is gdpr a roadblock to blockchain
play

Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain - PowerPoint PPT Presentation

Oct 27, 2023 •371 likes •739 views

Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain Research, Zurich, May 14th Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva

  1. Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain Research, Zurich, May 14th Jörn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva joern@erbguth.ch +41 787256027

  2. Agenda • Article 8 of the Charter of Fundamental Rights and GDPR • The main conflicts of blockchain & GDPR • How to evaluate GDPR compliance • 5 ways that blockchain applications can cope with GDPR Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #2

  3. Charter of Fundamental Rights of the European Union Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #3

  4. What does the GDPR protect? Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #4

  5. GDPR in Relation to Other Fundamental Rights Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #5

  6. GDPR vs. Blockchain GDPR Blockchain Right to … Ri Art. 16: rectification immutable public Art. 17: erasure Art. 18: restriction of processing Is GDPR Is GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #6

  7. GDPR vs. Blockchain GDPR Blockchain Cl Clear responsibilities distributed responsibility controller anonymous participation processor Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #7

  8. General Data Protection Regulation (GDPR) • Processing of personal data is forbidden • Unless there is proper justification • Obligations for controllers and processors • Rights for data subjects • Includes obligation to information security • Fines up to 20 mill. € or 4% of worldwide annual turnover Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #8

  9. How to evaluate GDPR compliance • Does GDPR apply? • Is there processing of personal data? • Is there a justification for the data processing? • Do I comply with the obligations of GDPR? Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #9

  10. Does the GDPR apply? (Art. 2, 3) • Some entity that is considered a controller or a processor is in the EU • Offering goods or services to data subjects in the EU • Monitoring behavior of data subjects in the EU • Not if only for personal use or household activity Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #10

  11. Personal data (Art. 4.1)? Any information relating to an identified or identifiable natural person Pseudonymous data is personal data • Anonymous data is no not personal data • Recital 26: To determine whether a natural person is identifiable, account should be taken of al all the e mean eans reas easonab ably likel ely to be e used ed ... either by the controller or by another person to identify the natural person directly or indirectly. Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #11

  12. Examples of personal data ü IP addresses ü Bitcoin addresses ü “anonymized” movement profile ü “anonymized” browsing history ✗ aggregated movement profiles ✗ aggregated browsing history Attent At ention: on: Look Look at at the he indi ndivi vidual dual case case – do do no not gene neralize Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #12

  13. Encryption Deletion of the encryption key = deletion of the content? Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #13

  14. Use of Hash Values Pu Public Pr Private Encrypted Data Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #14

  15. Use of Hash Values Pu Public Pr Private Data Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #15

  16. Cryptographic hash functions • Serve as digital fingerprints • Virtually unique • Fixed length (e.g. 32 bytes) • For digital objects of any size Demo 2 Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #16

  17. GDPR-compliant use of hash values Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #17

  18. Non-GDPR-compliant use of hash values has diploma Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #18

  19. Adding Salt and Pepper to Hashes • Ensuring enough en entropy py • Making guessing practically impossible • Can prevent rainbow table attacks • Can prevent parallel attacks Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #19

  20. How to Hash Data Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #20

  21. How to Hash Data Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #21

  22. How to Hash Data Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #22

  23. How to Hash Data Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #23

  24. Test: Can you derive Personal Information? Is it possible to derive data from the blockchain even when all information outside the blockchain is deleted? What if • somebody knows one transaction, can she see further transactions of the same person? • somebody knows part of a transaction, can she see further details? • somebody knows personal details of a person, can she discover information about that person’s activity? Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #24

  25. Zero-Knowledge Proof Proof of knowing something without revealing it Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #25

  26. Zero-Knowledge Proof – Zcash Limiting the purpose of using personal data by technical means • Only the correctness of the transaction can be proven • Privacy by design • Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #26

