The relation between blockchain and the General Data Protection Regulation (hereinafter GDPR) is often described as problematic. This article addresses one of the problems blockchain faces: who is or are the controllers in a blockchain context? This article finds that it is particularly difficult to point out the controller in blockchain applications that are integrated in the core code of a permissionless blockchain. Blockchains‘ P2P character with its broad distribution of responsibilities make it difficult to select who are able to determine purposes and means of the processing of data. In order to structure the discussion, this article develops three conceptualizations of cooperation within a blockchain. These conceptualizations give different perspectives on the relations between the actors in a blockchain that are potential controllers. The article identifies who is most likely to be controller in the different conceptualizations and gives indications about the extent to which the controllers are able to exercise their responsibilities. A problem is that an adequate exercise of responsibility requires coordination within the blockchain. However, the system that normally takes care of coordination in a permissionless blockchain – the crypto-economic incentive system – is at present not able to bring the coordination that adequate data protection requires.
|Number of pages||15|
|Journal||JIPITEC: Journal of Intellectual Property, Information Technology and E-Commerce Law|
|Publication status||Accepted/In press - Aug 2020|
- controller, blockchain, GDPR