AUTHOR=Riva Gianluigi Maria TITLE=What Happens in Blockchain Stays in Blockchain. A Legal Solution to Conflicts Between Digital Ledgers and Privacy Rights JOURNAL=Frontiers in Blockchain VOLUME=3 YEAR=2020 URL=https://www.frontiersin.org/journals/blockchain/articles/10.3389/fbloc.2020.00036 DOI=10.3389/fbloc.2020.00036 ISSN=2624-7852 ABSTRACT=

Blockchain is a disruptive technology presented in 2008 that allows both scarcity and timestamps to be introduced to the digital world. Whereas many technological applications may benefit from this architecture, it involves direct conflict with both Privacy rights and Data Protection rules, as introduced by the General Data Protection Regulation (GDPR). This study first provides an overview of what blockchain is, how it works, and how it can affect privacy. It describes how this technology functions, thanks to binary ledgers distributed amongst the system nodes, and what role they play in validating the succession of blocks. The work then analyses how blockchain can be applied to innovative fields and investigates related Privacy issues. Indeed, the chain can certify the time, the parties and the object included in a “block” but cannot guarantee the legal validity, the veracity or correctness of the content. Furthermore, its immutability is in direct conflict with the right to be forgotten. In addition, due to the distributed nature of the system, it does not allow identification of data controllers and, consequentially, the liable (accountable) subject for the personal data processed within the digital ledger. The study is intended for both legal and non-legal audiences and provides a technical overview of the technological foundations behind blockchain to the legal audience, and the conceptual tools to understand the legal requirements that apply to the non-legal audience. The aim of the study is to highlight the characteristics of the proposed solution, i.e., supporting centralised governance of blockchain infrastructures to ensure control over the distrubuted nodes, as well as having the capability to intervene in modifying the chain when the law requires it. This set of interventions would also render publicly available the personal information within the blockchain with different levels of accessibility (“Privacy by Layers,” PbL) and, therefore, provide log control that can ensure compliance with the Data Protection regulatory framework. To provide a complete analysis on the matter, the study also addresses how Intelligent Systems running on a blockchain-based infrastructure that holds pieces of personal information can clash with Article 22 of the GDPR on automated decisions when it affects the fundamental rights of individuals. Finally, the conclusions crystallise the legal remarks by stressing the essential elements of the analysis that emerged during the study and framing them within the bigger picture of how the Lawaddresses social or technological phenomena.