Risks of blockchain for data protection: a european approach

Abstract

Blockchain has come to revolutionize commerce, driving faster and more efficient transactions. This new technology was born to work in a trustless environment, without any need for trusted intermediaries or supervision by state agencies, leaving a digital print that is mostly public and permanent. Nonetheless, the main problem it presents is that the use of blockchain can interfere with an individual’s privacy rights. This article explores the challenges posed by blockchain to data protection. Looking into the characteristics of blockchain will be necessary to explore its advantages and limits, especially from a privacy point of view. Blockchain is a kind of technology that is currently disruptive, but its applications can be modulated and configured in different ways depending on the needs. This article examines the territorial and material scope of the General Data Protection Regulation in order to clarify whether it is applicable to blockchain technologies. The issue of identifiers on a blockchain, the allocation of responsibility to participants, the tension with data subjects’ rights and, in particular, the right to erasure are discussed. Some recommendations for reconciling data protection and blockchain technologies are proposed, in particular, projecting the privacy by design principle to blockchain applications. Technological developments should not suppose a deterioration of the rights of individuals. However, some technical solutions entail significant trade-offs, as the case on anonymity in cryptocurrencies illustrates.