Blockchain and Data Protection in Germany

Decentralized blockchain vs. centralized data protection

For some time, experts have debated whether and how, if at all, blockchain technology may be used in Europe in compliance with data protection regulations. Because: As GDPR pursues a centralized data processing concept, it seems to be in contradiction with the decentralized nature of blockchain technology.

In this context, blockchain and data privacy should not be understood as a contradiction. The apparent obstacles with data privacy in blockchain can not only be solved, blockchain can even help to implement data protection in practice.

Blockchains use personal data

Various data qualify as personal data within the meaning of the GDPR. Typically, the data stored on blockchains also include personal data. These data are at the heart of the protection provided by the GDPR.

Article 4 no. 1 of the GDPR defines personal data as any information relating to an identified or identifiable natural person. A identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as

• a name,
• an identification number,
• location data,
• an online identifier

or to one or more factors specific to the

• physical,
• physiological,
• genetic,
• mental,
• economic,
• cultural, or
• social

identity of that natural person.

A blockchain does not store data falling within the scope of this definition. But it keeps a record of a hash which is visible to all users. This hash marks a transaction and refers to the associated data record.

While it is contentious whether a single hash falls within the definition of “personal data”, several connected hashes can undoubtedly be used to make a natural person identifiable. As a result, blockchain technology falls into the GDPR's scope of application.

Right to erasure and the blockchain

Application of the GDPR to blockchain technology gives rise to a number of additional legal issues, which developers will have to deal with in the future. The following questions may arise with regard to blockchain privacy:

• How to make sure that a blockchain guarantees the right to rectification, pursuant to art. 16 GDPR, in the best possible way?
• How to make sure that a blockchain guarantees the right to erasure, pursuant to art. 17 GDPR, in compliance with laws and regulations.
• How to achieve the required blockchain privacy and security by technical and organizational measures?
• Does using a blockchain automatically mean you are a “controller” as defined in art. 4 no. 7 of the GDPR?
• What do developers of smart contracts have to observe in the context of blockchain data protection?
• How do you deal with the fact that data transfers outside the EU cannot be excluded in a public blockchain scenario?

Our services in blockchain privacy

Our attorneys specializing in privacy and blockchain in Germany will be pleased to answer these questions individually for your specific project. We develop a legally watertight data protection concept for your blockchain idea and provide support in all aspects of blockchain privacy protection.