blockchain and gdpr
play

Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, - PowerPoint PPT Presentation

May 22, 2023 •205 likes •634 views

Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva joern@erbguth.ch +41

  1. Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jörn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva joern@erbguth.ch +41 787256027

  2. GDPR vs. Blockchain GDPR Blockchain Ri Right t to to … immutable Art. 16: rectification Art. 17: erasure public Art. 18: restriction of processing Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #2

  3. GDPR vs. Blockchain GDPR Blockchain Cl Clear r resp sponsi sibilities distributed responsibility controller anonymous participation processor Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #3

  4. Agenda • GDPR • How to evaluate GDPR compliance • How to use hashing correctly • Public and permissioned blockchains • 5 ways for blockchain applications to cope with GDPR Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #4

  5. Charter of Fundamental Rights of the European Union Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #5

  6. What does the GDPR protect? Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #6

  7. GDPR in Relation to Other Fundamental Rights Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #7

  8. General Data Protection Regulation (GDPR) • Processing of personal data is forbidden • Unless there is proper justification • Obligations for controllers and processors • Rights for data subjects • Includes obligation to information security • Fines up to 20 mill. € or 4% of worldwide annual turnover Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #8

  9. How to evaluate GDPR compliance • Does GDPR apply? • Is there processing of personal data? • Is there a justification for this data processing? • Do I comply with the obligations of GDPR? Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #9

  10. Does the GDPR apply? (Art. 2, 3) • Some entity that is considered a controller or a processor is in the EU • Offering goods or services to data subjects in the EU • Monitoring behavior of data subjects in the EU • Not if only for personal use or household activity Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #10

  11. Personal data (Art. 4.1)? Any information relating to an identified or identifiable natural person Pseudonymous data is personal data • Anonymous data is not not personal data • Recital 26: To determine whether a natural person is identifiable, account should be taken of all the means reasonably like kely to be used ... either by the controller or by another person to identify the natural person directly or indirectly. Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #11

  12. Examples of personal data ü IP addresses ü Bitcoin addresses ü “anonymized” movement profile ü “anonymized” browsing history ✗ aggregated movement profiles ✗ aggregated browsing history Attention: Look k at the individual case – do do n not g generalize Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #12

  13. Encryption Deletion of the encryption key = deletion of the content? Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #13

  14. Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #14

  15. GDPR-compliant deletion? • Deletion of the encryption key = deletion of the content? • Is there a remaining copy of the key? • Will the encryption method become insecure in the future? Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #15

  16. Use of Hash Values Pu Public lic Priva Private Encrypted Data Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #16

  17. Use of Hash Values Pu Public lic Priva Private Data Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #17

  18. Cryptographic hash functions • Serve as digital fingerprints • Virtually unique • Fixed length (e.g. 32 bytes) • For digital objects of any size • One-way function Demo 2 Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #18

  19. Kryptografische Hashwerte, datenschutzkonform Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #19

  20. Kryptografische Hashwerte, nicht datenschutzkonform hat Diplom Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #20

  21. Use Cases for Cryptographic Hash Functions • Validate external documents • Time-stamping • Proof of Existence • Basic functionality for cryptography and DLT The w Th wron ong u g use of of h hash f function ons c can l lead t to t o the ide identif tific icatio tion of da data ta subje bjects ts! Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #21

  22. Adding Salt and Pepper to Hashes • Ensuring enough en entropy • Making guessing really hard • Can prevent rainbow table attacks • Can prevent parallel attacks Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #22

  23. How to Hash Data Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #23

  24. How to Hash Data Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #24

  25. How to Hash Data Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #25

  26. How to Hash Data Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #26

  27. Test: Does the Blockchain Leak Personal Data? Does the system disclose personal data by itself? What if • somebody knows one transaction, can she see further transactions of the same person? • somebody knows part of a transaction, can she see further details? • somebody knows personal details of a person, can she discover information about the person’s activity? Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #27

  28. Zero-Knowledge Proof Proof of knowing something without revealing it Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #28

  29. Zero-Knowledge Proof – Zcash Limiting the purpose of using personal data by technical means • Only the correctness of the transaction can be proven • Privacy by design • Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #29

  30. Advantages • Protection also against insiders (e.g. admins) • Access rights cannot be modified retroactively • Protection against intruders that breach the firewall • Data is protected against manipulation Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #30

  31. Still personal data? • In a pre-GDPR opinion, DPAs said yes (Art. 29 WP, 05/14) • GDPR says, it depends • So does the Austrian Datenschutzbehörde • Risk that immutable data on blockchains become personal data later Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #31

  32. Opinion of the CNIL Order of Preference • Zero-Knowledge Proof • Hashes with secret key (peppered hashes) • Encryption • Hashes without additional secret key • Clear text Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #32

  33. Lawfulness of processing (Art. 6) Consent (Art. 6.1 a) • Performance of a contract (Art. 6.1 b) • Compliance with a legal obligation (Art. 6.1 c) • Legitimate interest (Art. 6.1 f) • Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #33

  34. Controllers, Processors, Data Subjects Determines the purposes and Controller means of processing Processes data Processor on behalf of the controller Data-Subjects Blockc kchain an and GD GDPR March 5, 2019 Blockchain Hands On, Geneva Jörn Erbguth, joern@erbguth.ch #34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain Research, Zurich, May 14th Jrn

Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain Research, Zurich, May 14th Jrn

Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain Research, Zurich, May 14th Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva

739 views • 35 slides
Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak Blockchain, Sustainable Development and Privacy 26-27 November 2019 Berlin, Germany The problem with GDPR and blockchains : Bitcoin & Privacy

395 views • 7 slides
Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf.,

Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf.,

Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Blockchain & GDPR joern@erbguth.ch +41 787256027 Imagine the GDPR paradise In Introduction November 26th, 2019

895 views • 26 slides
A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius /

A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius /

A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius / @silvanjongerius / @techgdpr / silvan@techgdpr.com Key problems of Blockchain under GDPR 1. The definition of personal data is unclear 2. The GDPR

246 views • 13 slides
Blockchain and GDPR Blockstack Decentralizing the World Tour, December 18, 2018, Prague Jrn

Blockchain and GDPR Blockstack Decentralizing the World Tour, December 18, 2018, Prague Jrn

Blockchain and GDPR Blockstack Decentralizing the World Tour, December 18, 2018, Prague Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection joern@erbguth.ch +41 787256027 GDPR vs.

964 views • 42 slides
1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain?

1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain?

1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain? Philipp Quiel 2 Agenda General scope of the legal basis in Art. 6 (1) b GDPR Possibilities of concluding contracts in blockchain systems

553 views • 19 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

MAKE BLOCKCHAIN WORK FOR YOU bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2 Consensus 1 Encryption P2P Networks Time Stamp Challenges addressed by blockchain Regulatory and compliance pressures

669 views • 14 slides
Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain blockchain blockchain blockchain Blockchain blockchain blockchain Blockchain Blockchain (blockchain) Blockchain blockchain, blockchain

470 views • 12 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

State of Blockchain at LF Christopher Ferris, CTO Open Technology, IBM Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es to securely interact with the same universal

567 views • 31 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who thinks blockchain is the future of banking? Who can explain what blockchain is? Blockchain in Banking 2 Blockchain Key Elements Smart Ledger

517 views • 20 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
A New Method for the Study of Correlations between MT Evaluation Metrics Paula Estrella Andrei

A New Method for the Study of Correlations between MT Evaluation Metrics Paula Estrella Andrei

A New Method for the Study of Correlations between MT Evaluation Metrics Paula Estrella Andrei Popescu-Belis Margaret King School of Translation and Interpreting University of Geneva Introduction Correlation with human metrics is a

541 views • 24 slides
IMT-2020 Work in ITU-R Working Party 5D (An Update on 2015 & 2016 Activities) Stephen M.

IMT-2020 Work in ITU-R Working Party 5D (An Update on 2015 & 2016 Activities) Stephen M.

IMT-2020 Work in ITU-R Working Party 5D (An Update on 2015 & 2016 Activities) Stephen M. Blust Chairman ITU-R Working Party 5D Version 1 8 December 2016 A RECAP OF THE PLAN FOR SETTING THE STAGE 5 G Related Aspects in I TU-R W

628 views • 23 slides
Querying multiple Linked Data sources on the Web Ruben Verborgh If you have a Linked

Querying multiple Linked Data sources on the Web Ruben Verborgh If you have a Linked

Querying multiple Linked Data sources on the Web Ruben Verborgh If you have a Linked Open Data set, you probably wonder: How can people query my Linked Data on the Web? A public SPARQL endpoint gives live

732 views • 57 slides
Eclipse of the Public Corporation or Eclipse of the Public Markets? Doidge, Kahle, Karolyi, Stulz

Eclipse of the Public Corporation or Eclipse of the Public Markets? Doidge, Kahle, Karolyi, Stulz

Eclipse of the Public Corporation or Eclipse of the Public Markets? Doidge, Kahle, Karolyi, Stulz Journal of Applied Corporate Finance, 2018 Some observations by Roni Michaely University of Geneva; Geneva Finance Research Institute, and SFI

552 views • 25 slides
New Parent Orientation June 25, 2020 Outline I. Who we are II. What we expect III.

New Parent Orientation June 25, 2020 Outline I. Who we are II. What we expect III.

New Parent Orientation June 25, 2020 Outline I. Who we are II. What we expect III. Introductions Meet the Parent Council Meet Geneva School Administration Who We Are: Mission Statement The Geneva School of Manhattan exists to provide a

206 views • 19 slides
https://edms.cern.ch/document/1761678/1 Civil engineering aspects and challenges for CERNs

https://edms.cern.ch/document/1761678/1 Civil engineering aspects and challenges for CERNs

https://edms.cern.ch/document/1761678/1 Civil engineering aspects and challenges for CERNs Future Accelerators (100km Future Circular Collider / Linear Colliders and High Luminosity LHC) Introduction Future Circular Collider Study (FCC)

775 views • 63 slides
WA104: R&D on new large LAr detector C. Montanari (INFN Pavia) ICARUS-LBNE Collaboration

WA104: R&D on new large LAr detector C. Montanari (INFN Pavia) ICARUS-LBNE Collaboration

WA104: R&D on new large LAr detector C. Montanari (INFN Pavia) ICARUS-LBNE Collaboration ICFA Meeting at Paris Diderot University January 10th, 2013 The need for a continuing neutrino programme The recent, major success of

637 views • 25 slides
Facts and figures Niall OHiggins (YEP, ILO) Sarah Akwei-Marfo (GIDJY, ILO) Future of Work for

Facts and figures Niall OHiggins (YEP, ILO) Sarah Akwei-Marfo (GIDJY, ILO) Future of Work for

Rising to the youth employment challenge(s) in Africa: Facts and figures Niall OHiggins (YEP, ILO) Sarah Akwei-Marfo (GIDJY, ILO) Future of Work for African Youth, February 7 th 2019, Geneva Today 1. Nature and dimensions of the youth

555 views • 26 slides

More recommend