  27. Advantages • Protection also against insiders (e.g. admins) • Access rights cannot be modified retroactively • Protection against intruders that breach the firewall • Data is protected against manipulation Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #27

  28. Lawfulness of processing (Art. 6) Consent (Art. 6.1 a) • Performance of a contract (Art. 6.1 b) • Compliance with a legal obligation (Art. 6.1 c) • Legitimate interest (Art. 6.1 f) • Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #28

  29. Controllers, Processors, Data Subjects Determines the purposes and Controller means of processing Processes data Processor on behalf of the controller Data-Subjects Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #29

  30. Who is “Controller” and who is “Processor”? Node operators? • Miner who mines a specific block? • All miners together? • User who signs a transaction with her private key? • Exchange or wallet service that signs a transaction on behalf • of a user? Entity that administrates permissions for a permissioned • blockchain? Is Is GDPR GDPR a Ro Roadblock to to Bl Blockchain? 1. Swiss Symposium Blockchain Research, May 14 th , 2019 Jörn Erbguth, joern@erbguth.ch #30

Recommend

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak Blockchain, Sustainable Development and Privacy 26-27 November 2019 Berlin, Germany The problem with GDPR and blockchains : Bitcoin & Privacy

395 views • 7 slides
Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth,

Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth,

Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva joern@erbguth.ch +41

634 views • 42 slides
Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf.,

Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf.,

Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Blockchain & GDPR joern@erbguth.ch +41 787256027 Imagine the GDPR paradise In Introduction November 26th, 2019

895 views • 26 slides
A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius /

A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius /

A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius / @silvanjongerius / @techgdpr / silvan@techgdpr.com Key problems of Blockchain under GDPR 1. The definition of personal data is unclear 2. The GDPR

246 views • 13 slides
Blockchain and GDPR Blockstack Decentralizing the World Tour, December 18, 2018, Prague Jrn

Blockchain and GDPR Blockstack Decentralizing the World Tour, December 18, 2018, Prague Jrn

Blockchain and GDPR Blockstack Decentralizing the World Tour, December 18, 2018, Prague Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection joern@erbguth.ch +41 787256027 GDPR vs.

964 views • 42 slides
1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain?

1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain?

1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain? Philipp Quiel 2 Agenda General scope of the legal basis in Art. 6 (1) b GDPR Possibilities of concluding contracts in blockchain systems

553 views • 19 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

MAKE BLOCKCHAIN WORK FOR YOU bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2 Consensus 1 Encryption P2P Networks Time Stamp Challenges addressed by blockchain Regulatory and compliance pressures

669 views • 14 slides
Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain blockchain blockchain blockchain Blockchain blockchain blockchain Blockchain Blockchain (blockchain) Blockchain blockchain, blockchain

470 views • 12 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

834 views • 27 slides
Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

State of Blockchain at LF Christopher Ferris, CTO Open Technology, IBM Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es to securely interact with the same universal

567 views • 31 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who thinks blockchain is the future of banking? Who can explain what blockchain is? Blockchain in Banking 2 Blockchain Key Elements Smart Ledger

517 views • 20 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center

Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center

Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center E-Mail: veronika.kuett@fs-blockchain.de Internet: www.fs-blockchain.de About FSBC Our Portfolio Research 1 Foster understanding of blockchain

688 views • 24 slides
Welcome to the Government Blockchain Association (GBA) Meet Up May 15 th , 2017 Blockchain

Welcome to the Government Blockchain Association (GBA) Meet Up May 15 th , 2017 Blockchain

Welcome to the Government Blockchain Association (GBA) Meet Up May 15 th , 2017 Blockchain for Homeland Security, Defense and Law Enforcement Agenda Brief Review What is blockchain and why is it important? What are the defining

795 views • 31 slides
GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont be scared 60% of people welcome the rights under GDPR 48% of UK adults plan to activate their rights 56% welcome the right to object to marketing

1.32k views • 37 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides

More recommend