Blockchain and Data Protection in Germany

For some time, experts have debated whether and how, if at all, blockchain technology may be used in Europe in compliance with data protection regulations. Because: As GDPR pursues a centralized data processing concept, it seems to be in contradiction with the decentralized nature of blockchain technology.

In this context, blockchain and data privacy should not be understood as a contradiction. The apparent obstacles with data privacy in blockchain can not only be solved, blockchain can even help to implement data protection in practice.

Various data qualify as personal data within the meaning of the GDPR. Typically, the data stored on blockchains also include personal data. These data are at the heart of the protection provided by the GDPR.

Article 4 no. 1 of the GDPR defines personal data as any information relating to an identified or identifiable natural person. A identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as

• a name,
• an identification number,
• location data,
• an online identifier

or to one or more factors specific to the

• physical,
• physiological,
• genetic,
• mental,
• economic,
• cultural, or
• social

identity of that natural person.

A blockchain does not store data falling within the scope of this definition. But it keeps a record of a hash which is visible to all users. This hash marks a transaction and refers to the associated data record.

While it is contentious whether a single hash falls within the definition of “personal data”, several connected hashes can undoubtedly be used to make a natural person identifiable. As a result, blockchain technology falls into the GDPR's scope of application.

Application of the GDPR to blockchain technology gives rise to a number of additional legal issues, which developers will have to deal with in the future. The following questions may arise with regard to blockchain privacy: