Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Personal data protection in blockchain
Journal of Data Protection & Privacy,
3
(1),
43-47
(2019)
Abstract
This paper analyses the challenges of blockchain technology in terms of General Data Protection Regulation compliance. It focuses on the great promise of transparency in blockchain systems, its tamper-proof nature and the question of ‘Who will be the data controller in blockchain transactions?’ In blockchain systems, data is distributed across all the nodes’ (who created the blocks) computers at different locations. This makes it difficult to amend the data in the blocks as all the nodes’ participation and approval are needed. While this feature provides transparency and resilience, it is a major challenge on exercising the rights of rectification or deletion. Blockchain systems can be created as private and public, and particularly in public blockchain systems, it can be challenging to allocate and determine the liability of the parties and determine the data controller. We look into the challenges in these areas in a nutshell and very briefly mention how blockchain can benefit from the privacy by design concept.
Keywords: blockchain; privacy; compliance; tamper-proof; individual rights
The full article is available to subscribers to the journal.
Author's Biography
Steve Wright is an authority on data privacy and cybersecurity having more than 25 years of experience in the industry. Since then, he has held a management role within the principal information, privacy and data security for John Lewis Partnerships, Unilever, Deloitte, PwC, Siemens and Capita. Most recently, he held the interim position of DPO at the Bank of England, London, UK. As a technology enthusiast, he remains fascinated by the incredible things that can be done with data. Yet he knows only too well the risks to reputation and privacy in a world where social media, cybersecurity, legislation, fraud and regulatory complexities are rife. Currently, Steve gives advice to senior leadership in all things related to the safeguarding of personal data, protecting brand image and, above all, building consumer trust.
Ezgi Pilavci is a privacy lawyer and is currently working at Privacy Culture Ltd. Ezgi completed her master’s degree in computer and communications law at Queen Mary London University, London, UK. She has double masters’ degrees in information technology law having six years of experience as an associate in a global law firm in Istanbul, Turkey. Ezgi has been involved in corporate and commercial matters, especially those focused on technology. She has much experience in drafting and revising different types of commercial contracts: SPAs, NDAs, comprehensive IT services, agreements and negotiations with the third parties. Ezgi advised multinational clients on the data protection compliance process. This includes preparing and delivering presentations on data protection principles, privacy requirements and drafting necessary legal texts: consent, policies and supported privacy impact assessment schemes.
