Conceptualizations of the controller in permissionless blockchains

Author:Maurice Schellekens
Position:Senior researcher at Tilburg Institute for Law, Technology, and Society, Tilburg University
Pages:215-227
SUMMARY

The relationship between blockchain and the General Data Protection Regulation (hereinafter GDPR) is often described as problematic. This article addresses one of the problems blockchain faces: who is/are the controller(s) in a blockchain context? This article demonstrates that it is particularly difficult to identify the controller in blockchain applications that are integrated in the core code... (see full summary)

 
FREE EXCERPT
Conceptualizations of the controller in permissionless blockchains
2020
215
2
Conceptualizations of the controller
in permissionless blockchains
by Maurice Schellekens*
© 2020 Maurice Schellekens
Everybody may disseminate this ar ticle by electronic m eans and make it available for downloa d under the terms and
conditions of the Digital P eer Publishing Licence (DPPL). A copy of the license text may be obta ined at http://nbn-resolving.
de/urn:nbn:de:0009-dppl-v3-en8.
Recommended citation: Maurice S chellekens, Conceptualizations of the controller in permissionless blo ckchains, 11 (2020)
JIPITEC 215 para 1.
Keywords: Controller; Blockchain; permissionsless Blockchain; GDPR
blockchain. These conceptualizations give different
perspectives on the relations between the actors in
a blockchain that are potential controllers. The arti-
cle identifies who is most likely to be the controller in
the different conceptualizations and gives indications
about the extent to which the controllers are able to
exercise their responsibilities. A problem is that an
adequate exercise of responsibility requires coordi-
nation within the blockchain. However, the system
that normally takes care of coordination in a permis-
sionless blockchain – the crypto-economic incentive
system – is at present not able to provide adequate
data protection.
Abstract: The relationship between block-
chain and the General Data Protection Regulation
(hereinafter GDPR) is often described as problematic.
This article addresses one of the problems blockchain
faces: who is/are the controller(s) in a blockchain con-
text? This article demonstrates that it is particularly
difficult to identify the controller in blockchain appli-
cations that are integrated in the core code of a per-
missionless blockchain. The P2P character of block-
chains, with its broad distribution of responsibilities,
makes it difficult to ascertain who is able to deter-
mine purposes and means of the processing of data.
In order to structure the discussion, this article devel-
ops three conceptualizations of cooperation within a
A. Introduction
1 Blockchain is a distributed ledger that introduces a
new way of processing data. Data on a blockchain
are immutable and storage is independent from the
intermediaries, involved in managing the blockchain.
There is a – currently unproven - promise of new
business models and innovation.
2
Blockchain’s relationship with the GDPR is tense, not
least because it is difcult to establish accountability
in a blockchain. Blockchain’s horizontal character
is laid out to minimize the inuence of individual
administrators within the blockchain.
3
The dilution of inuence makes it difcult to
pinpoint who determines purposes and means of data
processing, in other words, who is the controller.
4 This article seeks to bring the discussion regarding
accountability a step further by discerning three
ways of conceptualizing the relations or cooperation
between the actors in a blockchain context.
5
This article proceeds as follows. In the next
section, blockchain technology will be explained
for the purposes of this article. The following
section analyses controllership and presents the
conceptualizations of the relations amongst relevant
actors. The fourth section is the conclusion.

To continue reading

REQUEST YOUR TRIAL