In this essay, I will argue that the GDPR is slowing down technology progress in the EU with respect to the Blockchain technology. The blockchain is of particular interest to me as I detected the potential legal issues and impact of blockchain technology within my professional work.
I identified several legal ramifications in different fields of law, that I believe will raise major problems in the near future. Moreover, it is not currently certain how United Kingdom will treat the international law internally after Brexit, as Article 3 GDPR is limiting the spatial application area to the European Union and processes taking place in this terrain. I will outline these problems here.
Table of Contents
1. Introduction
2. Insight into Blockchain Technology
3. Blockchian Technology and the Processing of Personal Data
3.1 Article 5 (1) a) GDPR: Transparency
3.2 Article 5 (1) b) GDPR: Purpose limitation
3.3 Article 5 (1) c) GDPR: Data minimization
3.4 Article 5 (1) d) GDPR: Immutability of data
3.5 Article 5 (1) e) GDPR: Storage limitation
4. Conclusion
Objectives and Topics
The primary objective of this work is to evaluate the legal compatibility of blockchain technology with the European Union's General Data Protection Regulation (GDPR), specifically focusing on whether the inherent characteristics of blockchain conflict with data protection requirements.
- Technical analysis of blockchain innovations (immutability, distributed ledger, consensus protocol).
- Examination of GDPR compliance regarding transparency and purpose limitation.
- Critical discussion on data minimization and the right to be forgotten.
- Assessment of the "redactable blockchain" as a potential technical solution for compliance.
- Evaluation of the tension between decentralized systems and centralized regulatory oversight.
Excerpt from the Book
Article 5 (1) d) GDPR: Immutability of data
According to this section, data must be factually correct and, if necessary, up to date. For this principle, the distributed peer-to-peer principle of the blockchain network is quite advantageous. Since each new block is linked to the previous one, only complete copies can be appended to the next block. Conflicts with non-updated copies on the network are resolved by validating the longest valid block chain. The network ensures by its protocol that all nodes in the network have a current and thus formally correct copy of the blockchain. Participants with an outdated copy notice this because they can no longer successfully participate in the calculation of new blocks.
However, the timeliness of the blockchain data and its formal correctness do not influence their accuracy with regard to the rights of the person concerned to rectification or their factual correctness. Once a block has been added, it can no longer be removed or changed since each new block is permanently linked to the previous one by a cryptographic hash function. If a block is changed, all subsequent blocks must also be recalculated. Since the creation of a new valid block is a computationally intensive operation, a block becomes more secure in terms of its permanent whereabouts in the blockchain, the more subsequent blocks come after it. This intended "eternity" of the blocks guarantees an integral archive of transactions or data processing steps. This archive is available to every participant of the decentralized registry. An individual participant can not effect a permanent change of a block without the other participants noticing the change and rejecting the change by a majority vote.
Summary of Chapters
1. Introduction: The author introduces the central argument that GDPR regulations potentially hinder technological progress regarding blockchain within the EU.
2. Insight into Blockchain Technology: This chapter defines the core innovations of blockchain, specifically immutability, distributed ledgers, and peer-to-peer consensus protocols in both permissionless and permissioned forms.
3. Blockchian Technology and the Processing of Personal Data: This section provides a detailed legal analysis of blockchain's compliance with Article 5 of the GDPR across various principles.
3.1 Article 5 (1) a) GDPR: Transparency: Discusses how decentralized storage provides technical transparency but complicates the identification of a responsible party for information duties.
3.2 Article 5 (1) b) GDPR: Purpose limitation: Analyzes the compatibility of blockchain data storage with the requirement that data must be processed for specified, legitimate purposes.
3.3 Article 5 (1) c) GDPR: Data minimization: Examines whether the replication of data across multiple nodes conflicts with the GDPR requirement to limit data processing to a minimum.
3.4 Article 5 (1) d) GDPR: Immutability of data: Explores the conflict between the blockchain's permanent nature and the data subject's right to rectification or deletion.
3.5 Article 5 (1) e) GDPR: Storage limitation: Addresses the principle of storage duration and discusses how redactable blockchain concepts might allow for the deletion of blocks.
4. Conclusion: Synthesizes the findings, concluding that blockchain technology currently lacks full compliance with the GDPR and requires further legal and technical development to bridge this gap.
Keywords
Blockchain, GDPR, Article 5, Data Protection, Immutability, Transparency, Purpose Limitation, Data Minimization, Redactable Blockchain, Distributed Ledger, Compliance, Personal Data, Right to be forgotten, Decentralization, Peer-to-Peer.
Frequently Asked Questions
What is the core focus of this work?
The work investigates the legal and technical conflicts between blockchain technology's decentralized architecture and the regulatory requirements set forth by the EU General Data Protection Regulation (GDPR).
Which key areas of the GDPR are analyzed?
The analysis focuses on Article 5 of the GDPR, specifically covering principles such as transparency, purpose limitation, data minimization, immutability, and storage limitation.
What is the primary research question?
The essay explores whether blockchain technology is compliant with the GDPR, questioning if the fundamental characteristics of blockchains, like immutability, are compatible with data subject rights.
What methodology does the author use?
The author employs a qualitative, legal-analytical approach, comparing specific blockchain features against the mandates of the GDPR and examining proposed technical solutions like "redactable blockchains."
What is covered in the main body of the text?
The main body systematically breaks down the blockchain's functional architecture and evaluates each component against specific legal clauses within Article 5 of the GDPR.
Which keywords best describe this research?
Essential keywords include Blockchain, GDPR, Data Protection, Immutability, Compliance, Distributed Ledger, and Data Minimization.
How does the author define a "node" in this context?
A node is defined as a computer within the network that stores a copy of the blockchain and performs tasks related to the addition and validation of new blocks.
What is a "redactable blockchain" and why is it significant?
It is a blockchain variant that allows for the modification of old blocks via a secret key, which is significant because it offers a potential technical pathway to satisfy the GDPR's "right to be forgotten" and rectification requirements.
Why does the author suggest that blockchain might be in conflict with data minimization?
Because blockchain technology inherently requires the storage of multiple copies of data across the network, which may contradict the principle that the volume of processed data should be limited to the absolute minimum.
- Citar trabajo
- Oliver Zeidler (Autor), 2020, Blockchain Technology Compliance with the European Union (EU) General Data Protection Regulation (GDPR), Múnich, GRIN Verlag, https://www.grin.com/document/922863
