Dissertation

Andrés Guadamuz "Copyright and the Blockchain' (2018) Sept/Oct I.N.L 1

Michele Finck, Blockchain, Regulation and Governance in Europe (Cambridge University Press 2018)

Thomas Buocz, “Bitcoin and the GDPR: allocating responsibility in distributed networks” https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3297531

Rob Sumroy, Duncan Mykura and Ian Ranson, “Blockchain and the GDPR: Reconcilable Differences?” https://www.slaughterandmay.com/what-we-do/publications-and-seminars/publications/client-publications-and-articles/b/blockchain-and-the-gdpr-reconcilable-differences/

Tom Cox and Andrew Solomon, “Blockchain: is the GDPR already outdated?”: https://www.kingsleynapley.co.uk/insights/blogs/data-protection-blog/block-chain-is-the-gdpr-out-of-date-already (news article)

Matthias Berberich and Malgorzata Steiner, “Blockchain technology and the GDPR - how to reconcile privacy and distributed ledgers?” – available on heinonline but signing in is temperamental so follow the link in this page to access https://libguides.napier.ac.uk/nubs/law

https://jolt.richmond.edu/blockchain-demystified-a-technical-and-legal-introduction-to-distributed-and-centralised-ledgers/ - cited in Anne Rose’s article. Lengthy but will likely provide good analysis of legal challenges.

https://edpl.lexxion.eu/data/article/12327/pdf/edpl_2018_01-007.pdf - “blockchain and GDRP”. Is cited in Anne Rose’s article in reference to controllers of blockchain systems but will most likely include other topics of discussion in this area. Lengthy but READ

​

Rob Sumroy, Duncan Mykura and Ian Ranson, “Blockchain and the GDPR: Reconcilable Differences?” https://www.slaughterandmay.com/what-we-do/publications-and-seminars/publications/client-publications-and-articles/b/blockchain-and-the-gdpr-reconcilable-differences/

Note that this link is a summed up version of the following full publication:

https://view.pagetiger.com/March-of-the-blocks/1

��+b� �

​

​

Points of Interest for the Introduction

Points will include info that provides social/legal background to the issue. These points may concern either the journey that blockchain/ Bitcoin has been on so far i.e. driving factors, 2008 crash etc, or it may concern the GDPR and what caused the legislation to be implemented. Just take notes as I see relevant from the articles.

Satoshi’s white paper referenced. This will also, most likely, be referenced in my introduction so this is the proper citation – S Nakamoto, ‘Bitcoin: A Peer-to Peer Electronic Cash System’ [2008] https://bitcoin.org/bitcoin.pdf <Accessed 10 October>

Could find a quote from Andreas M. Antonopoulos in one of his books with regard to blockchain.

According to International Data Corporation’s Worldwide Semi-annual Blockchain Spending Guide, worldwide spending on blockchain solutions is predicted to reach $11.7 billion in 2022. Citation – IDC, ‘Worldwide Semi-annual Blockchain Spending Guide’ [2018] https://www.idc.com/tracker/showproductinfo.jsp?prod_id=1842 <Accessed 10 October>

GDPR Citation – Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive)

European Parliament has dictated the importance of GDPR compliance in blockchain system - European Parliament Distributed ledger technologies and blockchains: building trust with disintermediation (3 October 2018) http://www.europarl.europa.eu/doceo/document/TA-8-2018-0373_EN.pdf?redirect <Accessed 10 October>

Possibly look for a use case of each type of system (public/ centralised) to include in the intro.

Note that ‘blockchain’ can have many intended definitions. In Anne Rose’s article she defines it at a ‘fundamental’ level as a “distributed ledger based on cryptographic technology”.

European Parliament, Distributed ledger technologies and blockchains: building trust with disintermediation (3 October 2018) http://www.europarl.europa.eu/doceo/document/TA-8-2018-0373_EN.pdf?redirect – the parliament recommended that before general adoption of blockchain across the EU, trust must first be gained by the masses. This will entail education and proactive awareness of the field through training programmes etc. Note this is similar wording to Rose’s article so may need to change if used.

As another note on the definition of blockchain, Finck in her article “Blockchain and the general data protection regulation: Can distributed ledgers be squared with European data protection law”, defines it as Distributed Ledger Technology (DLT). She footnotes this by saying that there are a number of terms that exist, each with an emphasis on a particular aspect of the technology. She states “ given the lack of definitional consensus, the terms are use synonymously. – will need to include something along the same line as this.

NOTE – that in the same article by Finck, the intro includes discussion on BOTH the GDPR and blockchain so will be relevant when making points in the introduction about the background.

Again, in the same article above, Finck elaborates on the GDPRs effect on DLT. The right to data protection is a fundamental right as set out by Article 8(1) of the Charter of Fundamental Rights. Article 8(2) then goes on, personal data 'must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law’. The Charter furthermore provides that everyone has a right to access personal data relating to them, including a right to have such data rectified (Art 8(2)). Article 16 TFEU moreover states that the Parliament and the Council shall lay down rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities that fall within the scope of Union law (Art 16(2) TFEU). Most of this not my own words.

Further, suggests that the GDPR (replacing 1995 Data Protection Directive) has a dual objective; 1) seeks to promote fundamental rights through a high level of rights protection of natural persons and, 2) it pursues an economic aim in seeking to remove the obstacles to personal data flows between the various Member States (Art 1(1) GDPR and Recital 10 GDPR). The GDPR also emphasizes that whereas data protection enjoys the status of a fundamental right it is not an absolute right but must rather be considered in relation to its function in society and be balanced against other fundamental rights in respect of the proportionality principle (Recital 4 GDPR). Again, not my own words.

The structure of a network of nodes can either be centralised (one single central node), decentralised (a relatively small number of central nodes), or distributed (no central nodes). See Cf. Paul Baran, ‘On distributed communications: I. Introduction to distributed communications networks’ (1964) 1 www.rand.org/content/dam/rand/pubs/research_memoranda/2006/RM3420.pdf this link also provides a useful Figure to illustrate how these different networks look.

Before 25 May 2018, the central legal source for data protection at the European Union (EU) level was Directive 95/46/EC (‘Data Protection Directive – DPD’). Divergent ways of implementing the Directive in the EU Member States resulted in different legal standards and therefore different levels of protection (Recital 9 GDPR). The GDPR, which has now replaced the DPD, aims to create ‘a … more coherent data protection framework in the Union, backed by strong enforcement, given the importance of creating the trust that will allow the digital economy to develop across the internal market’ (Recital 7 GDPR) – found at https://poseidon01.ssrn.com/delivery.php?ID=963020092123086109000085120064025073033078047010022006094075126002103117011026115007006058039044111113028125000095120067006102123082069048092107121073092104088006125073013044098103127102072001127114102112085124104001090026091089121102031024083121109117&EXT=pdf