Understanding the Intersection of Blockchains and GDPR

Slide Note
Embed
Share

Exploring key concepts like data minimization, mutability vs. immutability, erasure, accountability, and responsibility in the context of GDPR regulations and how they relate to blockchains. The article delves into aspects such as personal data relevance, rectification rights, the right to be forgotten, and the role of data controllers in ensuring compliance with GDPR requirements.

swa_win
swa_win Follow

Uploaded on Oct 05, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Blockchains & the GDPR MICHELE FINCK MAX PLANCK INSTITUTE FOR INNOVATION AND COMPETITION UNIVERSITY COLLEGE LONDON

  2. Data Minimization Article 5(1)(c) GDPR Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed . Blockchains as append-only ledgers Resilience by replication What ought to be minimized? Quantity of data? Or certain categories of data (sensitive data, pseudonymize data etc)?

  3. Mutability vs Immutability Article 16 GDPR (The Right to Rectification) The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement .

  4. Mutability vs Immutability Article 17 GDPR (The Right to Erasure / to be Forgotten) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay hand the controller shall have the obligation to erase personal data without undue delay where ( ) Qualified Right Data are no longer necessary in relation to the purposes ( ) - The data subject withdraws consent - The data subject objects to the processing - Personal data has been unlawfully processed - Limited Right Compliance with a legal obligation - Freedom of expression -

  5. The Meaning of Erasure? Google Spain (2014): delist from search results Austrian Data Protection Authority (05.12.2018): anonymization as a means of achieving erasure ICO: put data beyond use (can be through anonymisation) Nowak (2017): erased, that is to say destroyed . CNIL: for encrypted data: destruction of private key

  6. Accountability and Responsibility: The Data Controller Centralization vs decentralization Article 4(7) GDPR: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The data controller determines the why and how of personal data processing. Google Spain: need to adopt a broad definition of controllership to ensure the effective and complete protection of data subjects Duties: Article 24 GDPR (DPb&DPbD, comply with DS rights etc)

  7. Joint Controllers Article 26(1) GDPR: Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers . Wirtschaftsakademie Schleswig Holstein agreement to M&P = det. M&P Jehovah Witnesses no need for physical control over the data a natural or legal person who exerts influence over the processing of personal data, for his own purposes, and who participates, as a result, in the determination of the purposes and means of that processing, may be regarded as a controller . AG Bobek in FashionID - when pushed to the extreme the only criterion is whether data processing has been made possible. Is anyone a joint controller now?

  8. The Data Controller & Blockchains Reality: there is not *one* DC need to look at technical and contextual factors (governance!) regarding each DLT-enabled personal data processing. Design: public/permissionless or private & permissioned? Perspective: system or transaction? Ecosystem: infrastructure or application?

  9. The Data Controller & Blockchains Core developers: suggest but don t decide on software updates, don t determine purposes. But: SC dev that determine purposes = C. Miners: decide on software to be used (means) but not purposes (unless one considers their own profit-making objective as a purpose). Nodes: P: reason to join? M: software & can freely decide what to do with data. Applications: JC where determination of M and P. Users: DC as determine P (objective) and M (choice of platform).

  10. Article 26 GDPR Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject. The arrangement may designate a contact point for data subjects. The arrangement referred to in paragraph 1 shall duly reflect the respective roles and relationships of the joint controllers vis- -vis the data subjects. The essence of the arrangement shall be made available to the data subject. Irrespective of the terms of the arrangement referred to in paragraph 1, the data subject may exercise his or her rights under this Regulation in respect of and against each of the controllers .

  11. The Benefits of Blockchains for Data Protection Accountability who accessed data when? Compliance with the data controller s obligations under Article 24 GDPR More control for data subjects over their personal data A tool for increased data-sharing (also NPD)?

  12. Thank you! mf@michelefinck.eu @finck_m

Related


Understanding GDPR: Key Points and Implications for University Communications Officers

Understanding GDPR: Key Points and Implications for University Communications Officers

alivia
Understanding Blockchains: Solving Trust Issues in Distributed Systems

Understanding Blockchains: Solving Trust Issues in Distributed Systems

kaz_e
Understanding GDPR: A Quick Guide to Compliance

Understanding GDPR: A Quick Guide to Compliance

hetty
Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

helena
Understanding GDPR and Data Protection for Businesses

Understanding GDPR and Data Protection for Businesses

ful_mel
Understanding the EU General Data Protection Regulation (GDPR)

Understanding the EU General Data Protection Regulation (GDPR)

abdiel
Comprehensive Overview of GDPR and Information Law Updates

Comprehensive Overview of GDPR and Information Law Updates

drael
Understanding the EU General Data Protection Regulation (EU GDPR)

Understanding the EU General Data Protection Regulation (EU GDPR)

armand
Understanding the European Union General Data Protection Regulation (GDPR)

