Blockchain: challenges and legal issues of new technology
Digital Transformation Day 2018, Antwerp
Buzzwords of 2018…
BLOCHCHAINGDPR
Advantages of blockchain technology
BC is a distributed P2P ledgers that makes it possible to share a record of transaction with a great number of participants
Transactions cannot be manipulated, abused or changedEach participant (node) has a full copy of the ledgerHigh level of data securityTransactions are recorded based on consensus model between participantsCryptography is used for bot hidentity and integrity - PKI and hash
Advantages of blockchain technology
BC is a distributed P2P ledgers that makes it possible to share a record of transaction with a great number of participants
SecuritySimplicityTrust
Possible legal issues and challenges related to
blockchain technology
Validity of contractsProof of relationship/contractBoth can be managed, especially in a B2B context
SLA /availabilityLiability
The elephant in the room…
GDPR
A few basic principles of GDPR
TransparancyData Protection by designData minimisationAccuracyLimited retention timeData securityPurpose limitation
Right to erasureRight to be forgotten
Data storage within EU
Possible privacy issues in Blockchain
Distinction should probavbly be made between
Private BC (permission based) Public BC (permissionless)
Everyone can participate Control over participants IDEveryone has acces Access and use managementNo control over location of data Acceptance of ToU prior to access
Location of data can be managed
Inherent privacy issues in Blockchain
Data subjects rights (errasure, correction, right to be forgotten, …)Data minimisationLimited retention timesApplicable (data protection) laws (public vs. Private BC)Purpose limitation(Control over) data security (even if BC is in itself “secure”)Accuracy of data and right of correction >< in principle, data in BC cannot be changed
Data export / Location of data storage (public vs. private BC)Identity of data controller / data ownership
Inherent privacy issues in Blockchain
ConsequenceStoring personal data on a BC is not an option under GDPR
The workaroundYou store the personal data off-chain and store the reference to this data, along with a hash of this data and other metadata (like claims and permissions about this data), on the blockchain. Personal data is then send P2P between users
ButLoss of control over who accessed / stored / used personal data, since it is no longer in BC Necessity to have P2P contact with all participants in the BC
Where Blockchain can be a helping hand
(technical) data security
Guaranteed quality of data / reliability of data / accuracy
= Data protection by design
How Blockchain could even be a tool to ensure GDPR
compliance
BC could be used to execute data subject’s rights
Right to acces Right of correctionData portability
+ could be used as part of accountability / documentation obligations under GDPR
Prepare for challenges
Blockchain WILL have its breakthrough within 2 to 3 years
Blockchain offers a great number of opportunities
Users / early adapter should however be very aware of possible legal implications
Before all GDPR / data protection laws
Prepare for challenges
Detailed analyses of set up before getting started
What data?Which participants?Public or private?Location of data?Terms of Use for participants?Applicable law…
Sirius LegalMedia & advertisement law
IP law
Internet & e-commerce
Privacy & cookies
Gambling law
Travel & consumer protection
Commercial & contracts
Corporate - tax - labour - immo
www.siriuslegal.be
@BartVdBrande
Linkedin.com/in/bartvdb