Bitcoin and the GDPR: Allocating responsibility in distributed networks

【Author】 Buocz, Thomas; Ehrke-Rabel, Tina; Hoedl, Elisabeth; Eisenberger, Iris

【Source】COMPUTER LAW & SECURITY REVIEW

【影响因子】2.707

【Abstract】This article uses the example of the cryptocurrency Bitcoin and the General Data Protection Regulation (GDPR) to show how distributed networks challenge existing legal mechanisms of allocating responsibility. The Bitcoin network stores personal data by automated means. Furthermore, full nodes qualify as establishments and the network offers a service to citizens in the EU. The data processing within the Bitcoin network therefore falls into the material and territorial scope of the GDPR. To protect data subjects, the GDPR allocates responsibility to the controller, who determines the 'how' and the 'why' of the data processing. However, the distributed structure of the Bitcoin network blurs the lines between actors who are responsible and actors who are worth protecting. Neither the Bitcoin users running lightweight nodes or full nodes nor the miners determine the 'how' and the 'why' of the data processing. They carry out their network activities according to the Bitcoin protocol, which can only be adopted and enforced by a collective of full nodes and miners. Members of this collective are joint controllers under Article 26 GDPR, which obliges them to clearly and transparently determine their respective responsibilities for compliance with the GDPR. However, this mechanism fails because of the very structure it aims to eliminate. Therefore, a solution to allocating responsibility for data protection in distributed networks lies outside the GDPR. (C) 2019 Thomas Buocz, Tina Ehrke-Rabel, Elisabeth Hodl, Iris Eisenberger. Published by Elsevier Ltd. All rights reserved.

【Keywords】Bitcoin; Blockchain; Distributed networks; General Data Protection Regulation; Legal responsibility; Data protection; Personal data

【发表时间】2019 APR

【收录时间】2022-01-02

【文献类型】

【主题类别】

--