Data Processing Inside & Outside of the EU, and the Role of Blockchain

Data Processing Inside the EU

In the EU, all companies must operate following GDPR requirements. The EU's General Data Protection Regulation is the strongest privacy and security law in the world, putting control back into the user's hands by ensuring they provide clear consent to data processing, while maintaining the rights to revoke consent and to be forgotten. When it comes to how the data processor and controller must work together, the EU requires them to implement a contract where the intentions to process personal data are recorded, ensuring that both parties are restricted from sharing data without consent. Non-EU companies like Meta have had to add additional compliance measures, and the European Data Protection Board has imposed bans when companies inappropriately used legal bases for behavioural advertising.

The GDPR governs how the personal data of individuals in the EU may be processed and transferred and is the strongest privacy and security law in the world. -- European Commission

Data Processing Outside of the EU

EU regulations apply to both organisations inside its jurisdiction and companies outside that process the personal data of EU citizens and residents. Non-EU organisations must appoint a Data Protection Officer inside the EU and ensure that citizens understand what they are consenting to. When data is transferred outside the EU, all GDPR requirements remain in place, with the EU deeming certain non-EU data protection laws sufficient. The EU-US Data Privacy Framework allows data transfers without additional safeguarding measures, including provisions limiting access for US intelligence services and establishing a Data Protection Review Court for complaints from EU citizens.

An adequate protection of our personal data is a fundamental right, and one whose importance only continues to grow in our day-to-day lives. -- Vera Jourova, Vice-President for Values and Transparency, European Commission

Blockchain & Data Processing

While blockchain can be an extraordinary tool for organising and managing data, there are key challenges with the EU's data processing regulations. One concern is that the GDPR requires a clear data controller and data processor, whereas blockchain is inherently decentralised. Other concerns relate to the right to be forgotten and the right to correct, since blockchains are immutable. However, blockchain can offer enhanced security, privacy, and transparency -- allowing users to see who accesses their data, when, and for what purpose. mintBlue's partnership with NoWatch demonstrates how health data collected by smart watches can be owned directly by the user rather than large companies.

Conclusion

Blockchain often provides a relatively clear and simple tool to help navigate data requirements and international policies. The topic of data processing underscores where things can be more complicated -- but that doesn't mean it doesn't offer significant value, it just means more problem-solving is needed to integrate it in a meaningful way. Blockchain has the ability to transform the data world, and it feels like society is pushing back against big companies processing their data. It's encouraging to see government policy supporting that instinct.