SlideShare a Scribd company logo

Personal data on the blockchain and GDPR compatibility

Download as PPTX, PDF
Alexandra Giannopoulou
Alexandra Giannopoulou

Amsterdam Privacy Conference 2018. Workshop entitled: "Controlling your data: the competing visions of blockchains and GDPR" organised by the Blockchain and Society Policy Lab, IViR

Law
1 of 19
Controlling your data: the competing visions of blockchains and the GDPR Personal data on the blockchain and GDPR compatibility Alexandra Giannopoulou Blockchain and Society Policy Lab Institute for Information Law (IViR) University of Amsterdam Amsterdam Privacy Conference
Which data do we store on the blockchain? • Plain text data • Transactional data
Which data do we store on the blockchain? • Plain text data You probably shouldn’t and you probably don’t • Transactional data
Which data do we store on the blockchain? • Plain text data You probably shouldn’t and you probably don’t • Transactional data Metadata Encrypted personal data Hashed personal data
Anonymous data are not personal data according to the GDPR What does the law say?
Anonymous data are not personal data according to the GDPR BUT Pseudonymous data are personal data subject to GDPR What does the law say?
Definitions matter
What’s the difference? Definitions matter Anonymous data ≠ Pseudonymous data
What’s the difference? Definitions matter Anonymous data ≠ Pseudonymous data information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. personal data that can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
What does that mean for the blockchain data?
What does that mean for the blockchain data? Article 29 WP on anonymisation : processing personal data in order to irreversibly prevent identification • Hashing ? • Asymmetric cryptography? NO
What does that mean for the blockchain data? Data qualified as personal data are essential to the functioning of the blockchain Identification of irreversibly anonymous data and the respective processes that produce them in the blockchain environment
Solutions ? Technical solutions Legal solutions
Solutions ? Technical solutions Legal solutions • Store data off-chain Is it possible for all types of personal data?
Solutions ? Technical solutions Legal solutions • Store data off-chain Is it possible for all types of personal data? • Use privacy enhancing technologies Which ones? Are we going to standardize them?
Solutions ? Technical solutions Legal solutions • Store data off-chain Is it possible for all types of personal data? • Use privacy enhancing technologies Which ones? Are we going to standardize them? Data qualified as personal data are essential to the functioning of the blockchain
Solutions ? Technical solutions Legal solutions • Store data off-chain Is it possible for all types of personal data? • Use privacy enhancing technologies Which ones? Are we going to standardize them? Data qualified as personal data are essential to the functioning of the blockchain Adopt the law to the blockchain standards?
Consequences If the law accepts some technological standards for anonymization: Can users turn to developers on the grounds of data minimization for not using the privacy-appropriate technology? How about the right to data amendment? If the data is stored forever on the blockchain, do anonymous data become pseudonymous after a process of technological evolution? What are the legal rights on these personal data?
THANK YOU

Recommended

Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu
 
Supporting GDPR Compliance through Data Classification
Supporting GDPR Compliance through Data ClassificationSupporting GDPR Compliance through Data Classification
Supporting GDPR Compliance through Data ClassificationIndex Engines Inc.
 
Tackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarTackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarIndex Engines Inc.
 
Webinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRWebinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRIndex Engines Inc.
 
Metadata Driven Access Control in Practice - BigData Tech Warsawm 2019
Metadata Driven Access Control in Practice - BigData Tech Warsawm 2019Metadata Driven Access Control in Practice - BigData Tech Warsawm 2019
Metadata Driven Access Control in Practice - BigData Tech Warsawm 2019Magnus Runesson
 
Journey in Country of Data Access Governance - Data works summit 2019 Barcelona
Journey in Country of Data Access Governance - Data works summit 2019 BarcelonaJourney in Country of Data Access Governance - Data works summit 2019 Barcelona
Journey in Country of Data Access Governance - Data works summit 2019 BarcelonaMagnus Runesson
 
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"Ragnar Heil
 
BigID PII & PI Discovery for GDPR Data Sheet
BigID PII & PI Discovery for GDPR Data SheetBigID PII & PI Discovery for GDPR Data Sheet
BigID PII & PI Discovery for GDPR Data SheetDimitri Sirota
 

Recommended

Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu
 
Supporting GDPR Compliance through Data Classification
Supporting GDPR Compliance through Data ClassificationSupporting GDPR Compliance through Data Classification
Supporting GDPR Compliance through Data ClassificationIndex Engines Inc.
 
Tackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarTackling the GDPR Dell EMC Index Engines Webinar
Tackling the GDPR Dell EMC Index Engines WebinarIndex Engines Inc.
 
Webinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRWebinar: Practical Technology Playbook for the GDPR
Webinar: Practical Technology Playbook for the GDPRIndex Engines Inc.
 
Metadata Driven Access Control in Practice - BigData Tech Warsawm 2019
Metadata Driven Access Control in Practice - BigData Tech Warsawm 2019Metadata Driven Access Control in Practice - BigData Tech Warsawm 2019
Metadata Driven Access Control in Practice - BigData Tech Warsawm 2019Magnus Runesson
 
Journey in Country of Data Access Governance - Data works summit 2019 Barcelona
Journey in Country of Data Access Governance - Data works summit 2019 BarcelonaJourney in Country of Data Access Governance - Data works summit 2019 Barcelona
Journey in Country of Data Access Governance - Data works summit 2019 BarcelonaMagnus Runesson
 
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"
Webinar Metalogix "Auf der Zielgeraden zur DSGVO!"Ragnar Heil
 
BigID PII & PI Discovery for GDPR Data Sheet
BigID PII & PI Discovery for GDPR Data SheetBigID PII & PI Discovery for GDPR Data Sheet
BigID PII & PI Discovery for GDPR Data SheetDimitri Sirota
 
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...Index Engines Inc.
 
How to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your applicationHow to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your applicationMicrosoft Tech Community
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID Inc
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Inc
 
Preso: LogLogic Agrees to Acquire Exaprotect
Preso: LogLogic Agrees to Acquire ExaprotectPreso: LogLogic Agrees to Acquire Exaprotect
Preso: LogLogic Agrees to Acquire Exaprotectloglogic
 
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Jean-Michel Franco
 
BigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetBigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetDimitri Sirota
 
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...Mydex CIC
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection onlineBozhidar Bozhanov
 
BigID Data Inventory & Data Mapping Data Sheet
BigID Data Inventory & Data Mapping Data SheetBigID Data Inventory & Data Mapping Data Sheet
BigID Data Inventory & Data Mapping Data SheetDimitri Sirota
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...Jeff Kelly
 
BigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingBigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingDimitri Sirota
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developersBozhidar Bozhanov
 
BigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Inc
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersServerGuy
 
BigID GDPR RoPA / Article 30 Automation Data Sheet
BigID GDPR RoPA / Article 30 Automation Data SheetBigID GDPR RoPA / Article 30 Automation Data Sheet
BigID GDPR RoPA / Article 30 Automation Data SheetDimitri Sirota
 
It security
It securityIt security
It securityLars Krag Kongsgaard
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR ComplianceMiguel Mello
 
New Year’s Resolution - Improve Team Communication
New Year’s Resolution - Improve Team CommunicationNew Year’s Resolution - Improve Team Communication
New Year’s Resolution - Improve Team CommunicationDATAVERSITY
 
Distributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchainDistributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchainAlexandra Giannopoulou
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedStewart Norriss
 

More Related Content

What's hot

Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...Index Engines Inc.
 
How to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your applicationHow to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your applicationMicrosoft Tech Community
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID Inc
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Inc
 
Preso: LogLogic Agrees to Acquire Exaprotect
Preso: LogLogic Agrees to Acquire ExaprotectPreso: LogLogic Agrees to Acquire Exaprotect
Preso: LogLogic Agrees to Acquire Exaprotectloglogic
 
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Jean-Michel Franco
 
BigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetBigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetDimitri Sirota
 
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...Mydex CIC
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection onlineBozhidar Bozhanov
 
BigID Data Inventory & Data Mapping Data Sheet
BigID Data Inventory & Data Mapping Data SheetBigID Data Inventory & Data Mapping Data Sheet
BigID Data Inventory & Data Mapping Data SheetDimitri Sirota
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...Jeff Kelly
 
BigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingBigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingDimitri Sirota
 
BigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Inc
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersServerGuy
 
BigID GDPR RoPA / Article 30 Automation Data Sheet
BigID GDPR RoPA / Article 30 Automation Data SheetBigID GDPR RoPA / Article 30 Automation Data Sheet
BigID GDPR RoPA / Article 30 Automation Data SheetDimitri Sirota
 
New Year’s Resolution - Improve Team Communication
New Year’s Resolution - Improve Team CommunicationNew Year’s Resolution - Improve Team Communication
New Year’s Resolution - Improve Team CommunicationDATAVERSITY
 

What's hot (20)

Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
Cleaning up Redundant, Obsolete and Trivial Data to Reclaim Capacity and Mana...
 
How to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your applicationHow to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your application
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & Orchestration
 
Preso: LogLogic Agrees to Acquire Exaprotect
Preso: LogLogic Agrees to Acquire ExaprotectPreso: LogLogic Agrees to Acquire Exaprotect
Preso: LogLogic Agrees to Acquire Exaprotect
 
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
Enacting the Data Subjects Access Rights for GDPR with Data Services and Data...
 
BigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetBigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data Sheet
 
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...
Mydex Annual ICO Roundtable - Personal data & Data Protection Act by William ...
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection online
 
BigID Data Inventory & Data Mapping Data Sheet
BigID Data Inventory & Data Mapping Data SheetBigID Data Inventory & Data Mapping Data Sheet
BigID Data Inventory & Data Mapping Data Sheet
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
 
BigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and TaggingBigID's Smart Data Labeling and Tagging
BigID's Smart Data Labeling and Tagging
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developers
 
BigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR Compliance
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
 
BigID GDPR RoPA / Article 30 Automation Data Sheet
BigID GDPR RoPA / Article 30 Automation Data SheetBigID GDPR RoPA / Article 30 Automation Data Sheet
BigID GDPR RoPA / Article 30 Automation Data Sheet
 
It security
It securityIt security
It security
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
 
New Year’s Resolution - Improve Team Communication
New Year’s Resolution - Improve Team CommunicationNew Year’s Resolution - Improve Team Communication
New Year’s Resolution - Improve Team Communication
 

Similar to Personal data on the blockchain and GDPR compatibility

Distributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchainDistributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchainAlexandra Giannopoulou
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedStewart Norriss
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017Ray Bugg
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingSecurity Innovation
 
Combining Service Design and (Open) Data for Impact - SDN Global Conference, ...
Combining Service Design and (Open) Data for Impact - SDN Global Conference, ...Combining Service Design and (Open) Data for Impact - SDN Global Conference, ...
Combining Service Design and (Open) Data for Impact - SDN Global Conference, ...Snook
 
Keys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudKeys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudArmor
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and BlockchainSalman Baset
 
Personal identifiable information vs attribute data
Personal identifiable information vs attribute data Personal identifiable information vs attribute data
Personal identifiable information vs attribute data EleanorCollard
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceMongoDB
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?MicheleNati
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPiwik PRO
 
GDPR for Things - ThingsCon Amsterdam 2017
GDPR for Things - ThingsCon Amsterdam 2017GDPR for Things - ThingsCon Amsterdam 2017
GDPR for Things - ThingsCon Amsterdam 2017Saskia Videler
 
Dsdt meetup july2018
Dsdt meetup july2018Dsdt meetup july2018
Dsdt meetup july2018JDA Labs MTL
 
DSDT Meetup July 2018
DSDT Meetup July 2018DSDT Meetup July 2018
DSDT Meetup July 2018DSDT_MTL
 
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarDiscovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarConcept Searching, Inc
 

Similar to Personal data on the blockchain and GDPR compatibility (20)

Distributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchainDistributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchain
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data Shed
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
 
PII.pptx
PII.pptxPII.pptx
PII.pptx
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
GDPRforum London
GDPRforum LondonGDPRforum London
GDPRforum London
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Combining Service Design and (Open) Data for Impact - SDN Global Conference, ...
Combining Service Design and (Open) Data for Impact - SDN Global Conference, ...Combining Service Design and (Open) Data for Impact - SDN Global Conference, ...
Combining Service Design and (Open) Data for Impact - SDN Global Conference, ...
 
Keys To Better Data Security In the Cloud
Keys To Better Data Security In the CloudKeys To Better Data Security In the Cloud
Keys To Better Data Security In the Cloud
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and Blockchain
 
Personal identifiable information vs attribute data
Personal identifiable information vs attribute data Personal identifiable information vs attribute data
Personal identifiable information vs attribute data
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
 
GDPR for Things - ThingsCon Amsterdam 2017
GDPR for Things - ThingsCon Amsterdam 2017GDPR for Things - ThingsCon Amsterdam 2017
GDPR for Things - ThingsCon Amsterdam 2017
 
Dsdt meetup july2018
Dsdt meetup july2018Dsdt meetup july2018
Dsdt meetup july2018
 
DSDT Meetup July 2018
DSDT Meetup July 2018DSDT Meetup July 2018
DSDT Meetup July 2018
 
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarDiscovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
 

More from Alexandra Giannopoulou

Data protection by design and by default on the blockchain
Data protection by design and by default on the blockchainData protection by design and by default on the blockchain
Data protection by design and by default on the blockchainAlexandra Giannopoulou
 
Altered carbon: from the law of the sleeve to the law of the stack
Altered carbon: from the law of the sleeve to the law of the stackAltered carbon: from the law of the sleeve to the law of the stack
Altered carbon: from the law of the sleeve to the law of the stackAlexandra Giannopoulou
 
To share or not to share? machine generated data for science
To share or not to share? machine generated data for science To share or not to share? machine generated data for science
To share or not to share? machine generated data for science Alexandra Giannopoulou
 
Social reputation systems: it's about ethics in AI
Social reputation systems: it's about ethics in AISocial reputation systems: it's about ethics in AI
Social reputation systems: it's about ethics in AIAlexandra Giannopoulou
 
Athens Commons fest- Ο εθελοντικός δημόσιος τομέας
Athens Commons fest- Ο εθελοντικός δημόσιος τομέας Athens Commons fest- Ο εθελοντικός δημόσιος τομέας
Athens Commons fest- Ο εθελοντικός δημόσιος τομέας Alexandra Giannopoulou
 
We are all Diù: a tale of wiki edits, disgrace and Greek politics
We are all Diù: a tale of wiki edits, disgrace and Greek politicsWe are all Diù: a tale of wiki edits, disgrace and Greek politics
We are all Diù: a tale of wiki edits, disgrace and Greek politicsAlexandra Giannopoulou
 
Moral rights and the Creative Commons licenses
Moral rights and the Creative Commons licensesMoral rights and the Creative Commons licenses
Moral rights and the Creative Commons licensesAlexandra Giannopoulou
 
From technical protection measures to creative commons
From technical protection measures to creative commonsFrom technical protection measures to creative commons
From technical protection measures to creative commonsAlexandra Giannopoulou
 

More from Alexandra Giannopoulou (10)

Closing the circle:in Libra we trust?
Closing the circle:in Libra we trust?Closing the circle:in Libra we trust?
Closing the circle:in Libra we trust?
 
Data protection by design and by default on the blockchain
Data protection by design and by default on the blockchainData protection by design and by default on the blockchain
Data protection by design and by default on the blockchain
 
Altered carbon: from the law of the sleeve to the law of the stack
Altered carbon: from the law of the sleeve to the law of the stackAltered carbon: from the law of the sleeve to the law of the stack
Altered carbon: from the law of the sleeve to the law of the stack
 
To share or not to share? machine generated data for science
To share or not to share? machine generated data for science To share or not to share? machine generated data for science
To share or not to share? machine generated data for science
 
Social reputation systems: it's about ethics in AI
Social reputation systems: it's about ethics in AISocial reputation systems: it's about ethics in AI
Social reputation systems: it's about ethics in AI
 
Athens Commons fest- Ο εθελοντικός δημόσιος τομέας
Athens Commons fest- Ο εθελοντικός δημόσιος τομέας Athens Commons fest- Ο εθελοντικός δημόσιος τομέας
Athens Commons fest- Ο εθελοντικός δημόσιος τομέας
 
We are all Diù: a tale of wiki edits, disgrace and Greek politics
We are all Diù: a tale of wiki edits, disgrace and Greek politicsWe are all Diù: a tale of wiki edits, disgrace and Greek politics
We are all Diù: a tale of wiki edits, disgrace and Greek politics
 
Moral rights and the Creative Commons licenses
Moral rights and the Creative Commons licensesMoral rights and the Creative Commons licenses
Moral rights and the Creative Commons licenses
 
Les licences creative commons
Les licences creative commonsLes licences creative commons
Les licences creative commons
 
From technical protection measures to creative commons
From technical protection measures to creative commonsFrom technical protection measures to creative commons
From technical protection measures to creative commons
 

Recently uploaded

Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝soniya singh
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxsrikarna235
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》o8wvnojp
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionNilamPadekar1
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书FS LS
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 
Arbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaArbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaNafiaNazim
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptjudeplata
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书Fir L
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 

Recently uploaded (20)

Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptx
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 
Arbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaArbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in India
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 

Personal data on the blockchain and GDPR compatibility

  • 1. Controlling your data: the competing visions of blockchains and the GDPR Personal data on the blockchain and GDPR compatibility Alexandra Giannopoulou Blockchain and Society Policy Lab Institute for Information Law (IViR) University of Amsterdam Amsterdam Privacy Conference
  • 2. Which data do we store on the blockchain? • Plain text data • Transactional data
  • 3. Which data do we store on the blockchain? • Plain text data You probably shouldn’t and you probably don’t • Transactional data
  • 4. Which data do we store on the blockchain? • Plain text data You probably shouldn’t and you probably don’t • Transactional data Metadata Encrypted personal data Hashed personal data
  • 5. Anonymous data are not personal data according to the GDPR What does the law say?
  • 6. Anonymous data are not personal data according to the GDPR BUT Pseudonymous data are personal data subject to GDPR What does the law say?
  • 8. What’s the difference? Definitions matter Anonymous data ≠ Pseudonymous data
  • 9. What’s the difference? Definitions matter Anonymous data ≠ Pseudonymous data information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. personal data that can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
  • 10. What does that mean for the blockchain data?
  • 11. What does that mean for the blockchain data? Article 29 WP on anonymisation : processing personal data in order to irreversibly prevent identification • Hashing ? • Asymmetric cryptography? NO
  • 12. What does that mean for the blockchain data? Data qualified as personal data are essential to the functioning of the blockchain Identification of irreversibly anonymous data and the respective processes that produce them in the blockchain environment
  • 14. Solutions ? Technical solutions Legal solutions • Store data off-chain Is it possible for all types of personal data?
  • 15. Solutions ? Technical solutions Legal solutions • Store data off-chain Is it possible for all types of personal data? • Use privacy enhancing technologies Which ones? Are we going to standardize them?
  • 16. Solutions ? Technical solutions Legal solutions • Store data off-chain Is it possible for all types of personal data? • Use privacy enhancing technologies Which ones? Are we going to standardize them? Data qualified as personal data are essential to the functioning of the blockchain
  • 17. Solutions ? Technical solutions Legal solutions • Store data off-chain Is it possible for all types of personal data? • Use privacy enhancing technologies Which ones? Are we going to standardize them? Data qualified as personal data are essential to the functioning of the blockchain Adopt the law to the blockchain standards?
  • 18. Consequences If the law accepts some technological standards for anonymization: Can users turn to developers on the grounds of data minimization for not using the privacy-appropriate technology? How about the right to data amendment? If the data is stored forever on the blockchain, do anonymous data become pseudonymous after a process of technological evolution? What are the legal rights on these personal data?

Editor's Notes

  1. Encryption is considered a pseudonymisation technique under the EU data protection regime given that the data subject can still be indirectly identified so that it can, on its own, not be considered as an anonymisation technique. Transactional data that has been subject to a hashing process also qualifies as personal data under the GDPR. Whereas a one-way hash function that cannot be reverse-engineered can offer stronger privacy guarantees than encryption it will not allow data to evade the qualification as personal data for GDPR purposes. The Article 29 Working Party has been unequivocal that hashing constitutes a technique of pseudonymisation, not anonymisation as it is still possible to link the dataset with the data subject