By Staff Writer
The question of whether storing data on blockchains would violate India’s new Personal Data Protection Bill (2018), which was submitted to the Ministry of Electronics and Information Technology in July, is a valid one. Lawyers believe blockchains – especially, permissioned blockchains- could actually help Indian corporates comply with the new data privacy rules that follow the spirit of EU’s General Data Protection Rule (GDPR) that went into effect in May.
“If the personal data is stored on a blockchain network, there should not be any additional challenges as a permission-based blockchain network will ensure anonymity of the participant and can have a built-in consent mechanism,” wrote advocates Ashraya Rao and Shivam Arora, in an opinion piece for ET. Both Rao and Arora are Associates at Khaitan & Co, a leading law firm in India.
The two further argues that Indian corporates should consider implementing blockchain technology in order to help comply with store data on cloud technology without violating the new privacy rules.
The bill maintains that at least one copy of the data is maintained on a server or data center in India. Moreover, personal data, identified as critical by the central government, has to be mandatorily processed by a server or data center located in India.
“Blockchain technology ensures that the data is stored by all the participants on the relevant network,” the lawyers wrote. “However, the question that remains is whether these requirements are satisfied if a participant resident in India is part of the relevant network.”
There are other transparency and security safeguards including that the person in charge of data has the obligation to ensure the privacy of the data from the point of collection to the point of deletion of personal data.
“Prima facie, none of these requirements seem to be compromised if such personal data is stored and processed using blockchain technology. Moreover, blockchain technology, with its usage of cryptographic hash functions, time stamps, etc., unequivocally satisfies the requirements of the Bill with respect to the security safeguards required to be adopted.”
While EU’s GDPR gives citizens full control over their data, Indian personal data protection bill is seen as walking a central path, as it gives freedom to the citizens as well as to the government.