【Author】
Tatar, Unal; Gokce, Yasir; Nussbaum, Brian
【Source】COMPUTER LAW & SECURITY REVIEW
【Abstract】Inconsistency between the way in which the law is structured, and the way in which technologies actually operate is always an interesting and useful topic to explore. When a law conflicts with a business model, the solution will often be changing the business model. However, when the law comes into conflict with the architecture of hardware and software, it is less clear how the problem will be managed. In this paper, we analyze the contradiction of blockchain technology and the requirements of GDPR. The three contradictions we examine are (i) right to be forgotten versus irreversibility/immutability of records, (ii) data protection by design versus tamper-proofness and transparency of blockchain, and (iii) data controller versus decentralized nodes. We highlight that the conflicts can be handled through focusing on commonalities of GDPR and the blockchain, developing new approaches and interpretations, and tailoring the blockchain technology according to the needs of data protection law. (C) 2020 Unal Tatar, Yasir Gokce, Brian Nussbaum. Published by Elsevier Ltd. All rights reserved.
【Keywords】General data protection regulation; GPDR; Blockchain; Privacy; Personal information; Privacy by design; Privacy by default; Right to be forgotten; Data controller
【标题】法律与技术:区块链、GDPR 和艰难的权衡
【摘要】法律的结构方式与技术实际运作的方式之间的不一致始终是一个值得探索的有趣且有用的话题。当法律与商业模式发生冲突时,解决方案通常是改变商业模式。然而,当法律与硬件和软件的架构发生冲突时,如何处理问题就不太清楚了。在本文中,我们分析了区块链技术与 GDPR 要求的矛盾。我们研究的三个矛盾是(i)被遗忘权与记录的不可逆/不变性,(ii)设计数据保护与区块链的防篡改和透明度,以及(iii)数据控制器与分散节点。我们强调,可以通过关注 GDPR 和区块链的共同点、开发新的方法和解释以及根据数据保护法的需要定制区块链技术来处理冲突。 (C) 2020 Unal Tatar、Yasir Gokce、Brian Nussbaum。由 Elsevier Ltd. 出版。保留所有权利。
【关键词】一般数据保护条例;全球通用数据报告;区块链;隐私;个人信息;设计隐私;默认隐私;被遗忘的权利;数据控制器
评论