blockchain and gdpr
play

Blockchain and GDPR Blockstack Decentralizing the World Tour, - PowerPoint PPT Presentation

Jun 22, 2023 •526 likes •964 views

Blockchain and GDPR Blockstack Decentralizing the World Tour, December 18, 2018, Prague Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection joern@erbguth.ch +41 787256027 GDPR vs.

  1. Blockchain and GDPR Blockstack Decentralizing the World Tour, December 18, 2018, Prague Jörn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection joern@erbguth.ch +41 787256027

  2. GDPR vs. Blockchain GDPR Blockchain Ri Right t to to … immutable Art. 16: rectification Art. 17: erasure public Art. 18: restriction of processing Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #2

  3. GDPR vs. Blockchain GDPR Blockchain Cl Clear r resp sponsi sibility distributed responsibility controller anonymous participation processor Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #3

  4. General Data Protection Regulation (GDPR) • Directly applicable European law • Processing of personal data is forbidden • Unless there is proper justification • Obligations for controllers and processors • Rights for data subjects • Fines up to 20 mill. € or 4% of worldwide annual turnover Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #4

  5. Does the GDPR apply? (Art. 2, 3) • Some entity that is considered a controller or a processor is in the EU • Offering goods or services to data subjects in the EU • Monitoring behavior of data subjects in the EU • Not if only for personal use or household activity Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #5

  6. Personal data (Art. 4.1)? Any information relating to an identified or identifiable natural person Pseudonymous data is personal data • Anonymous data is not not personal data • Recital 26: To determine whether a natural person is identifiable, account should be taken of all the means reasonably like kely to be used ... either by the controller or by another person to identify the natural person directly or indirectly. Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #6

  7. Examples of personal data ü IP addresses ü Bitcoin addresses ü “anonymized” movement profile ü “anonymized” browsing history ✗ aggregated movement profiles ✗ aggregated browsing history Attention: Look k at the individual case – do do n not g generalize Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #7

  8. Encryption Deletion of the encryption key = deletion of the content? Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #8

  9. Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #9

  10. GDPR-compliant deletion? • Deletion of the encryption key = deletion of the content? • Is there a remaining copy of the key? • Will the encryption method become insecure in the future? Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #10

  11. Use of Hash Values Pu Public lic Priva Private Encrypted Data Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #11

  12. Use of Hash Values Pu Public lic Priva Private Data Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #12

  13. Blockstack Architecture Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #13

  14. Cryptographic hash functions • Serve as digital fingerprints • Virtually unique • Fixed length (e.g. 32 bytes) • For digital objects of any size • One-way function Demo 2 Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #14

  15. Examples of cryptographic hashes • Switzerland 2275583196D791405892AACA0D87743C872F3FC0CF3308A6C3EF82528918AA8A • Switzerland. 43CF6F3ECA7253FFAB1FD5104172280189B91FDD5FA26774FCA6475FFA1E2EC9 • A 8C4B4C4E211BA8C1A62DE2A3A6CA5AC8BFF501C14410100DD90D5077A0AC061E Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #15

  16. Kryptografische Hashwerte, datenschutzkonform Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #16

  17. Kryptografische Hashwerte, nicht datenschutzkonform hat Diplom Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #17

  18. Use cases for cryptographic hash functions • Validate external documents • Time-stamping • Proof of Existence • Basic functionality for cryptography and DLT The w Th wron ong u g use of of h hash f function ons c can l lead t to t o the ide identif tific icatio tion of da data ta subje bjects ts! Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #18

  19. Adding Salt and Pepper to Hashes • Ensuring enough en entropy • Making guessing really hard • Can prevent rainbow table attacks • Can prevent parallel attacks Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #19

  20. How to Hash Data Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #20

  21. How to Hash Data Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #21

  22. How to Hash Data Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #22

  23. How to Hash Data Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #23

  24. Test: Does your system leak personal data? Does the system disclose personal data by itself? What if • somebody knows one transaction, can she see further transactions of the same person? • somebody knows part of a transaction, can she see further details? • somebody knows personal details of a person, can she discover information about the person’s activity? Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #24

  25. Zero-Knowledge Proof Proof of knowing something without revealing it Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #25

  26. Simple Zero Knowledge Proof Public Key Private Key ✓ Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #26

  27. Zero-Knowledge Proof – example color blind color vision Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #27

  28. Zero-Knowledge Proof – Zcash • Technical purpose limitation of personal data • Only the correctness of the transaction can be proven Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #28

  29. Advantages • Protection also against insiders (e.g. admins) • Access rights cannot be modified retroactively • Protection against intruders that breach the firewall • Data is protected against manipulation Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #29

  30. Still personal data? • In a pre-GDPR opinion, DPAs said yes (Art. 29 WP, 05/14) • GDPR says, it depends • Risk that immutable data on blockchains become personal data later Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #30

  31. Opinion of the CNIL Order of Preference • Zero-Knowledge Proof • Hashes with secret key (peppered hashes) • Encryption • Hashes without additional secret key • Clear text Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #31

