Conceptualizations of the controller in permissionless blockchains

Research output: Contribution to journalArticleScientificpeer-review


The relation between blockchain and the General Data Protection Regulation (hereinafter GDPR) is often described as problematic. This article addresses one of the problems blockchain faces: who is or are the controllers in a blockchain context? This article finds that it is particularly difficult to point out the controller in blockchain applications that are integrated in the core code of a permissionless blockchain. Blockchains‘ P2P character with its broad distribution of responsibilities make it difficult to select who are able to determine purposes and means of the processing of data. In order to structure the discussion, this article develops three conceptualizations of cooperation within a blockchain. These conceptualizations give different perspectives on the relations between the actors in a blockchain that are potential controllers. The article identifies who is most likely to be controller in the different conceptualizations and gives indications about the extent to which the controllers are able to exercise their responsibilities. A problem is that an adequate exercise of responsibility requires coordination within the blockchain. However, the system that normally takes care of coordination in a permissionless blockchain – the crypto-economic incentive system – is at present not able to bring the coordination that adequate data protection requires.
Original languageEnglish
Pages (from-to)215-227
Number of pages13
JournalJIPITEC: Journal of Intellectual Property, Information Technology and E-Commerce Law
Issue number2
Publication statusPublished - 27 Aug 2020


  • controller, blockchain, GDPR


Dive into the research topics of 'Conceptualizations of the controller in permissionless blockchains'. Together they form a unique fingerprint.

Cite this