Policy options
Author | Michèle Finck |
Pages | 96-100 |
STOA| Panel for the Future of Science and Technology
96
12.Policy options
This studyhas examined the relationship between blockchain technologies and European data
protection law. It has been seen, firstly, that there is a significant tension between the very nature of
blockchain technologies and the overall structure of the GDPR. Whether specific blockchain use
cases are compliant with the supranational legal framework can, however, not be examined in a
generalisedfashion but rather ought to be determined on the basis of a case-by-case analysis.
Secondly, the studyhas also highlighted that in specific cases, this class of distrib uted technologies
may offer distinct advantages that can be helpful to achieve some of the GDPR's objectives. It is on
the basis of the preceding analysis that this section develops concrete policy optionsthat could be
adopted to ensure that these distributed technologies develop in a manner that is aligned with the
legal framework's objectives.
12.1.Regulatory guidance
The key point highlighted in the first and main part of the present studyis that there is currently a
lack of legal certainty as to how various elements of European data protection law ought to be
applied to blockchains. This uncertainty is anchoredin two overarching factors. First, it has been seen
that oftentimes, the very technical structure of blockchain technology as well as its governance
arrangements stand in contrast with legal requirements. Second, it has also been observed that
trying to map the Regulation to blockchain technologies reveals broader uncertainties regarding
the interpretation and application of this legal framework. The GDPR is indeed legislation that is
based on broad general principles. This bears flexibil ity and adaptability advantages in an age of fast
technological change, yet also has downsides, such as that it can be difficult determine with
certainty how a specific provision ought to be applied in a specific context.
Indeed, one year after the GDPR became binding and although the legal regime is largely based on
the previous 1995 Data Protection Directive, it is evident that many pivotal concepts remain unclear.
Many instances of that phenomenon have been highlighted above. For example, it is currently
unclear where the dividing line between anonymous data and personal data due to conflicting
statements to this effect in the Regulation and the A rticle 29 Working Party's interpretation thereof.
Moreover, whereas the GDPR recognises a right to 'erasure' that data subjects are free to exercise in
some circumstances, there is no indication regarding what 'erasure' actually requires. As such, it is
unclear whether erasure in the common-sense understanding of the word is required or whether
alternative technical approaches with a similar outcome may be sufficient. These are important
questions as erasure in the common-sense understanding of the word is difficult to achieve on DLT
whereas alternative technical approaches have been envisaged. Oftentimes, the interpretation of
core GDPR concepts is burdened by a lack of harmonious interpretations between the various
supervisory authorities in the European Union.
Furthermore, there is currently – in the blockchain context and beyond – an on-going debate
regarding the allocation of responsibility for GDPR compliance. The Regulation considers that the
data controller is the entity determining the purposes and the means of personal data processing.
Yet, in practice only the purposes are taken into account to make that determination. This has led
to an expanding number of actors that may be qualified as data controllers – particularly joint-
controllers, as is also obvious from recent case law of the CJEU. In addition, there is a lack of legal
certainty as to what consequences flow from a finding of controllership, precisely whether the (joint-
) controller ought to comply with all GDPR requi rements, only those assigned to it in an agreement
with other joint-controllers, or only those that are effectively within its responsibilities, powers and
capabilities. It is hoped that future case law, especially the upcoming judgment in FashionID, will
clarify at least some of these questions, which are important for blockchains but also beyond.
Get this document and AI-powered insights with a free trial of vLex and Vincent AI
Get Started for FreeUnlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations

Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations

Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations

Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations

Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations
