Alexandra Giannopoulou, ‘Putting Data Protection by Design on the Blockchain’

The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures – necessary in a blockchain-based system – approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced.

Giannopoulou, Alexandra, Putting Data Protection by Design on the Blockchain (October 14, 2021). European Data Protection Law Review, volume 7 (2021), issue 3, pages 388-399.

First posted 2021-12-17 13:00:41

Leave a Reply