A blockchain is a class of technology that allows the creation and management of different forms of decentralised and distributed digital ledgers where data are stored, chronologically recorded, transferred and finally shared between the ‘nodes’ participating in a peer-to-peer network. These features prima facie clash with the GDPR that informs the EU data protection legislation and is based on a centralised representation of the reality in which data are processed, collected, and recorded in a database controlled by identified subjects. The underpinning idea of this article is diametrically opposed to the one which considers the technology not GDPR-compliant by default. First, the author argues that the points of tension can be mitigated by technical and/or governance methods, thus acting at both application and infrastructure level. In essence, a case-by-case analysis is the only feasible option to assess the compliance between the regulation and the technology. Second, a further and closer look at blockchain’s underlying concepts reveals how both the GDPR and the blockchain have the same purposes but different approaches. More interestingly, the article suggests that the blockchain could be seen as a Privacy Enhancing Technology (PET), which might help data subjects gain more control over their personal data and hence support one of the GDPR’s purposes (recital 7).

Blockchain and the General Data Protection Regulation: an irreconcilable regulatory approach? / Enza Cirone. - In: LAW JOURNAL. - ISSN 1470-3335. - ELETTRONICO. - QMLJ (2021) 2, 15:(2021), pp. 15-35. [10.26494/QMLJ3939]

Blockchain and the General Data Protection Regulation: an irreconcilable regulatory approach?

Enza Cirone
2021

Abstract

A blockchain is a class of technology that allows the creation and management of different forms of decentralised and distributed digital ledgers where data are stored, chronologically recorded, transferred and finally shared between the ‘nodes’ participating in a peer-to-peer network. These features prima facie clash with the GDPR that informs the EU data protection legislation and is based on a centralised representation of the reality in which data are processed, collected, and recorded in a database controlled by identified subjects. The underpinning idea of this article is diametrically opposed to the one which considers the technology not GDPR-compliant by default. First, the author argues that the points of tension can be mitigated by technical and/or governance methods, thus acting at both application and infrastructure level. In essence, a case-by-case analysis is the only feasible option to assess the compliance between the regulation and the technology. Second, a further and closer look at blockchain’s underlying concepts reveals how both the GDPR and the blockchain have the same purposes but different approaches. More interestingly, the article suggests that the blockchain could be seen as a Privacy Enhancing Technology (PET), which might help data subjects gain more control over their personal data and hence support one of the GDPR’s purposes (recital 7).
QMLJ (2021) 2, 15
15
35
Enza Cirone
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/2158/1281686
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact