Insights and Analysis

A guide to blockchain and data protection

Image
Image

Is blockchain incompatible with data protection laws? Our updated guide addresses key data protection questions arising in blockchain projects, such as whether blockchain processes personal data or who is the data controller and the data processor in a blockchain context

Since publishing our original guide to blockchain and data protection in September 2017 there has been a great deal of further commentary, some of which suggests that there is an inherent incompatibility between blockchain and data protection law.

In our new data protection compatibility section we will put forward our view on those comments.

No one-size-fits all solution

A good place to start is to look at lessons learnt in the development of cloud computing and how these apply to blockchain projects.

In particular, as in cloud computing, there is no one-size-fits-all solution for blockchain, given the huge diversity of architectures and use cases.

The major difference between blockchain and most cloud computing environments is that blockchain systems do not rely on a single provider of storage or computing resources –each user of the blockchain uses his or her computing resources, on a peer-to-peer basis.

Moreover, each user has a complete copy of the distributed ledger on his or her own computer.

Consequently, the user of a blockchain system may at the same time be data controller for the data that he or she uploads onto the blockchain, and data processor by virtue of storing the full copy of the blockchain on his or her own computer.

What's covered

Our guide assumes some level of knowledge about blockchain principles but little knowledge of data protection.

We address the key data protection questions that will arise in any blockchain project, including:

  • Does the blockchain process personal data?
  • Is a hash personal data or anonymised data?
  • What about a public key?
  • Who is the data controller and the data processor in a blockchain context?
  • What is the applicable law?

The answers to these questions may lead to the conclusion that a given blockchain project’s nexus to personal data is so remote that only minimal data governance mechanisms are required.

By contrast, some projects will involve high-risk data processing, requiring a full-blown data protection impact assessment.

You can view and/or download the guide using the button below here.

button

Next steps

If you want to take advantage of blockchain's huge potential and disruptive impact, while avoiding falling foul of ever-developing regulatory and legal requirements, visit our Hogan Lovells Engage Blockchain Toolkit.

Please get in touch if you have any questions about this guide or to find out how we can help you with your blockchain project.

 

Authored by John Salmon and Winston Maxwell

Search

Register now to receive personalized content and more!