Blockchain and individuals’ control over their personal data

Fountain of Freedom outside the Woodrow Wilson School of Public and International Affairs at Princeton University.

Image © Khürt Williams

Blockchain and individuals’ control over personal data in European data protection law by Roberta Filippone

Blockchain challenges the European data protection law at its very foundations. Blockchain is a peer-to-peer technology with a distributed community and fragmented actions, while the GDPR’s obligations are conceived for centralized architectures where there is a clear distribution of roles and activities. In particular, under the GDPR’s approach, data controllers and data processors are those actors who have to comply with this legislative framework, bearing responsibilities in case they do not. However, blockchain is a technology whose core aspect is the absence of a middleman, namely a controller. Peer-to-peer design challenges the application of traditional legal regulation and questions who must comply with the GDPR and, thus, who has to be held liable for the processing and protection of personal data through the implementation of adequate technical and organizational measures as the principle of accountability calls for (Art. 5(2), GDPR).102

This study by Roberta Filippone analyses blockchain technology through the lens of the individuals’ control over their personal data, to assess whether blockchain can empower the individuals’ control in compliance with European data protection law.

Read Full Post

Does GDPR apply to EU citizens in the United States?

Does GDPR apply to EU citizens in the United States by GDPR News

If they deal with a business or organization in one of the non-EU countries they may be in, any personal data they provide is not covered by the GDPR rules, as they are not located within the EU at the time. It is not the citizenship of the person that is important, but where they are situated.

Looking at another example helps to further illustrate who the GDPR applies to. A US citizen is temporarily residing or travelling in France, which is an EU country. They make a purchase from a local store and provide personal information during the transaction. This personal information is covered by GDPR as the person is located within the EU as the purchase takes place.

From these examples you can see that the personal data of an EU citizen residing in the US, for example, would be dealt with according to individual data protection laws within the US and would not be subject to GDPR compliance, whereas the personal data of a US citizen residing in the EU would be subject to GDPR regulations.

Short answer. It depends but ordinarily ... NO! IANAL but the information in this Compliance Junction article seems legit. Two staff members from Pivoti covered PCI DSS and GDPR at last nights ( and at times contentious) GDPR and Privacy Event of the New Jersey Chapter of the ISC2. So ... hey Europeans. If you…

Read Full Post