Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The impact of the GDPR on Blockchain & SSI – Silvan Jongerius

494 views

Published on

https://ssimeetup.org/impact-gdpr-blockchain-ssi-silvan-jongerius-webinar-23/
Silvan Jongerius is the Managing Partner at TechGDPR a boutique consultancy for data protection, privacy, and GDPR in deep tech with a strong focus on blockchain. He is also the Founder and President of BerChain a non-profit organization aimed at connecting the blockchain scene in Berlin and promoting Berlin as the blockchain capital.

Building on the experience of consulting many blockchain projects with GDPR, Silvan Jongerius will talk about the specific challenges and opportunities of the GDPR related to self-sovereign identity. He will provide a high-level introduction to privacy, data protection and the requirements of the GDPR and their interpretation, to give the attendees an overview of the regulatory situation.

After this introduction, we will explore the particularities of this regulation relating to decentralized technology, blockchain, immutable ledgers and in particular self-sovereign identity solutions. Naturally, there are many challenges, but there are also opportunities, perhaps even to over-comply on the GDPR and setting a new standard for meeting its principles.

Published in: Internet
  • Be the first to comment

The impact of the GDPR on Blockchain & SSI – Silvan Jongerius

  1. 1. The impact of the GDPR on blockchain & SSI Silvan Jongerius - Managing Partner Silvan Jongerius / @silvanjongerius / @techgdpr / silvan@techgdpr.com This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org
  2. 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives
  3. 3. • Discovery Workshop • Data Mapping • GDPR Assessment & Report • DPO-as-a-Service • Privacy by Design Consulting • Staff / Developer Training GDPR for DeepTech @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  4. 4. @techgdpr GDPR for DeepTech This presentation is released under a Creative Commons license. (CC BY-SA 4.0). https://www.forbes.com/sites/darrynpollock/2019/01/31/zcash-out-to-prove-privacy-is-key-to-crypto-adoption-with-gdpr-avoiding-use-cases/#
  5. 5. About Privacy @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  6. 6. @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  7. 7. European Convention on Human Rights Article 8.1: Everyone has the right to respect for his private and family life, his home and his correspondence. @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  8. 8. Privacy & Information Asymmetry Corporations Government Individuals Startups @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  9. 9. Facebook 2010: Privacy is no longer a social norm This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  10. 10. Facebook 2018: “Data Privacy” Facebook 2019: Researching blockchain identity This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  11. 11. Giovanni Buttarelli, European Data Protection Supervisor “There might well be a market for personal data, just like there is, tragically, a market for live human organs, but that does not mean that we can or should give that market the blessing of legislation.” @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  12. 12. The GDPR @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  13. 13. Fines & Risks @techgdpr • Up to 20 Million Euro • Or 4% of annual world wide group turnover • Whichever is higher • Disclosure requirements: reputation • Order to stop processing This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  14. 14. 1. lawfulness, fairness and transparency 2. purpose limitation 3. data minimisation 4. accuracy 5. storage limitation 6. integrity and confidentiality 7. accountability Principles (Art 5) @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  15. 15. Risk-based approach @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  16. 16. Scope • Data of natural persons in the EU • Personal Data • Pseudonymised, but not anonymised • Not: for household use @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  17. 17. Personal Data @techgdpr
  18. 18. Behavioural Patterns @techgdpr • Meta data can re-construct patterns leading to Personal Data • Large datasets have a high risk of leaking meta data • Location data can help constructing whereabouts that can lead to identification This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  19. 19. Personal Data Breach ? ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; Article 4 (12) GDPR @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  20. 20. Breaches & Notifications • Risk: Notify authorities within 72h • High risk: Notify affected subject (reputational risk) @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  21. 21. Controller/Processor Roles • Clearly defined roles • the Controller determines the purposes and means of the processing of personal data • the Processor processes personal data on behalf of the controller @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  22. 22. Legal base for processing A. Consent B. Performance of a contract C. Legal obligation D. Protect vital interests of subject E. Task in the public interest/authority F. Legitimate Interest* @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  23. 23. Valid consent? @techgdpr How was it collected? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  24. 24. Consent @techgdpr • Freely given • Specific • Informed This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  25. 25. Valid Consent: UX @techgdpr • Promoted choice • Bundling • Illusion of choice This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  26. 26. Subject (Access) Rights 1.Right of information 2.Right of access 3.Right of erasure 4.Right of rectification 5.Right to data portability 6.Right not to be subjected to automated decision making. 7.Right to object @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  27. 27. Personal data, blockchain & SSI @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  28. 28. Public Permissionless Public Permissioned Private Permissionless Private Permissioned @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  29. 29. Controller & Processor in Blockchain @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  30. 30. Right to erasure & rectification @techgdpr • Right of erasure (Article 17) • Right of rectification (Article 16) This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  31. 31. Encrypting on-chain personal data? @techgdpr • May be broken in the future • Encryption is a ‘technical measure’ not a way to move it out of scope of the GDPR. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  32. 32. “How about those hashes?” 518c4ae77dda05590f2789ec0d598d119f947001ceacc30ef1cadb8ceef4ebca Hash Function Can I store hashes of personal data? @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  33. 33. SILVAN JONGERIUS a8dc5a7432088955c01dd420b5e2a2e17a1fc3e15901f6d76ecddad95a20fa5b @techgdpr Passport This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  34. 34. Guidance @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  35. 35. https://www.cnil.fr/sites/default/files/atoms/files/blockchain.pdf @techgdpr
  36. 36. Opportunities of GDPR in blockchain @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  37. 37. GDPR compliance tracking @techgdpr • Immutable history of events • Consent given or revoked • Record of processing activities This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  38. 38. Alternative Governance Models @techgdpr • Clarity on roles • Contractual way to enforce rights • Only within Europe This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  39. 39. Contracted Nodes @techgdpr • Transparency • Control • Purpose limitation • Data minimisation • Storage limitation This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  40. 40. Self-Sovereign Identity @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  41. 41. Self-sovereign Identity @techgdpr • What is stored on-chain and off-chain? • Who is responsible for personal data? • On-device personal data may still be in scope of the GDPR This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  42. 42. Zero-knowledge proofs @techgdpr • Minimised amount of personal data revealed • High level of control over personal data • Need-to-know basis This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  43. 43. GDPR principles and SSI @techgdpr • Transparency • Control • Purpose limitation • Data minimisation • Storage limitation This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  44. 44. GDPR & SSI @techgdpr • Powerful tool for privacy protection • Visionary alignment with GDPR • Foundation technology • Both promote the free flow of data • Layer of trust and autonomy This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  45. 45. Letter of the law Spirit of the law? @techgdprThis presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  46. 46. Silvan Jongerius / @silvanjongerius / @techgdpr / silvan@techgdpr.com Thank You DPO Service - GDPR Assessment - Privacy by Design Data Protection Impact Assessment for Blockchain, AI & IoT This presentation is released under a Creative Commons license. (CC BY-SA 4.0).

×