Much has been written about blockchain and its legal regime, and much more remains to be written. Every day we have novelties that have an impact on it and/or on crypto currencies, such as, for example, the recent SC ruling declaring that Bitcoin is not money, but “an intangible heritage asset, in the form of a unit of account defined by means of computer and cryptographic technology (...)”, “but we are still a long way from having a general and adequate legal framework to regulate this technology.”

Lawyers specializing in digital law are particularly concerned with the analysis from a specific angle and on which doubts arise to clients involved in this type of project, such as data protection. There seems to be a certain incompatibility between blockchain and the General Data Protection Regulation (RGPD), as it is a decentralized technology that allows data to be stored and processed without necessarily clearly identifying the parties involved in such operations.

Of the questions that arise, due to the brevity of this analysis, we will focus on the difficulties relating to the identification of the agents in a blockchain network for the purposes of the RGPD, namely, who is responsible for the processing (the one who decides on the object and purpose of the processing and, consequently, the one who incurs, if any, possible responsibilities); who is in charge of the processing (the one who processes data for the execution of a contract, who may also have responsibilities), and even situations of co-responsibility. Another relevant aspect refers to the difficulties posed by the DLT when it comes to being able to comply with the exercise of the rights of data subjects, holders of the data, whom the RGPD empowers to access, rectify, delete, limit processing, request portability and oppose the processing of their data.

Lastly, smart contracts can also, per se, pose certain challenges, particularly rigarding the right not to be the subject of automated decisions. The recently published article "Blockchain and the GDPR", by the European Union Blockchain Observatory & Forum, is particularly interesting in this debate, especially because of the way in which it breaks down the different scenarios into public and private networks (in the latter, the challenges posed are minor), the alternatives it offers to the introduction of personal data into the system (anonymisation techniques, encryption, aggregation, reversible encryption and obfuscation of personal data) and other aspects, such as, for example, the advisability of consulting the regulator to ensure compliance with the default data protection principle and design.

Undoubtedly, the best of the conclusions reached is the one that refers to the need to advance with technology despite the legal challenges posed. The report ends by suggesting that the problems analysed should not dissuade developers and entrepreneurs from continuing to innovate, that they should act transparently with respect to their users and work in collaboration with the regulator to obtain their input in relation to the solutions they are developing.

You could read the complete article on this link or download it on this link.