I’m not a huge fan of the “let’s use blockchain for everything” mode of thinking, and I do have concrete criticism of public ledgers in the context of GDPR. I do not think we should use public ledgers as a database (lat alone a personal data store), because it sucks at that. Ideally, we should store “anchors” of our private data state. But I also don’t agree with some aspects of the article.
Lawfulness of processing means you have to have a valid reason for processing the data, not a valid reason for choosing a particular technical solution. The same critique goes for many of the points which discuss the principles in the context of a technical solution, which is not their point.
The main discrepancy is that you should not publish personal data (regardless of whether it’s putting it on your homepage or on a public ledger)
But most of these issues would be resolved if data is stored encrypted on the public ledger. That is not bullet-proof, as encryption keys weaken over time, so data needs regular re-encryption, but for non-sensitive data that might be okay. Especially if it’s pseudonymized and encrypted.
Erasure is then not an issue — you throw away the encryption key and the data is no longer accessible.
But I agree, we should not look at public ledgers as a place to store data. They are not intended for that, and one has to have a pretty good understanding of privacy legislation and technical solutions in order to navigate the maze of storing personal data on a public ledger. So rule of thumb — don’t.