Understanding the European Union General Data Protection Regulation (GDPR)

itrel
Understanding GDPR: Guidelines for Occupational Health Professionals

Understanding GDPR: Guidelines for Occupational Health Professionals

subhan
Understanding GDPR for Union Representatives

Understanding GDPR for Union Representatives

yassmi
Keeping Safe and GDPR Conference Agenda

Keeping Safe and GDPR Conference Agenda

wies_y
Understanding the Fundamentals of Blockchains

Understanding the Fundamentals of Blockchains

hafsa
Batching Techniques for Accumulators: Applications to IOPs and Blockchains

Batching Techniques for Accumulators: Applications to IOPs and Blockchains

whit
Addressing The Quantum Threat: The Quantum Resistant Ledger

Addressing The Quantum Threat: The Quantum Resistant Ledger

pearl
The Future of Blockchain Technology: A Crossroad Overview

The Future of Blockchain Technology: A Crossroad Overview

tjay
Enhancing Intersection Safety Database in Kentucky

Enhancing Intersection Safety Database in Kentucky

saraean
Phased Array Antenna Design for Smart Intersection Radar Using Analog Devices ADAR-1000

Phased Array Antenna Design for Smart Intersection Radar Using Analog Devices ADAR-1000

ellamay
Understanding General Data Protection Regulation (GDPR)

Understanding General Data Protection Regulation (GDPR)

lakaylasc
Understanding Data Privacy Laws and Regulations in Saudi Arabia

Understanding Data Privacy Laws and Regulations in Saudi Arabia

twyla
Understanding Pharmacy Revalidation and GDPR with Leyla Hannbeck

Understanding Pharmacy Revalidation and GDPR with Leyla Hannbeck

yasmine
Understanding the Role of Data Protection Officers (DPOs) in GDPR Compliance

Understanding the Role of Data Protection Officers (DPOs) in GDPR Compliance

flint
Understanding GDPR Consent and Validity for Data Processing

Understanding GDPR Consent and Validity for Data Processing

moos_ak
Understanding the Right to an Explanation in GDPR and AI Decision Making

Understanding the Right to an Explanation in GDPR and AI Decision Making

leximae

More Related Content

Overview of Data Protection Regulations and Compliance Framework
Overview of Data Protection Regulations and Compliance Framework
Preparing for EU General Data Protection Regulation with Revd. Mark James
Preparing for EU General Data Protection Regulation with Revd. Mark James
Enhancing GDPR Compliance with SIMS Reporting
Enhancing GDPR Compliance with SIMS Reporting
Intersection Analysis and Improvement Proposal for Beach Drive and Wexford Drive
Intersection Analysis and Improvement Proposal for Beach Drive and Wexford Drive
Efficient and Scalable Protocol for Private Set Intersection in Big Data Security
Efficient and Scalable Protocol for Private Set Intersection in Big Data Security
Line Segment Intersection
Line Segment Intersection
Update on General Data Protection Regulation and Law Enforcement Directive
Update on General Data Protection Regulation and Law Enforcement Directive
Understanding Blockchain Data Structures and Hyperledger Implementation
Understanding Blockchain Data Structures and Hyperledger Implementation
Understanding Blockchain Vulnerabilities to Quantum Attacks
Understanding Blockchain Vulnerabilities to Quantum Attacks
Exploring the Role of Blockchain as a Trusted Third Party in Decentralized Systems
Exploring the Role of Blockchain as a Trusted Third Party in Decentralized Systems
Cybersecurity and Computer Science Education Projects at UH Maui College
Cybersecurity and Computer Science Education Projects at UH Maui College
OmniSource - Revolutionizing Cross-Chain Trading
OmniSource - Revolutionizing Cross-Chain Trading
The Intersection of Faith and Psychology: Exploring Complexities and Challenges
The Intersection of Faith and Psychology: Exploring Complexities and Challenges
Intersection of Medicaid Health Homes and Criminal Justice: Collab Program
Intersection of Medicaid Health Homes and Criminal Justice: Collab Program
Intersection of Ecofeminism and Feminist Theory
Intersection of Ecofeminism and Feminist Theory
Intersection of Higher Education, Private Sector, and Government in Technology and Economic Development
Intersection of Higher Education, Private Sector, and Government in Technology and Economic Development
Case Study Discussion at the Intersection of Family Law, Domestic Violence, and Immigration
Case Study Discussion at the Intersection of Family Law, Domestic Violence, and Immigration
Solving the McFarland Intersection Accident Challenge
Solving the McFarland Intersection Accident Challenge
Navigating Intersection of Disability & Conduct in Academic Settings
Navigating Intersection of Disability & Conduct in Academic Settings
Efficient Line Segment Intersection Algorithm
Efficient Line Segment Intersection Algorithm
Muslim Americans at the Intersection of Religious Freedom and Racial Justice
Muslim Americans at the Intersection of Religious Freedom and Racial Justice
Semantic Tool for Personal Information Protection
Semantic Tool for Personal Information Protection
Unveiling Key Concepts of Learner Analytics
Unveiling Key Concepts of Learner Analytics
Ensuring Safe Data Practices: A Guide to Data Protection
Ensuring Safe Data Practices: A Guide to Data Protection