personal data and the blockchain – how will the gdpr influence blockchain applications and vice...
TRANSCRIPT
Trust in DataTrust in Data
How Will The GDPR Influence Blockchain Applications And Vice Versa?
Trust in Data
1. GDPR 2. Blockchain & GDPR 3. Solutions for BigchainDB & IPDB.Foundation4. blockchain Privacy Impact Assessement (bPIA) 5. Discussion
Trust in Data
Trust in Data
Trust in Data
History of Data Protection in the EU• Data Protection Directive 95/46/EC + Domestic data
protection laws in each member state• e-Privacy Directive 2002/58/EC for electronic
communications• EU-US Privacy Shield 2016• DSM – Digital Single Market Strategy 2017
Trust in Data
3 Reasons to care about GDPR
• As of 25 May 2018 it is not just about fines but also about reputation
• It is the toughest piece of privacy regulation world wide
• It will change the way you do business, your current processes might become illegal
Trust in Data
Abbreviations/ Key Actors• CIPL – Centre for Information policy leadership• Art. 29 WP – Article 29 Working Party• DPA – Data protection authority • EDPS – European data protection supervisor• DPO – Data protection officer • PII – Personally identifiable information
Trust in Data
Key Changes with GDPR• Establishment of a harmonised European data
protection law regime for PII• Right to be Forgotten (Art. 17)• Consent (Art. 6) • Data Minimisation (Art. 5)• Data protection by Design (Art. 25)• 72 hour data breach notification
Trust in Data
Trust in Data
Trust in Data
It is essential that data protection experts begin to examine the concepts behind blockchain technology and how it is implemented in order to better understand how data protection principles can be applied to it. An integral part of this process should be the development of a privacy-friendly blockchain technology, based on the principles of privacy by design. – EDPS annual report
“
Trust in Data
Key Concerns• Data Controller vs. Data Subject vs. Data Processor• Accountability for dApps• Right to be Forgotten• Public vs. Private setups • Automated processing • Purpose limitation
Trust in Data
Key Benefits• Move away from data silos• Auditability for accountability for Data exchange
platforms for Value Transfer• Moving to decentralized point-service providers • Lets get crazy: instead of Central Bank a Decentral
World Bank with governance structures to manage KYC
Trust in Data
Janrain CIAM
Trust in Data
Possible ArchitectureBigchainDBFederation
Database Cluster
ALICE
BOB
Trust in Data
Possible ArchitectureBigchainDBFederation
Database Cluster
ALICE
BOB
Access Control Token
Keep Identity
Trust in Data
A Decentralized Cloud Stack is the Future
CentralizedFully
DecentralizedDecentralized
Partly
Trust in Data
bPIA – Strategies and Tactics• Ask the right questions and prepare yourself!• At the right stage hire a lawyer for your contracts!
Trust in Data
I'd like all blockchain designers to be conscious and cognizant of human rights, data protection and
privacy as well as the need to consider how technology generally can protect the privacy of the individual without impeding technological progress.
“
Trust in Data
I am also concerned that blockchain is a surveillance machine and will result in less privacy, not more. I hope regulators continue to do their job and don’t bow to a
technologically determined future.
“