Author

Topic: General Data Protection Regulation: What does this mean for BTC, ETH &Co? (Read 124 times)

member
Activity: 210
Merit: 12
The time has come: the General Data Protection Regulation (GDPR) comes into force. The problems caused by the new data protection law with public blockchains are highly problematic and many are unclear. The right to be forgotten collides with the ability not to forget. The principle of central responsibility stumbles over decentralisation. How can this be reconciled with the blockchain and crypto currencies? Does the GDPR even apply to block chains?
When initial questions were asked about the compatibility of Bitcoin and the GDPR, some argued that the blockchain was anonymous. As everyone now knows, the blockchains at Ethereum and Bitcoin are not anonymous, but pseudonymous. Thus, the GDPR may be applicable.
Moreover, the scope of application of the GDPR is extremely wide.

Firstly, due to digital networking and the attractive European Economic Area, it is de facto applicable worldwide in territorial terms, namely according to Art. 3 GDPR in simplified terms whenever data are processed by EU citizens or when data processing takes place within the EU.
In addition, data processing is an inherent part of the functioning of a block chain, which brings it more into the focus of the GDPR.
The blockchain stores all transactions ever made. With this transaction data, it contains information about the credits and cash flows assigned to the individual bitcoin addresses. With the appropriate additional knowledge, this makes it easier and easier to relate to the people behind the scenes. The stored hashes are used for user identification. Thus they are person-related for those persons who have or can acquire the necessary knowledge to assign this information (with relative means) to a certain person - for example, if a trading exchange, a marketplace or an online shop is involved. This makes the GDPR applicable to public blockchains.

Against whom can the associated obligations be enforced at all? Who is responsible for any breaches of the GDPR? According to Art. 4 No. 7 GDPR, the person responsible is the person who alone or together with others decides on the purposes and means of processing personal data. So it's about the real power to control the Blockchain.
The example of Satoshi Nakamoto shows that it cannot be the person who programmed and started the blockchain: After the start, he gave up control completely.
The miners cannot be seen as responsible either. Their influence is limited only to the calculation of new blocks. They have neither influence on the content nor any real decision-making power. They only provide the computing power.
However, this is different with full nodes: Whoever carries out a transaction and thereby distributes information or enters it into his copy of the block chain, processes data, participates in the network and pursues his own economic purposes - and is responsible according to the GDPR.

The applicability of the GDPR to block chains did not seem to have been considered in its elaboration. This poses considerable practical problems with today's entry into force. Stock exchanges and marketplaces that allow trading in bitcoin and other crypto currencies are exposed to considerable liability risks. Uncertainty also exists for all private nodes, as far as they are to be regarded as responsible. It remains to be seen how the supervisory authorities and courts will decide on public blockchains. In addition, it will become clear to what extent the persons concerned will find those responsible to assert their rights due to the decentralised and open design of the Blockchain.


How are you feeling about such determinations? Will it change something for you or with you and your actions with regard to the Blockchain, Cryptocurrency?
I'm currently relating on a sports and fitness application project and ecosystem powered by user-generated and user-controlled fitness and wellness data. The use of data is a very sensitive issue, especially in this respect. In this case Lympo is working perfectly in syncronation with the European Union’s General Data Protection Regulation and they will follow all laws accordingly.
"When data of such value is shared with the rightful parties it would be very valuable in offering extremely effective and tailor-made services and products. Lympo comes into the picture with a two-fold approach of having the digital wallet that rewards customers for sharing the data that they own, and having a marketplace where these rewards, which are offered in terms of LYM tokens, can be used to purchase products and services from the health and wellness market. [...] However, companies accessing the data of Lympo users who want to sell it on this platform, would have nothing to worry about when it comes to GDPR because of one major reason. Lympo users will be able to register permissions for the data access on blockchain thus producing an immutable ledger with their consent. By giving users the access to their own data and allowing them to share it with data processors, Lympo offers a powerful service for data driven companies which will not have to develop their own system including user’s consent for their data usage."

Tell me your thoughts about it! Smiley


Works, Quotes, Research and development comes from this Article.
Lympo's Article/statement for GDPR
Jump to: