It is so far: The General data protection regulation (DSGVO) enters into force. Highly problematic, and many are unclear of the problems caused by the new data protection law in the public block chains. The right to be Forgotten collides on the Not-to-Forget. The principle of Central accountability stumbles on the decentralization. How can the Blockchain and crypto-currencies.
After two years of grace period, the DSGVO circuit finally enters into force. With its boundless scope and the hefty penalties of up to 20 million euros, or 4 percent of global annual turnover it has already in the entire business world made a splash. So far, less attention she found in the area of the block chains.
The DSGVO apply at all to block chains?
As the first questions as to the compatibility of Bitcoin and the DSGVO were made, applied some, the Blockchain is anonymous. As everybody knows, the block chains in the case of Ethereum and Bitcoin is not anonymous, but pseudonymous. Thus, the DSGVO may not apply to you.
In addition, the scope of the DSGVO is extremely wide.
First of all, in territorial terms, due to the digital networking and the attractive European economic area, de facto, worldwide applicable, namely, in accordance with article 3 DSGVO put simply, if the data of EU citizens to be processed or a data processing within the EU takes place.
In addition, the data-processing operations are an intrinsic part of the functioning of a Blockchain, how do you become a stronger focus of DSGVO.
Personal data in the Blockchain
Of course, the processing is not sufficient any data. It must be personal data – this clears the DSGVO directly in their first articles (art. 1, Para. 1 and art. 2, Para. 1 DSGVO). Personal data are in accordance with the Definition in art. 4, Para. 1 DSGVO “all of the information to an identified or identifiable natural Person […]”
The Blockchain stores all transactions. With this transaction data contains information about the each of the Bitcoin addresses associated with the assets and cash flows. Thus, the corresponding additional reference to the people behind know (always easier). Because the stored Hashes serve the user identifier. Thus, they are based for those people persons who can have the necessary Knowledge or obtain this Information (with proportionate resources) to be allocated to a specific Person – for example, if a trading exchange, a marketplace or a shop is involved.
Thus, the DSVGO to public blockchains is applicable.
Responsible in a public Blockchain
Against whom can be associated with obligations because all set to go through? Who is responsible for any violations of the DSGVO responsible? Responsible, in accordance with article 4 no. 7 DSGVO, who decides alone or jointly with others determines the purposes and means of the processing of personal data. It is, therefore, the actual Power to control the Blockchain.
The example of Satoshi Nakamoto, it is clear that it can’t be the one who has programmed the Blockchain and start: After the Start, he has given the control completely out of Hand.
The Miner can also be seen as Responsible. Their influence is only limited to Calculate new Blocks. They have no influence on the content of, nor any real decision. You only supply the computing power.
The Full Nodes, however, is different: any person Who engages in a transaction and this information distributed or in its copy of the Blockchain enters, is processed data that is part of the network, and pursues its own economic purposes, and according to the DSGVO responsible.
K. O. by affected rights
In addition to a number of other rights and obligations of the DSGVO governs as the most powerful law is the one to be Forgotten (article 17 DSGVO). Thus, the obligation to delete them hits the responsible Node.
It is in the nature of the Blockchain, that data will not be changed or deleted, but stored permanently. As a result, the decentralized public Think is justified and the trust of the public in the first place. Moreover, the complete Deletion of data in the public block chains is theoretically possible but practically extremely difficult. Because the Deletion of individual data, the Hash of the block and all following Blocks would be changed.
Finally, the basic idea of the Blockchain has become so popular, that in your immutability can be trusted without the state institutions they control.
They are now being asked, and that it is subsequently changing, in block chains to be interfered with, destroyed the basic idea of a public Blockchain. And hence their function.
However, even if the deletion occurs when a Node does not lead to deletion of all the other Nodes, since only new transactions are communicated. Therefore, the data are still in the Blockchain. Now would have to go through the Node, deleted the data already, a message to all other Nodes of the network that a data subject has requested Erasure of their data. The writes to art. 17, Para. 2 DSGVO before, if the Controller has made the data public.
How is that supposed to happen, nobody knows.
The applicability of the DSGVO block-chains has not been considered in their drafting apparently. Thus, considerable practice with today’s entry into force problems. Exchanges and marketplaces that allow for currencies in a trade with Bitcoin and other Crypto, significant liability risks. Uncertainty exists also for all private Nodes, where they are regarded as Responsible. It remains to be seen how the Supervisory authorities and courts will decide in the case of public Blockchains. In addition, it will show how to find the affected persons due to the decentralized and open design of the Blockchain Responsible, to assert their rights.
Who would not want to come in, the risk of liability, should examine its processes is therefore essential to data protection compliance, the possible penalties can not be paid with Bitcoins.