Blockchain and data protection: A report issued by the Law Society and Tech London Advocates & Global Tech Advocates highlights the extent of unknowns in a series of questions posed for the UK Information Commissioner’s Office.

  • What does “all means reasonably likely to be used” mean under Recital 26 of the General Data Protection Regulation (GDPR)?
  • Does this require an objective or subjective approach?
  • Does the use of a blockchain automatically trigger an obligation to carry out a data protection impact assessment?
  • Does the continued processing of data on blockchains satisfy the compelling legitimate ground criterion under Article 21 GDPR?
  • How should “erasure” be interpreted for the purposes of Article 17 GDPR?
  • How should Article 18 GDPR regarding the restriction of processing be interpreted?
  • What is the status of anonymity solutions such as ZKP under GDPR?
  • Should the anonymization of data be evaluated from the controller’s perspective, or also from the perspective of other parties?
  • What is the status of the on-chain hash where transactional data is stored off-chain and subsequently erased?
  • Can a data subject be a data controller in relation to personal data that relates to them?
  • How should the principle of data minimization be interpreted?

Read the full text of the report.