You raised a very good point Omkar Neogi, the user identity cannot be easily discovered from the hashes (this is pretty much in compliance with pseudonymization techniques from the article).

Disclaimer: I’m not a lawyer and just sharing my “thoughts” as you asked:

Your assumption was right. If a company uses blockchain to track users without their consent or a legal basis (as mentioned under “When you DON’T need user consent” in the article), they are violating GDPR.

They don’t necessarily have to identify the user. For example if by knowing that you have bought 5 BTC they start showing you ads about spending that money, they are still using part of your data without a legal basis. When you do the transaction to buy 5 BTC your purpose is to buy and the trace you leave is relevant to that transaction. However if a company can link your trace with other information (like geolocation, cookies, etc.) that they’ve obtained from another site, they are violating GDPR.



Sr. Staff Engineer, Knowledge Worker, MSc Systems Engineering, Tech Lead, Web Developer

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store