Data Protection in the Blockchain Environment: GDPR is not a Hurdle to Permissionless DLT Solutions

Ciberspazio e diritto, vol. 19, n. 61 (3 - 2018), pp. 457-20

13 Pages Posted: 17 May 2019 Last revised: 9 Aug 2019

Date Written: May 1, 2018

Abstract

Public keys and hashes are the two fundamental cryptographic solutions commonly used to develop blockchain networks. They are considered almost unanimously pseudonymous data, that is personal data concealed behind an alphanumeric string that, in combination with additional information, can be nevertheless linked to a specific individual. If this were true, the development of blockchain technology would be hurdled by the necessity to comply with GDPR. In this paper, I held that the definition of personal data, albeit in the form of pseudonymous data, set forth in Directive 95/46/EC and today in the GDPR (taking into account the CJEU interpretation and Article 29 Working Party opinion) does not apply to either the public keys or the hashes as they are used in a blockchain. Indeed, they are not used for concealing identities but rather to solve a technical problem (the so-called double spending problem) creating trust in a peer-to-peer network. Hence, although they could be (and sometimes are) used to carry out advanced digital forensic searches to track down the identity of the private key holders, they are not actually designed to conduct or allow for such searches and, consequently, they should be considered neither personal nor pseudonymous data.

Keywords: blockchain, permissionless, GDPR, hash, DLT, personal data, pseudonymous data

Suggested Citation

Rampone, Francesco, Data Protection in the Blockchain Environment: GDPR is not a Hurdle to Permissionless DLT Solutions (May 1, 2018). Ciberspazio e diritto, vol. 19, n. 61 (3 - 2018), pp. 457-20, Available at SSRN: https://ssrn.com/abstract=3383619

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
199
Abstract Views
1,044
Rank
303,627
PlumX Metrics