Everyday centralized online platforms like Airbnb or Facebook amass a large quantity of data for commercial exploitation. People do not have control over their data, and this has a negative impact on data protection. Due to its technical characteristics, blockchain technology might enhance users’ data protection. On the other hand, it was argued that blockchain and GDPR are incompatible. Indeed, decentralisation of blockchain technology and availability of personal data over the entire network might represent a threat for the Accountability and the Data Protection by Design Principles. Even if data is encrypted, it cannot be considered anonymous but rather pseudo-anonymous, so that data stored on the blockchain fall within the GDPR. Further questions arise about compliance of blockchain with the GDPR, e.g. the impossibility to establish who the data controller or the data processor are, or to exercise some important rights, such as the right to cancellation, to access or to amendment. The present work concerns the open debate on how blockchain technology can affect users’ personal data, both in a positive and negative way. It is highlighted that the tension might be mitigated through the adoption of permissioned and private blockchain instead of permissionless and public ones. Blockchain technology is attracting huge investments and the attention of European institutions. For this reason, blockchain applications should be privacy-friendly. This might be achieved both with technical and legal contributions.
Chantal Bomprezzi, Alberto Gambino (2019). Blockchain e protezione dei dati personali. IL DIRITTO DELL'INFORMAZIONE E DELL'INFORMATICA, 3, 619-646.
Blockchain e protezione dei dati personali
Chantal Bomprezzi;Alberto Gambino
2019
Abstract
Everyday centralized online platforms like Airbnb or Facebook amass a large quantity of data for commercial exploitation. People do not have control over their data, and this has a negative impact on data protection. Due to its technical characteristics, blockchain technology might enhance users’ data protection. On the other hand, it was argued that blockchain and GDPR are incompatible. Indeed, decentralisation of blockchain technology and availability of personal data over the entire network might represent a threat for the Accountability and the Data Protection by Design Principles. Even if data is encrypted, it cannot be considered anonymous but rather pseudo-anonymous, so that data stored on the blockchain fall within the GDPR. Further questions arise about compliance of blockchain with the GDPR, e.g. the impossibility to establish who the data controller or the data processor are, or to exercise some important rights, such as the right to cancellation, to access or to amendment. The present work concerns the open debate on how blockchain technology can affect users’ personal data, both in a positive and negative way. It is highlighted that the tension might be mitigated through the adoption of permissioned and private blockchain instead of permissionless and public ones. Blockchain technology is attracting huge investments and the attention of European institutions. For this reason, blockchain applications should be privacy-friendly. This might be achieved both with technical and legal contributions.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.