Abstract
Blockchains and the GDPR pursue similar objectives where they seek to grant users greater control over their personal data. While the latter pursues this goal by imposing duties of care to centralized controllers and collectors of data, blockchains go a step beyond by trying to eliminate these stakeholders and the need to trust them. Nevertheless, the rules set out by the GDPR apply whenever personal data are at stake, and various actors of the blockchain ecosystem risk liability for controlling of processing data in violation of privacy requirements. A possible solution is to re-contextualize the concepts of data controlling and responsibility, as framed by the GDPR, in light of blockchains’ enhanced individual autonomy. In this paper, we set the framework for a further inquiry on the role of users as both data subjects and data controllers of distributed ledgers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
According to the creator of Bitcoin, Satoshi Nakamoto, ‘what is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.’
- 2.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Hereinafter GDPR.
- 3.
According to article 4(1) GDPR, personal data are defined as ‘any information relating to an identified or identifiable natural person’.
- 4.
According to the Article 29 Working Party’s Opinion on Anonymisation Techniques, data are considered anonymous only when their processing irreversibly prevents identification.
- 5.
For instance, some end-users applications allow the generation of a new public key for each transaction, so that it becomes harder to link a set of transactions to an identifiable user. Moreover, cryptocurrencies like Monero deploy sophisticated techniques such as ring signature and Ring Confidential Transactions that prevent to link transactions and funds to public keys.
- 6.
Note that the present paper refers generally to so called “public”, “permissionless” blockchains, in which any user can access the data, enter the network as validator or record transactions with no attribute-based or geographical restriction. As recognised by the CNIL opinion in the issue, “private” blockchains to do not pose specific problems concerning the attribution of liability for GDPR compliance. In fact, as private blockchains are developed and maintained by one or more identified actors, they perform as traditional databases whose storage is distributed but centrally controlled.
- 7.
Miners are, for instance, unable to individually influence changes in the protocol. They cannot alter or modify the data. They don’t get to choose which data are stored on the blockchain nor the criteria based on which data get stored.
References
Article 29 Working Party, Opinion 04/2014 on Anonymisation Techniques, 0829/14/EN
Article 29 Working Party, Opinion 4/2007 on the Concept of Personal Data, 01248/07/EN WP136
Dingle, S.: In Math We Trust: Bitcoin, Cryptocurrency and the Journey to Being Your Own Bank. Tracey McDonald Publishers, Bryanston (2018)
Finck, M.: Blockchains and data protection in the European Union. EDPL 4(1), 17–35 (2018). https://doi.org/10.21552/edpl/2018/1/6
Ibanez, L.D., O’Hara, K., Simperl, E.: On Blockchains and the General Data Protection Regulation (2018). https://eprints.soton.ac.uk/id/eprint/422879
Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System (2009). https://bitcoin.org/bitcoin.pdf
Narayanan, A., Clark, J.: Bitcoin’s academic pedigree. Commun. ACM 60(12), 36–45 (2017). https://doi.org/10.1145/3132259
Purtova, N.: The law of everything. Broad concept of personal data and future of EU data protection law. Law, Innov. Technol. 10(1), 40–81 (2018). https://doi.org/10.1080/17579961.2018.1452176
Schmelz, D., Fischer, G., Niemeier, P., Zhu, L., Grechenig, T.: Towards using public blockchain in information-centric networks: challenges imposed by the European Union’s general data protection regulation. In: Proceedings of 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN 2018), pp. 223–228 (2018)
Wright, A., De Filippi, P.: Decentralized Blockchain Technology and the Rise of Lex Cryptographia (2015). https://doi.org/10.2139/ssrn.2580664
Wright, A., De Filippi, P.: Blockchain and the Law: The Rule of Code. Harvard University Press, Cambridge (2018)
Zetzsche, D.A., Buckley, R.P., Arner, D.W.: The distributed liability of distributed ledgers: legal risks of blockchain, University of New South Wales Law Research Series. Law Working Paper Series, Number 2017-007 (2017). http://doi.org/10.2139/ssrn.3018214
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Giannopoulou, A., Ferrari, V. (2019). Distributed Data Protection and Liability on Blockchains. In: Bodrunova, S., et al. Internet Science. INSCI 2018. Lecture Notes in Computer Science(), vol 11551. Springer, Cham. https://doi.org/10.1007/978-3-030-17705-8_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-17705-8_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17704-1
Online ISBN: 978-3-030-17705-8
eBook Packages: Computer ScienceComputer Science (R0)