Blockchain and Data Protection in Germany

Blockchain and Data Protection in Germany

Regulatory guidance on German blockchain privacy

Blockchain technology is considered to be one of the greatest and most promising innovations of recent years. Thanks to its decentralized, unalterable, and transparent nature, it can provide a high degree of security to users. The technology offers countless business opportunities.

But is the European General Data Protection Regulation (GDPR) already thwarting the rapid development of blockchain technology even before it can reach its full potential?

Security and Privacy on Blockchain | Law Firm

Decentralized blockchain vs. centralized data protection

For some time, experts have debated whether and how, if at all, blockchain technology may be used in Europe in compliance with data protection regulations. Because: As GDPR pursues a centralized data processing concept, it seems to be in contradiction with the decentralized nature of blockchain technology.

In this context, blockchain and data privacy should not be understood as a contradiction. The apparent obstacles with data privacy in blockchain can not only be solved, blockchain can even help to implement data protection in practice.

Blockchains use personal data

Various data qualify as personal data within the meaning of the GDPR. Typically, the data stored on blockchains also include personal data. These data are at the heart of the protection provided by the GDPR.

Article 4 no. 1 of the GDPR defines personal data as any information relating to an identified or identifiable natural person. A identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as

  • a name,
  • an identification number,
  • location data,
  • an online identifier

or to one or more factors specific to the

  • physical,
  • physiological,
  • genetic,
  • mental,
  • economic,
  • cultural, or
  • social

identity of that natural person.

A blockchain does not store data falling within the scope of this definition. But it keeps a record of a hash which is visible to all users. This hash marks a transaction and refers to the associated data record.

While it is contentious whether a single hash falls within the definition of “personal data”, several connected hashes can undoubtedly be used to make a natural person identifiable. As a result, blockchain technology falls into the GDPR's scope of application.

Right to erasure and the blockchain

Application of the GDPR to blockchain technology gives rise to a number of additional legal issues, which developers will have to deal with in the future. The following questions may arise with regard to blockchain privacy:

  • How to make sure that a blockchain guarantees the right to rectification, pursuant to art. 16 GDPR, in the best possible way?
  • How to make sure that a blockchain guarantees the right to erasure, pursuant to art. 17 GDPR, in compliance with laws and regulations.
  • How to achieve the required blockchain privacy and security by technical and organizational measures?
  • Does using a blockchain automatically mean you are a “controller” as defined in art. 4 no. 7 of the GDPR?
  • What do developers of smart contracts have to observe in the context of blockchain data protection?
  • How do you deal with the fact that data transfers outside the EU cannot be excluded in a public blockchain scenario?

Our services in blockchain privacy

Our attorneys specializing in privacy and blockchain in Germany will be pleased to answer these questions individually for your specific project. We develop a legally watertight data protection concept for your blockchain idea and provide support in all aspects of blockchain privacy protection.

Your attorney for data protection on blockchains

Our attorneys for questions relating to blockchain and data privacy are happy to help. The easiest way to reach us is via e-mail (info@winheller.com) or phone (+49 69 76 75 77 80). Please do not hesitate to contact us with your questions.

Do you need support?

Do you have questions about our services or would you like to arrange a personal consultation? We look forward to hearing from you! Please fill in the following information.

Or give us a call: +49 69 76 75 77 80
 

Contact

Contact
captcha