Amsterdam Privacy Conference 2018. Workshop entitled: "Controlling your data: the competing visions of blockchains and GDPR" organised by the Blockchain and Society Policy Lab, IViR
Personal data on the blockchain and GDPR compatibility
1. Controlling your data: the competing visions of
blockchains and the GDPR
Personal data on the blockchain and GDPR
compatibility
Alexandra Giannopoulou
Blockchain and Society Policy Lab
Institute for Information Law (IViR)
University of Amsterdam
Amsterdam Privacy Conference
2. Which data do we store on the blockchain?
• Plain text data
• Transactional data
3. Which data do we store on the blockchain?
• Plain text data
You probably shouldn’t and you probably don’t
• Transactional data
4. Which data do we store on the blockchain?
• Plain text data
You probably shouldn’t and you probably don’t
• Transactional data
Metadata
Encrypted personal data
Hashed personal data
5. Anonymous data are not personal data according to the GDPR
What does the law say?
6. Anonymous data are not personal data according to the GDPR
BUT
Pseudonymous data are personal data subject to GDPR
What does the law say?
9. What’s the difference?
Definitions matter
Anonymous data ≠ Pseudonymous data
information which does not relate to an
identified or identifiable natural person
or to personal data rendered anonymous
in such a manner that the data subject is
not or no longer identifiable.
personal data that can no longer be
attributed to a specific data subject
without the use of additional
information, provided that such
additional information is kept separately
and is subject to technical and
organizational measures to ensure that
the personal data are not attributed to
an identified or identifiable natural
person
11. What does that mean for the blockchain data?
Article 29 WP on anonymisation :
processing personal data in order to irreversibly prevent
identification
• Hashing ?
• Asymmetric cryptography?
NO
12. What does that mean for the blockchain data?
Data qualified as personal data are essential to the functioning of the
blockchain
Identification of irreversibly anonymous data and the respective processes that
produce them in the blockchain environment
15. Solutions ?
Technical solutions
Legal solutions
• Store data off-chain
Is it possible for all types of personal data?
• Use privacy enhancing technologies
Which ones?
Are we going to standardize them?
16. Solutions ?
Technical solutions
Legal solutions
• Store data off-chain
Is it possible for all types of personal data?
• Use privacy enhancing technologies
Which ones?
Are we going to standardize them?
Data qualified as personal data are essential to the functioning of the
blockchain
17. Solutions ?
Technical solutions
Legal solutions
• Store data off-chain
Is it possible for all types of personal data?
• Use privacy enhancing technologies
Which ones?
Are we going to standardize them?
Data qualified as personal data are essential to the functioning of the
blockchain
Adopt the law to the blockchain standards?
18. Consequences
If the law accepts some technological standards for anonymization:
Can users turn to developers on the grounds of data minimization for not
using the privacy-appropriate technology? How about the right to data
amendment?
If the data is stored forever on the blockchain, do anonymous data become
pseudonymous after a process of technological evolution?
What are the legal rights on these personal data?
Encryption is considered a pseudonymisation technique under the EU data protection regime given that the data subject can still be indirectly identified so that it can, on its own, not be considered as an anonymisation technique.
Transactional data that has been subject to a hashing process also qualifies as personal data under the GDPR. Whereas a one-way hash function that cannot be reverse-engineered can offer stronger privacy guarantees than encryption it will not allow data to evade the qualification as personal data for GDPR purposes. The Article 29 Working Party has been unequivocal that hashing constitutes a technique of pseudonymisation, not anonymisation as it is still possible to link the dataset with the data subject