Pääsy PDF-dokumenttiin vaatii sisäänkirjautumisen.
Reconciling the Conflict Between the Immutability of Public and Permissionless Blockchain Technology and the Right to Erasure Under Article 17 of the General Data Protection RegulationJussila, Jani-Pekka
Opinnäytetyöt , Gradut ja muut tutkielmat
This thesis focuses on the issues between blockchain technology and the new European Union General Data Protection Regulation (GDPR). Blockchain technology is a rather new technology which potential has been recognised only in the recent years. Essentially, blockchain is a distributed database in which data is stored on blocks, which form a chronological chain of blocks. Blockchains have many types and possible use cases, but this research focuses on public and permissionless blockchains, which primary objective is to enable individuals to transact with each other without centralised intermediaries.
The GDPR entered into force on 25 May 2018. The GDPR was not drafted taking account of distributed ledger technologies, such as the blockchain technology, which has raised several points of tension between the regulation and the technology. The primary focus of this thesis is on the conflict between the ‘immutability’ of blockchain technology and the right to erasure under Article 17 of the GDPR. One of the main features of blockchains is the immutability, that is to say, data on old blocks is difficult to modify or delete. This feature seems prima facie to conflict with Article 17 of the GDPR that provides data subjects with the right to request erasure of their personal data under certain conditions.
Firstly, this thesis analyses the current state of the conflict. Before analysing the conflict, the research addresses two essential preliminary questions: the question about anonymisation and personal data and the question about allocation of responsibilities on blockchains. After that, different solutions proposed to reconcile the conflict are analysed to understand the current situation. While public and permissionless blockchains currently may infringe Article 17 of the GDPR, there are be potential solutions for the conflict in the future.
The second purpose of this thesis is to identify relevant legal problems and propose how to address the problems in the future. Blockchain developers should consider data protection obligations already in the design phase. From the legal side, this research has provided flexible interpretations for the legal problems that could help to comply with the right to erasure. There is a need for a flexible approach to the problems between the regulation and the technology.