About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

2 Eur. Data Prot. L. Rev. 422 (2016)
Blockchain Technology and the GDPR - How to Reconcile Privacy and Distributed Ledgers?

handle is hein.journals/edpl2 and id is 448 raw text is: 


422 I Reports


Practitioner's Corner


Blockchain Technology and the GDPR - How to Reconcile Privacy

and Distributed Ledgers?

        Matthias Berberich and Malgorzata Steiner*

        Blockchain technology raises a multitude of legal questions that are still in early stages of
        discussion. While legal research is so far mainly focused on financial regulation of cryp-
        tocurrencies, distributed ledger technology in general brings considerable privacy implica-
        tions. While the EU Commission expects the new General Data Protection Regulation and
        its technological neutrality to enable 'innovation to continue to thrive under the new rules,'1
        some features of Blockchain pose questions under EU data protection principles.


I. Technical Core Features and Use
   Cases of the Blockchain Technology

Blockchain (BC) is widely depicted as the most dis
ruptive technology since the advent of the Internet.
While this technology was used at first for the virtu
al currency Bitcoin, its current applications go far be
yond cryptocurrencies, and its potential is compared
with the TCP/IP protocol that forms the backbone of
today's Internet. A vast scope of business models can
be built upon BC, ranging from FinTech products like
cryptosecurities or 'smart bonds' over 'smart proper
ty' registers, to so called 'smart contracts' with trans
actional protocols which assume the formation, per
formance and execution of a fully electronic contract.
   In essence, BC is a distributed ledger technology
with three constituting elements.2 Firstly, BC is a con
tinuously amended and persistent ledger, which
means that all transactions effected on BC are perpet
ually stored. New transaction information is added
in a new block and connected to the previous block


    Dr Matthias Berberich, LL.M. (Cambridge), is Attorney-at-Law and
    visiting lecturer at the Humboldt University Berlin; Malgorzata
    Steiner, MPP (Harvard), is former Head of Department in the
    Ministry of Administration and Digitisation in Poland and Senior
    Advisor at the Stiftung Neue Verantwortung in Berlin.
1   European Commission, 'Questions and Answers - Data protection
    reform' (Press release, 21 December 2015) <http://europa.eu/
    rapid/press-release MEMO-15-6385_en.htm> accessed 13 Au-
    gust 2016.
2 For technical details cfJeni Tennison, 'How might we use
    blockchains outside cryptocurrencies?' (21 May 2015) <http://
    www.jenitennison.com/2015/05/21/blockchain.html> accessed
    13 August 2016; especially on BITCOIN cf Satoshi Nakamoto,
    'Bitcoin: a peer-to-peer electronic cash system' (Bitcoin, 2012)


in the chain, so that a BC will grow over time and in
clude all transactions ever made. Secondly, BC is a
distributed peer to peer ledger, stored on every node
of the system as a complete BC copy. If new transac
tions are effected, the majority of nodes must verify
the legitimacy of the effected transaction and, if con
firmed, every BC copy is updated accordingly. With
this distributed authentication process, the core fea
ture of BC is the lack of a central entity or intermedi
ary. And thirdly, BC is asymmetrically encrypted and
requires private and public keys to effect transactions.
   The recent enactment of the General Data Protec
tion Regulation 2016/679 (GDPR), which shores up
the level of data protection throughout the EU and
expands its territorial scope (II.), might bring a ten
sion between general data protection principles and
the core features of BC technology3: If encrypted, BC
transactions involve personal data and are not fully
anonymous (III.), the decentralised BC nature with
out a central entity as data controller will pose a chal
lenge for regulators (IV). Moreover, the persistence


   <https://bitcoin.org/bitcoin.pdf> accessed 13 August 2016;
   Michael Nielsen, 'How the bitcoin actually works' (DDI, 6 De-
   cember 2013) <http://www.michaelnielsen.org/ddi/how-the
   -bitcoin-protocol-actually-works> accessed 13 August 2016.
3   For privacy as a general issue for blockchains see also Markus
    Kaulartz, 'Die Blockchain-Technologie, Hintergrwnde zur Distrib-
    uted Ledger Technology und zu Blockchains' (2016) Computer
    und Recht 474, 479; Donald B Johnston, 'More on the Law of the
    Blockchain' (Lexology, 11 April 2016) http://www.lexology.com/li-
    brary/detail.aspx?g-eel Oaa0f-3447-4088-81 dd-7521244fecb3 ac-
    cessed 13 August 2016; Gregory Brandman and Samuel Tham-
    papillai, 'Blockchain- Considering the Regulatory Horizon' (Uni-
    versity of Oxford, 7 July 2016) https://www.law.ox.ac.uk/business-
    law-blog/blog/2016/07/blockchain-%E2%80%93-considering-reg-
    ulatory-horizon accessed 13 August 2016.


EDPL 312016

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most