The Puzzle of Squaring Blockchain with the General Data Protection Regulation

Jurimetrics Journal, 2020

61 Pages Posted: 22 Jul 2020

See all articles by Raffi Teperdjian

Raffi Teperdjian

George Washington University - Law School

Date Written: June 29, 2020


Blockchain is a revolutionary technology that enables the secure recording and storage of transactions without the need for a trusted third-party intermediary. This distributed ledger technology has the potential to mainstream entirely new, decentralized business models where determining the operation of a blockchain-based product or service is decided democratically among the systems users. Because of the way that it works, blockchain presents a significant challenge for the European Union’s General Data Protection Regulation (GDPR). The GDPR is the leading privacy law in the world, serving as a template for privacy laws in many countries and affecting a vast number of multinational organizations. Blockchain, unfortunately, fits rather poorly in the GDPR’s regulatory framework. This is primarily because the legislation makes the assumption that the entities that define the means and purpose of processing users’ personal data, that is, the Data Controllers, are readily identifiable and remain constant. In blockchains with decentralized data governance, where a user’s role can vary over time, this assumption is often false. Several commissions in the European Union have tried to tackle the conundrum of how to fit blockchain into the GDPR’s framework, but the analysis and recommendations of these bodies has failed to adequately resolve the conflicts. This Article is the first to provide an overview of blockchain technology that distinguishes between the variety of centralized and decentralized data governance models. To bring about the truly revolutionary applications of blockchain while ensuring adequate individual personal data protections, this Article proposes that the European Union eliminate untenable GDPR data controller obligations for blockchains with decentralized data governance models.

Keywords: GDPR, blockchain, bitcoin, distributed ledger technology, information privacy law, cryptocurrency, data controller, data subject

Suggested Citation

Teperdjian, Raffi, The Puzzle of Squaring Blockchain with the General Data Protection Regulation (June 29, 2020). Jurimetrics Journal, 2020, Available at SSRN:

Raffi Teperdjian (Contact Author)

George Washington University - Law School ( email )

2000 H Street, N.W.
Washington, DC 20052
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics