Since publishing the original version of our guide to blockchain and data protection in September 2017, there has been considerable further commentary from academics, politicians and practitioners, some of which suggested that there is inherent incompatibility of blockchain systems with EU data protection law.
This updated version of our guide puts forward our views on this question, offering a more optimistic view.
In addition, we also address the key data protection issues that will arise in any blockchain project in the EU, including:
- Does the blockchain process personal data?
- Is a hash personal data or anonymised data?
- What about a public key?
- Who is the data controller and the data processor in a blockchain context?
- What is the applicable law?
The answers to these questions may lead to the conclusion that a given blockchain project’s nexus to personal data is so remote that only minimal data governance mechanisms are required.
By contrast, some projects will involve high-risk data processing, requiring a full-blown data protection impact assessment.
Our guide assumes some knowledge about blockchain principles, but little knowledge of EU data protection law. It includes definitions of key blockchain and data protection terms and principles, outlines recent legal developments on the concept of personal data and also reviews the different blockchain systems.
You can view the guide here (registration required).
This post was initially posted on HL Engage. You can register for free on the site for more news and analysis that is tailored to you, as well as access to Hogan Lovells’ cutting-edge interactive Lawtech tools.
You can also keep track of all the Engage content by following our LinkedIn page.