Blockchains and Data Protection in the European Union

32 Pages Posted: 6 Dec 2017 Last revised: 7 Feb 2018

See all articles by Michèle Finck

Michèle Finck

Eberhard-Karls University Tübingen

Date Written: November 30, 2017


This paper examines data protection on blockchains and other forms of distributed ledger technology (‘DLT’). Transactional data stored on a blockchain, whether in plain text, encrypted form or after having undergone a hashing process, constitutes personal data for the purposes of the GDPR. Public keys equally qualify as personal data as a matter of EU data protection law. We examine the consequences flowing from that state of affairs and suggest that in interpreting the GDPR with respect to blockchains, fundamental rights protection and the promotion of innovation, two normative objectives of the European legal order, must be reconciled. This is even more so given that, where designed appropriately, distributed ledgers have the potential to further the GDPR’s objective of data sovereignty.

Keywords: blockchain, distributed ledger technology, data, data protection, encryption, regulation, EU law

Suggested Citation

Finck, Michèle, Blockchains and Data Protection in the European Union (November 30, 2017). Max Planck Institute for Innovation & Competition Research Paper No. 18-01, Available at SSRN: or

Michèle Finck (Contact Author)

Eberhard-Karls University Tübingen ( email )


Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics