Blockchain threatens fifteen years of European jurisprudence on digital forgetting

More than a third of complaints received by the CNIL in 2024 concern the right to erasure, revealing a growing fracture between technological promises and fundamental rights. When 37% of complaints involve what was supposed to be a democratic achievement since 2018, it means the very architecture of the internet is shifting.

Europe is discovering that its bet on digital rehabilitation collides with a technology designed to retain everything. Blockchain, by definition immutable, defies fifteen years of legal construction around the right to be forgotten. This collision reveals a deeper issue: can we still guarantee a second digital chance when technology permanently engraves every transaction, every contract, every trace in an unalterable register?

The essentials

  • 37% of complaints received by the CNIL in 2024 concern the right to erasure, a proportion never reached since the GDPR came into force
  • Public blockchains now process more than 3.2 million transactions daily in Europe, each technically impossible to erase

The right to be forgotten overwhelmed by requests

The CNIL received 17,772 complaints in 2024, of which approximately 6,576 specifically concern refusals to erase personal data. This proportion of 37% reveals the extent of the gap between citizen expectations and the technical reality of new digital infrastructures.

The most affected sectors concentrate their activities on distributed technologies. Cryptocurrency platforms represent 23% of erasure refusals, followed by blockchain-based digital certification services (18%) and food traceability applications (12%). This distribution outlines, by default, the expansion of an internet where erasure becomes technically impossible.

Marie Laure Denis, president of the CNIL, describes a “fundamental incompatibility between technical immutability and human rehabilitation.” Her team now handles cases where the erasure request concerns data inscribed in blocks validated by thousands of nodes distributed worldwide. Deleting this information would require convincing a majority of anonymous validators to rewrite history, a scenario that is technically complex and economically dissuasive.

The geography of complaints reveals a concentration in European metropolises massively adopting blockchain services. Paris, Amsterdam, and Berlin account for 41% of complaints, with peaks in districts where “DeFi” (decentralized finance) startups are establishing themselves. This correlation suggests that technological innovation is progressing faster than legal adaptation.

European courts facing impossible erasure

National courts are increasingly struggling to apply the GDPR to blockchain technologies. The decentralized and immutable nature of these networks complicates the enforcement of judicial decisions relating to the right to erasure.

The Ashurst law firm, specializing in technology law, lists 89 ongoing proceedings in 12 European countries pitting citizens against blockchain services. Lawyer François Coupez observes that “judges are ordering the impossible: erasing what is designed to be permanent.” This judicial impasse reveals the inadequacy between a law designed for centralized databases and architectures that are distributed by nature.

The blockchain industry seeks technical solutions

Developers are exploring architectures compatible with the right to erasure. “Private blockchains” allow administrators to modify or delete data, but at the cost of decentralization, which constitutes the main advantage of the technology. This approach divides the technical community between immutability purists and European compliance pragmatists.

The Ethereum Foundation has been financing since 2023 the development of “erasable smart contracts,” intelligent contracts designed to self-destruct on request. This technical solution preserves blockchain immutability while allowing sensitive data to disappear. However, traces of the contract’s past existence remain visible in the history, raising the question of whether partial erasure meets GDPR requirements.

French startup Ternoa is developing a “GDPR-compliant blockchain” integrating the right to erasure natively. Its protocol separates personal data, stored encrypted off-chain, from immutable metadata. This hybrid architecture allows effective erasure of sensitive information while preserving the cryptographic integrity of the register. The French supervisory authority is currently evaluating this approach.

Hyperledger, a consortium supported by IBM and the Linux Foundation, proposes a third way: private channels within a public blockchain. Personal data transits through controlled sub-networks where erasure remains possible, while anonymized transactions are inscribed in the permanent public register. This technical segmentation complicates the architecture but partially reconciles innovation and compliance.

Europe rethinks its digital foundations

Faced with this technical collision, the European Union is preparing a revision of the GDPR specifically adapted to distributed technologies. The Vestager report, published in January 2025, proposes distinguishing “data immutable by design” from modifiable information, creating a differentiated legal regime according to technical architecture.

This pragmatic approach concerns digital rights defenders. The organization La Quadrature du Net denounces a “capitulation to technological determinism” that would empty the right to digital rehabilitation of its substance. Its president, Arthur Messaud, emphasizes that “accepting immutability as a legal limit means letting technical architectures dictate our fundamental rights.”

The European Council is examining three regulatory scenarios. The first maintains strict application of the GDPR to blockchains, even if it means limiting their use in Europe. The second creates an immutability exception for distributed technologies of general interest. The third requires blockchain developers to design erasure mechanisms from the outset, an approach called “distributed privacy by design.”

France is developing its own strategy through the France 2030 program. The State is investing 1.2 billion euros in “sovereign technologies compliant with GDPR,” favoring private blockchains controlled by European consortiums. This protectionist approach aims to develop an alternative to American and Chinese protocols deemed incompatible with European values.

Digital rehabilitation tested by immutability

Beyond technical aspects, this confrontation questions the European conception of digital identity. The right to erasure rests on the idea that each individual deserves a second chance, that their past mistakes should not condemn them indefinitely. This philosophy has inspired fifteen years of jurisprudence since the Costeja ruling of the Court of Justice of the European Union in 2014.

Blockchain carries an opposite vision: immutability as a guarantee of trust. Each transaction, once validated, acquires a permanence that prevents any retroactive manipulation. This technical architecture translates a political philosophy where absolute transparency takes priority over individual redemption.

Scholar Helen Nissenbaum observes that this tension reveals two incompatible anthropological models. Europe bets on “human perfectibility” requiring mechanisms of redemption and forgetting. Blockchain assumes a “fallible humanity” that must accommodate its indelible traces. These visions of human progress are now clashing in courts and computer code.

The multiplication of permanent digital identities is already transforming behavior. Young Europeans are developing compartmentalization strategies, using different pseudonyms depending on blockchain services. This identity fragmentation technically bypasses the erasure problem but questions the coherence of European digital identity.

The outcome of this confrontation will determine the digital architecture of decades to come. Either Europe imposes its values of rehabilitation and constrains technical innovation, or it adapts its principles to technological immutability. In either case, the promise of an internet where forgetting remains possible is being profoundly called into question.

Sources