Personal data and the blockchain – how will the GDPR influence blockchain applications and vice...

Post on 21-Jan-2018

1.746 views 0 download

Transcript of Personal data and the blockchain – how will the GDPR influence blockchain applications and vice...

Trust in DataTrust in Data

How Will The GDPR Influence Blockchain Applications And Vice Versa?

Trust in Data

1. GDPR 2. Blockchain & GDPR 3. Solutions for BigchainDB & IPDB.Foundation4. blockchain Privacy Impact Assessement (bPIA) 5. Discussion

Trust in Data

Trust in Data

Trust in Data

History of Data Protection in the EU• Data Protection Directive 95/46/EC + Domestic data

protection laws in each member state• e-Privacy Directive 2002/58/EC for electronic

communications• EU-US Privacy Shield 2016• DSM – Digital Single Market Strategy 2017

Trust in Data

3 Reasons to care about GDPR

• As of 25 May 2018 it is not just about fines but also about reputation

• It is the toughest piece of privacy regulation world wide

• It will change the way you do business, your current processes might become illegal

Trust in Data

Abbreviations/ Key Actors• CIPL – Centre for Information policy leadership• Art. 29 WP – Article 29 Working Party• DPA – Data protection authority • EDPS – European data protection supervisor• DPO – Data protection officer • PII – Personally identifiable information

Trust in Data

Key Changes with GDPR• Establishment of a harmonised European data

protection law regime for PII• Right to be Forgotten (Art. 17)• Consent (Art. 6) • Data Minimisation (Art. 5)• Data protection by Design (Art. 25)• 72 hour data breach notification

Trust in Data

Trust in Data

Trust in Data

It is essential that data protection experts begin to examine the concepts behind blockchain technology and how it is implemented in order to better understand how data protection principles can be applied to it. An integral part of this process should be the development of a privacy-friendly blockchain technology, based on the principles of privacy by design. – EDPS annual report

Trust in Data

Key Concerns• Data Controller vs. Data Subject vs. Data Processor• Accountability for dApps• Right to be Forgotten• Public vs. Private setups • Automated processing • Purpose limitation

Trust in Data

Key Benefits• Move away from data silos• Auditability for accountability for Data exchange

platforms for Value Transfer• Moving to decentralized point-service providers • Lets get crazy: instead of Central Bank a Decentral

World Bank with governance structures to manage KYC

Trust in Data

Janrain CIAM

Trust in Data

Possible ArchitectureBigchainDBFederation

Database Cluster



Trust in Data

Possible ArchitectureBigchainDBFederation

Database Cluster



Access Control Token

Keep Identity

Trust in Data

A Decentralized Cloud Stack is the Future




Trust in Data

bPIA – Strategies and Tactics• Ask the right questions and prepare yourself!• At the right stage hire a lawyer for your contracts!

Trust in Data

I'd like all blockchain designers to be conscious and cognizant of human rights, data protection and

privacy as well as the need to consider how technology generally can protect the privacy of the individual without impeding technological progress.

Trust in Data

I am also concerned that blockchain is a surveillance machine and will result in less privacy, not more. I hope regulators continue to do their job and don’t bow to a

technologically determined future.