Blockchain & data protection…and why they are not on a collision course

Research output: Contribution to journalArticleScientificpeer-review

Abstract

Recent publications on the data protection aspects of blockchain technology
focus on the characteristics of the initial public (Bitcoin) blockchain, and do so in a generalized manner. The authors then conclude that the characteristics of a public blockchain are profoundly incompatible at a conceptual level with the principles of the EU General Data Protection Regulation (GDPR). The GDPR requires identification of acentral ‘controller’ who is responsible for compliance with the GDPR, while a public blockchain decentralizes the storage and processing of personal data, as a result whereof there is no such central point of control. For lack of a better alternative, the authors conclude that all ‘nodes’ involved in operating a blockchain qualify as a controller under the GDPR, raising enforcement and jurisdictional issues that make it impossible for individuals to enforce their rights. The transparency and immutability of a public blockchain would further not sit well with principles of data confidentiality, data
minimization, data accuracy and the rights of individuals to correction and deletion of their data.

I disagree with the analysis of these authors for a host of different reasons, the main one being that the authors focus on the shortcomings of the initial public (Bitcoin) blockchain when already many new types of permissioned private and consortium blockchain have been developed that significantly diverge from the original, permissionless public blockchain. In fact, these types of permissioned blockchain have been developed in response to the shortcomings of public blockchain. The authors further consider the data processing implications of blockchain as if this technologymean that they are probably unsuitable
for personal data.
825
Original languageEnglish
Article number6
Pages (from-to)825-851
Number of pages28
JournalEuropean Review of Private Law
Volume26
Issue number6
Publication statusPublished - 2018

    Fingerprint

Cite this