is afforded the highest level of protection, avoiding default settings that expose data to unrestricted access.

The EDPB also provides various examples of data minimization techniques to illustrate how to properly handle and store personal data. In principle, if storing personal data on blockchain conflicts with data protection principles, it should be avoided whenever possible.

Furthermore, the guidelines specifically emphasize the importance of ensuring individuals’ data transparency, the right to data rectification, and the right to erasure, as these fundamental rights are particularly susceptible to neglect within blockchain architecture and thus require additional attention.

Poor Design May Necessitate Deletion of the Entire Chain?

The guidelines state that personal data must be deleted once the processing purpose has been achieved and after any statutory retention period has expired, in compliance with the storage limitation principle. After the statutory retention period has expired, personal data must be deleted to adhere to the storage limitation principle.

In a blockchain context, deleting individual data can be challenging and requires specially designed structures. If deletion functionality is not considered during the design phase, it may necessitate the implementation of unique engineering architectures, possibly requiring the deletion of the entire blockchain.

If the compliance design of on-chain and off-chain data has been considered, and data protection has been factored into the design, it may be possible to prevent future identification of data subjects through the deletion of off-chain data, depending on the specific method chosen and the particular circumstances. Regardless of the chosen storage limitation method, compliance must be ensured. If it becomes necessary to delete part of the blockchain, including removing nodes or any copies held by other parties, controllers should ensure that adequate technical and organizational measures are in place to execute this.

Public Consultation Open Until Early June

This blockchain data processing guideline is currently open for public consultation, with a deadline of June 9, 2025. The EDPB invites all stakeholders to provide feedback to ensure that the final version better aligns with practical needs.

EDPB Collaborates with AI Office to Establish New AI Regulations

In addition to issuing new guidelines for blockchain technology, the EDPB announced during this plenary meeting its intention to work closely with the recently established AI Office to collaboratively draft guidelines bridging AI cases with existing data protection regulations. As AI applications continue to expand, this cross-disciplinary cooperation document will become an important reference for businesses and developers.

Risk Warning

Investing in cryptocurrencies carries a high level of risk, with prices potentially experiencing significant volatility, and you may lose your entire principal. Please assess the risks carefully.

You May Also Like

Music Festival Pay Later: Nearly 60% of Coachella Attendees Opt for Installment Payment Plans

Music Festival Pay Later: Nearly 60% of Coachella Attendees Opt for Installment Payment Plans

Will MicroStrategy's Preferred Stock STRF, Issued at a Discount of $85, Attract Retail Investors with a 10% High Yield?

Will MicroStrategy’s Preferred Stock STRF, Issued at a Discount of $85, Attract Retail Investors with a 10% High Yield?

FTX Utilizes $11.4 Billion on May 30 to Repay Institutional Creditors and Other Debtors, Delays in Repayment Progress Due to Debts and KYC Disputes

FTX Utilizes $11.4 Billion on May 30 to Repay Institutional Creditors and Other Debtors, Delays in Repayment Progress Due to Debts and KYC Disputes

Leave a Reply

Your email address will not be published. Required fields are marked *