Abstract
This chapter examines the implications of blockchain technology on the processing of personal data and its compliance with the general data protection regulation (GDPR) within the European Union. While the internet has revolutionized communication and database systems, it has also posed challenges to legally process personal data. However, the introduction of blockchain technology, with its cryptographic features and decentralized peer-to-peer ledger system, raises questions about the applicability of the GDPR. This chapter analyzes personal data processed in public blockchains, including the right to erasure. Additionally, the chapter explores the complexities of establishing accountability within distributed ledger technology, considering the innovative nature of blockchain and the traditional database framework upon which the GDPR was constructed. By examining the relationship between blockchain participants and fundamental data protection rights, this research aims to shed light on the intersection of blockchain technology and personal data protection.
TopIntroduction
Technology, communication, and IT systems have developed rapidly in recent decades. The societal requirements for information availability and communication and the range of digital solutions and protocols in these areas have increased. From a legal perspective, interpretations have been made within the already applicable legislation to accommodate such new technology use. New legislation and directives have been established at both national and international levels. Communication, information, and data security are common pillars of these innovative technological services. However, a technological development that enables freedom of expression and the dissemination of information also entails risks of privacy violations, which requires the legislator to ensure that privacy-protecting provisions can be applied (Suripeddi & Purandare, 2021).
An example of a rapidly developing technology is the field of blockchains. The explosive growth of digital currencies or cryptocurrencies such as Bitcoin has certainly not escaped many. However, fewer people understand the technological structure behind these currencies, more precisely, blockchain technology. A blockchain or blockchain in English is not necessarily a cryptocurrency. However, blockchains’ advantages make them particularly suitable as transaction systems and digital currencies (Belen-Saglam et al., 2023). Blockchain projects and applications are often financed by creating an overlying functional currency for the blockchain as an investment instrument, which is why cryptocurrencies and blockchains are often confused. However, from a legal informatics perspective, the blockchain technology behind these projects and currencies is particularly interesting to study. Blockchain technology means that data can be “chained together” using mathematical formulas and thus create a long data chain. Overall, it can be mentioned that the chain structure contributes to verifying the information that is processed (Mizzi, 2018). The mathematical standards used in blockchains prevent previously entered information from being changed, as the entire chain fails if any previous link is changed. Public blockchains also solve the problem of a centralized point of influence with the help of a distributed database structure. Instead of the database being accessed via a single server, the entire database is continuously distributed to everyone in the network so that the network can remain active and the database accessible via other users’ editions of the database if a server goes down (Godyn et al., 2022).
Using this chain structure that makes changes to the information in the chain visible to everyone in the network, blockchain technology enables verifications of digital originals. Blockchains that are open to the public, public blockchains, are particularly suitable for digital transactions since everyone can participate in the network, and it is possible to verify transactions without the need for a third party that secures the system, such as a bank or authority. Blockchain technology is interesting to study from a legal perspective because blockchains entail a new structure for processing and distributing information. A deeper and more technical description of the technology follows in future chapters (Riva, 2020).
While both the supply and interest in blockchains are growing among companies and authorities alike, there are several questions and legal ambiguities that the technology brings with it. The most legally relevant questions concern data handling and liability issues. A fundamental difference to ordinary databases is the distributed ledger that public blockchains use and the lack of changeability for data that has been added to the chain. These differences are the basis for many legal issues that will be explained in more detail in this essay. Instead of a person or a company having a server and database, the information is with everyone who is part of a decentralized network. This technological, structural change creates application issues concerning the European Union’s (EU) general regulation on the processing of personal data (GDPR) (Mondschein & Monda, 2019).
Key Terms in this Chapter
Personal Data Controller: A legal entity or individual that determines the purposes and means of processing personal data, as defined in the GDPR. In the context of blockchain, determining the personal data controller becomes complex in decentralized systems where multiple participants contribute to the processing and validation of data.
General Data Protection Regulation (GDPR): A regulation implemented by the European Union (EU) to protect individuals' privacy and regulate the processing and storage of personal data. It establishes rules for organizations handling personal data and grants individuals control over their personal information.
Blockchain Technology: A decentralized and distributed digital ledger technology that enables secure and transparent recording of transactions across multiple computers or nodes in a network. It uses a chain structure to verify and secure information, making it resistant to tampering and creating trust among participants.
Distributed ledger: A type of database that is replicated and synchronized across multiple locations or participants in a network. In the context of blockchain, the distributed ledger ensures that all participants have a copy of the blockchain, eliminating the need for a centralized authority and enabling transparency and consensus.
Right to Erasure: Also known as the “right to be forgotten,” it is an individual's right to request the deletion or removal of their personal data by the data controller, under certain circumstances, as outlined in the GDPR. However, the immutability and permanence of data in public blockchains pose challenges in implementing the right to erasure.
Cryptocurrencies: Digital or virtual currencies that use cryptography for secure financial transactions, control the creation of new units, and verify the transfer of assets. Cryptocurrencies, such as Bitcoin, are often associated with blockchain technology due to their utilization of blockchain as a transaction system.