Blockchain and data protection: A report issued by the Law Society and Tech London Advocates & Global Tech Advocates highlights the extent of unknowns in a series of questions posed for the UK Information Commissioner’s Office.
- What does “all means reasonably likely to be used” mean under Recital 26 of the General Data Protection Regulation (GDPR)?
- Does this require an objective or subjective approach?
- Does the use of a blockchain automatically trigger an obligation to carry out a data protection impact assessment?
- Does the continued processing of data on blockchains satisfy the compelling legitimate ground criterion under Article 21 GDPR?
- How should “erasure” be interpreted for the purposes of Article 17 GDPR?
- How should Article 18 GDPR regarding the restriction of processing be interpreted?
- What is the status of anonymity solutions such as ZKP under GDPR?
- Should the anonymization of data be evaluated from the controller’s perspective, or also from the perspective of other parties?
- What is the status of the on-chain hash where transactional data is stored off-chain and subsequently erased?
- Can a data subject be a data controller in relation to personal data that relates to them?
- How should the principle of data minimization be interpreted?