Putting Data Protection by Design on the Blockchain
Abstract
The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures -necessary in a blockchain-based system- approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced.
Links
anonymity, blockchain, Data Protection by Design, encryption, EU General Data Protection Regulation, frontpage, Privacy
Bibtex
Article{Giannopoulou2021,
title = {Putting Data Protection by Design on the Blockchain},
author = {Giannopoulou, A.},
doi = {https://doi.org/10.21552/edpl/2021/3/7},
year = {1022},
date = {2021-10-22},
journal = {European Data Protection Law Review},
volume = {7},
number = {3},
pages = {388-399},
abstract = {The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures -necessary in a blockchain-based system- approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced.},
keywords = {anonymity, blockchain, Data Protection by Design, encryption, EU General Data Protection Regulation, frontpage, Privacy},
}