Skip to main content
SpringerLink
Log in

Distributed Data Protection and Liability on Blockchains

  • Conference paper
  • First Online:
Internet Science (INSCI 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11551))

Included in the following conference series:

Abstract

Blockchains and the GDPR pursue similar objectives where they seek to grant users greater control over their personal data. While the latter pursues this goal by imposing duties of care to centralized controllers and collectors of data, blockchains go a step beyond by trying to eliminate these stakeholders and the need to trust them. Nevertheless, the rules set out by the GDPR apply whenever personal data are at stake, and various actors of the blockchain ecosystem risk liability for controlling of processing data in violation of privacy requirements. A possible solution is to re-contextualize the concepts of data controlling and responsibility, as framed by the GDPR, in light of blockchains’ enhanced individual autonomy. In this paper, we set the framework for a further inquiry on the role of users as both data subjects and data controllers of distributed ledgers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    According to the creator of Bitcoin, Satoshi Nakamoto, ‘what is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.’

  2. 2.

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Hereinafter GDPR.

  3. 3.

    According to article 4(1) GDPR, personal data are defined as ‘any information relating to an identified or identifiable natural person’.

  4. 4.

    According to the Article 29 Working Party’s Opinion on Anonymisation Techniques, data are considered anonymous only when their processing irreversibly prevents identification.

  5. 5.

    For instance, some end-users applications allow the generation of a new public key for each transaction, so that it becomes harder to link a set of transactions to an identifiable user. Moreover, cryptocurrencies like Monero deploy sophisticated techniques such as ring signature and Ring Confidential Transactions that prevent to link transactions and funds to public keys.

  6. 6.

    Note that the present paper refers generally to so called “public”, “permissionless” blockchains, in which any user can access the data, enter the network as validator or record transactions with no attribute-based or geographical restriction. As recognised by the CNIL opinion in the issue, “private” blockchains to do not pose specific problems concerning the attribution of liability for GDPR compliance. In fact, as private blockchains are developed and maintained by one or more identified actors, they perform as traditional databases whose storage is distributed but centrally controlled.

  7. 7.

    Miners are, for instance, unable to individually influence changes in the protocol. They cannot alter or modify the data. They don’t get to choose which data are stored on the blockchain nor the criteria based on which data get stored.

References

  1. Article 29 Working Party, Opinion 04/2014 on Anonymisation Techniques, 0829/14/EN

    Google Scholar 

  2. Article 29 Working Party, Opinion 4/2007 on the Concept of Personal Data, 01248/07/EN WP136

    Google Scholar 

  3. Dingle, S.: In Math We Trust: Bitcoin, Cryptocurrency and the Journey to Being Your Own Bank. Tracey McDonald Publishers, Bryanston (2018)

    Google Scholar 

  4. Finck, M.: Blockchains and data protection in the European Union. EDPL 4(1), 17–35 (2018). https://doi.org/10.21552/edpl/2018/1/6

    Article  Google Scholar 

  5. Ibanez, L.D., O’Hara, K., Simperl, E.: On Blockchains and the General Data Protection Regulation (2018). https://eprints.soton.ac.uk/id/eprint/422879

  6. Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System (2009). https://bitcoin.org/bitcoin.pdf

  7. Narayanan, A., Clark, J.: Bitcoin’s academic pedigree. Commun. ACM 60(12), 36–45 (2017). https://doi.org/10.1145/3132259

    Article  Google Scholar 

  8. Purtova, N.: The law of everything. Broad concept of personal data and future of EU data protection law. Law, Innov. Technol. 10(1), 40–81 (2018). https://doi.org/10.1080/17579961.2018.1452176

    Article  Google Scholar 

  9. Schmelz, D., Fischer, G., Niemeier, P., Zhu, L., Grechenig, T.: Towards using public blockchain in information-centric networks: challenges imposed by the European Union’s general data protection regulation. In: Proceedings of 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN 2018), pp. 223–228 (2018)

    Google Scholar 

  10. Wright, A., De Filippi, P.: Decentralized Blockchain Technology and the Rise of Lex Cryptographia (2015). https://doi.org/10.2139/ssrn.2580664

  11. Wright, A., De Filippi, P.: Blockchain and the Law: The Rule of Code. Harvard University Press, Cambridge (2018)

    Google Scholar 

  12. Zetzsche, D.A., Buckley, R.P., Arner, D.W.: The distributed liability of distributed ledgers: legal risks of blockchain, University of New South Wales Law Research Series. Law Working Paper Series, Number 2017-007 (2017). http://doi.org/10.2139/ssrn.3018214

Download references

Author information

Authors and Affiliations

  1. Blockchain and Society Policy Lab, IViR, University of Amsterdam, 1018 WV, Amsterdam, The Netherlands

    Alexandra Giannopoulou & Valeria Ferrari

Authors
  1. Alexandra Giannopoulou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Valeria Ferrari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alexandra Giannopoulou .

Editor information

Editors and Affiliations

  1. St. Petersburg State University, St. Petersburg, Russia

    Svetlana S. Bodrunova

  2. National Research University Higher School of Economics, St. Petersburg, Russia

    Olessia Koltsova

  3. SINTEF, Trondheim, Norway

    Asbjørn Følstad

  4. Inria, Le Chesnay, France

    Harry Halpin

  5. National Research University Higher School of Economics, Moscow, Russia

    Polina Kolozaridi

  6. National Research University Higher School of Economics, Moscow, Russia

    Leonid Yuldashev

  7. St. Petersburg State University, St. Petersburg, Russia

    Anna Smoliarova

  8. TU München, Munich, Germany

    Heiko Niedermayer

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Giannopoulou, A., Ferrari, V. (2019). Distributed Data Protection and Liability on Blockchains. In: Bodrunova, S., et al. Internet Science. INSCI 2018. Lecture Notes in Computer Science(), vol 11551. Springer, Cham. https://doi.org/10.1007/978-3-030-17705-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-17705-8_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-17704-1

  • Online ISBN: 978-3-030-17705-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation