| Summary: | Blockchain technology could bring many advantages to our society, in many different areas. In particular, it could improve individuals’ control over their data. Through blockchain, data could be shared easily and in a secure way among different actors, thus preventing its accumulation in single points of failure. As the use of blockchain technology becomes widespread, its compatibility with Regulation (EU) 2016/679 (the General Data Protection Regulation, ‘GDPR’ or ‘Regulation’ hereafter) has emerged as a point of tension. Some have argued that blockchain pursues the same objectives as the GDPR, but it does so in ways which are different from those established by the Regulation. This is mainly due to the fact that the Regulation implies a centralized data collection system, where it is possible to single out an accountable central entity, against which users’ rights have to be safeguarded. Whereas, in public permissionless blockchain projects, the network is decentralized, no single entity is responsible for it, and the decision-making power is shared among different stakeholders. It has been argued that this incompatibility, and the resulting regulatory uncertainty, will asphyxiate the development of this technology. Being the Ethereum blockchain the one which, at the time of writing, promises to be the most suitable to be adopted in a variety of use cases, this paper assesses whether, having regard to the allocation of GDPR responsibility roles, to the legal bases and principles of data processing, and to the data subject’s rights, it is possible to consider the Ethereum blockchain GDPR-compatible.
|
|---|