Blockchain Integration Into The Healthcare Sector: Navigating Privacy Compliance, Data Localization, And Cross-Border Data Flows

Rishabh Jayasimha Iyengar, Jindal Global Law School

ABSTRACT

A rudimentary understanding of blockchain technology will shed light on the pillars of “transparency” and “immutability” that it is built on. These principles paint such technology as the antithesis of protecting personal data of individuals that form part of such blockchains. Once data is recorded within a blockchain, the ledger ensures that no unilateral change can be made by any singular party to the database. Further, this public ledger is heralded for its transparent nature.

Such disparities in privacy compliance requirements mandated by the EU’s GDPR and India’s DPDPA require to be delved into considering the rise in blockchain technology’s application within essential sectors like healthcare and finance wherein the protection of sensitive personal data that is processed by corporations in different jurisdictions is paramount.

This paper begins with analyzing how the transparency requirements central to blockchain technology are the antithesis to privacy requirements/DSR’s mandated by privacy statutes of the EU and India. Furthermore, with the growth of blockchain into essential sectors like finance and healthcare, it will aim to determine the level of compliance to be adhered to in situations of cross-border data flows between the EU and India from corporations processing such sensitive personal data. It also aims to determine the scope of the Indian government’s discretion under the DPDPA concerning cross-border processing of sensitive data arising overseas in the absence of international privacy legislation. Lastly, the paper will also analyze how “sensitive” personal data like health information which has a separate classification under the GDPR will be processed under the DPDPA considering the absence of such classification altogether.