AuthorMichèle Finck
Blockchain and the General Data Protection Regulation
1. Introduction
Blockchain technologies are a much-discussed instrument that, according to some, promises to
inaugurate a new era of data storage and code-execution, which could in turn stimulate new
business models and markets. The precise impact of the technology is, of course, hard to anticipate
with certainty, and many remain deeply sceptical of blockchains' eventual impact. In recent times,
many have voiced concerns that existing regulatory paradigms risk stifling the technology's future
development and accordingly stand in the way of transforming the European Union into a global
leader in blockchain technology and related developments at a time where there are already
broader concerns regarding the EU's ability to keep up with the data-driven economy.
In particular the EU General Data Protection Regulation ('GDPR') is a much-discussed topic in this
regard. Indeed, many points of tension between blockchain technologies and the GDPR can be
identified. Broadly, it can be maintained that these are due to two overarching factors. First, the
GDPR is based on the underlying assumption that in relation to each personal data point there is at
least one natural or legal person the data controller that data subjects can address to enforce
their rights under EU data protection law. Blockchains, however, often seek to achieve
decentralisation in replacing a unitary actor with many different players. This makes the allocation
of responsibility and accountability burdensome, particularly in light of the uncertain contours of
the notion of (joint)-controllership under the Regulation. A further complicating factor in this
respect is that in light of recent developments in the case law, defining which entities qualify as
(joint-) controllers can be fraught with uncertainty. Second, the GDPR is based on the assumption
that data can be modified or erased where necessary to comply with legal requirements such as
Articles 16 and 17 GDPR. Blockchains, however, render such modifications of data purposefully
onerous in order to ensure data integrity and increase trust in the network. Determining whether
distributed ledger technology may nonetheless be able to comply with Article 17 GDPR is burdened
by the uncertain definition of 'erasure' in Article 17 GDPR as will be seen in further detail below.
These factors have triggered a debate about whether the GDPR stands in the way of an innovative
EU-based blockchain ecosystem. Indeed, some have argued that in order to facilitate innovation and
to strengthen the Digital Single Market, a revision of the GDPR may be in order, or that blockchains
should benefit from an altogether exemption of the EU data protection framework. Others have
stressed the primacy of the legal framework and stated that if blockchains are unable to comply with
EU data protection law then this means that they are probably an undesirable innovation
considering their inability to comply with established public policy objectives.2
These debates have not gone unnoticed to the European Parliament. A recent European Parliament
report by the Committee on International Trade highlighted the 'challenge posed by the
relationship between blockchain and the implementation of the GDPR'.3 A 2018 European
Parliament resolution underlined that blockchain-based applications must be compatible with the
GDPR, and that the Commission and European Data Protection Supervisor should provide further
clarification on this matter.4 Recently, the European Data Protection Board ('EDPB') indicated that
blockchain may be one of the topics that it may examine in the context of its 2019/2020 work
2 Meyer D (27 February 2018), Blockchain technology is on a collision course with EU privacy law>.
3 European Parliament Report on Blockchain: a Forward-Looking Trade Poli cy (AB-0407/2018) (27 November 2018), para
14, .
4 Proposition de Résolution déposée à la suite de la question avec demande de réponse orale B8-0405/2018 (24 September
2018), para 33,

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT