Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Blockchain and the GDPR: Coexisting in contradiction?
Journal of Data Protection & Privacy,
3
(3),
310-322
(2020)
Abstract
The recent adoption of the General Data Protection Regulation (GDPR) has fundamentally altered the legal landscape in the European Union and beyond with respect to data protection. Organisations that process personal data must ensure their data-processing practices are compliant with the requirements of the GDPR, irrespective of the technology used. The use of new technologies to process personal data can lead to additional complexities from a compliance perspective, particularly where the technology has intrinsic features that appear to be at odds with certain fundamental requirements of data protection law. This is an issue that applies to the use of blockchain technology as key features of the technology do not, at first glance, appear to be consistent with the requirements of the GDPR. While it is accurate to state that the GDPR has created some challenges regarding the adoption of blockchain technology to process personal data, these challenges are not necessarily insurmountable. This paper discusses the most pertinent challenges to the adoption of blockchain technology from a data protection compliance perspective.
Keywords: General Data Protection Regulation (GDPR); blockchain; cryptocurrency; Bitcoin; data protection; Data Protection Act; privacy; data privacy; cybersecurity; EU law; EU Data Protection Law; UK Data Protection Law; data protection law; right to be forgotten
The full article is available to subscribers to the journal.
Author's Biography
John Timmons advises on all aspects of UK and EU privacy, data protection and cybersecurity law. John has extensive experience advising a wide range of clients in the European Union, the United States and Asia on general data protection compliance and providing specific advice on international data transfer solutions, compliance with local privacy and cybersecurity laws, information governance, e-privacy and direct marketing issues and online behavioural/targeted advertising strategies. John also has experience advising clients on data protection-related litigation under the General Data Protection Regulation (GDPR) and national implementing legislation and has advised clients on the data protection implications of deploying blockchain technology. John has a detailed knowledge of European data protection law and associated privacy and cybersecurity legislation. John has written extensively on this subject and has recently coauthored a publication detailing UK cybersecurity law.
Tim Hickman advises on all aspects of UK and EU privacy and data protection law, from general compliance issues (such as implementing privacy policies and consent forms) to more specialised issues (such as managing data breaches, structuring cross-border data transfers and complying with the ‘right to be forgotten’). Tim has a detailed knowledge of the EU’s General Data Protection Regulation (GDPR) and has coauthored White & Case’s Handbook on that legislation (http://www.whitecase.com/eu-gdprhandbook). Clients appreciate Tim’s ability to find pragmatic and commercial solutions to complex (and frequently multijurisdictional) data protection compliance questions. Tim has significant experience in working with a wide range of clients in the European Union, Asia and the United States. He has spent time on secondment at Google, advising on cutting-edge privacy and data protection issues. He has also spoken at several events at Harvard Law School, and he delivered the closing address at the Harvard European Law Conference 2019.