  32. Chameleon Hash Functions • Hash functions that can be reversed with a private key • Enables modifiable blockchains • Modification remains visible • Modification can be subject to conditions • Modification should be limited to specific parts of a transaction Blockc kchain an and GD GDPR December 18, 2018 Blockstack Decentralizing the World Tour, Prague Jörn Erbguth, joern@erbguth.ch #32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain Research, Zurich, May 14th Jrn

Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain Research, Zurich, May 14th Jrn

Is GDPR a Roadblock to Blockchain? 1. Swiss Symposium Blockchain Research, Zurich, May 14th Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva

739 views • 35 slides
Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak

Blockchain, GDPR & cryptography zkSNARKs for scaling and privacy. Alexandre Poltorak Blockchain, Sustainable Development and Privacy 26-27 November 2019 Berlin, Germany The problem with GDPR and blockchains : Bitcoin & Privacy

395 views • 7 slides
Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth,

Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth,

Blockchain and GDPR Blockchain Hands On, March 5 th 2019, Fusion, Geneva Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Legal Tech, Blockchain, Smart Contracts and Data Protection PhD candidate, University of Geneva joern@erbguth.ch +41

634 views • 42 slides
Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf.,

Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf.,

Blockchain and GDPR Hotspot EDVGT2019 Berlin, November 26 th , 2019 Jrn Erbguth, Dipl.-Inf., Dipl.-Jur. Consultant Blockchain & GDPR joern@erbguth.ch +41 787256027 Imagine the GDPR paradise In Introduction November 26th, 2019

895 views • 26 slides
A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius /

A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius /

A GDPR Code of Conduct for Blockchain Silvan Jongerius - Managing Partner Silvan Jongerius / @silvanjongerius / @techgdpr / silvan@techgdpr.com Key problems of Blockchain under GDPR 1. The definition of personal data is unclear 2. The GDPR

246 views • 13 slides
1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain?

1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain?

1 How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain? Philipp Quiel 2 Agenda General scope of the legal basis in Art. 6 (1) b GDPR Possibilities of concluding contracts in blockchain systems

553 views • 19 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

MAKE BLOCKCHAIN WORK FOR YOU bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2 Consensus 1 Encryption P2P Networks Time Stamp Challenges addressed by blockchain Regulatory and compliance pressures

669 views • 14 slides
Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain blockchain blockchain blockchain Blockchain blockchain blockchain Blockchain Blockchain (blockchain) Blockchain blockchain, blockchain

470 views • 12 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

State of Blockchain at LF Christopher Ferris, CTO Open Technology, IBM Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es to securely interact with the same universal

567 views • 31 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain & Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who thinks blockchain is the future of banking? Who can explain what blockchain is? Blockchain in Banking 2 Blockchain Key Elements Smart Ledger

517 views • 20 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
Welcome to Leadership Academy! Meet the LA Team! Attendee Professional Pledge To gain the

Welcome to Leadership Academy! Meet the LA Team! Attendee Professional Pledge To gain the

Welcome to Leadership Academy! Meet the LA Team! Attendee Professional Pledge To gain the most from the Leadership Academy experience, I pledge to: 1. Represent Phi Sigma Pi with pride and dignity, conducting myself in a professional

710 views • 27 slides
Overview of Overview of *configurable* architectures *configurable* architectures Prof. Kurt

Overview of Overview of *configurable* architectures *configurable* architectures Prof. Kurt

Overview of Overview of *configurable* architectures *configurable* architectures Prof. Kurt Keutzer EECS keutzer@eecs.berkeley.edu Thanks to Andre Dehon, Jan Rabaey, and many vendors 1 Outline Outline Motivation for *configurable*

264 views • 15 slides
The RTOS Chameleon for Linux Jan Kiszka Dipl.-Ing. Leibniz Universitt Hannover 2007-01-24

The RTOS Chameleon for Linux Jan Kiszka Dipl.-Ing. Leibniz Universitt Hannover 2007-01-24

The RTOS Chameleon for Linux Jan Kiszka Dipl.-Ing. Leibniz Universitt Hannover 2007-01-24 Real-Time Systems Group Hard Real-Time for Linux But How? Which RT-Linux technology? Co-scheduling? ...or native real-time Linux? Which kernel

261 views • 12 slides
Revisiting TESLA in the quantum random oracle model Selected history of Fiat-Shamir style

Revisiting TESLA in the quantum random oracle model Selected history of Fiat-Shamir style

Revisiting TESLA in the quantum random oracle model Selected history of Fiat-Shamir style signatures from LWE or SIS Lyubashevsky 2012 Sigs via Fiat-Shamir Bai-Galbraith BLISS 2013 Short sigs Optimized DBGGOPSS 2014 Improvements,

1.6k views • 43 slides
New Effects of Dark Matter which are Linear in the Interaction Strength Victor Flambaum, Yevgeny

New Effects of Dark Matter which are Linear in the Interaction Strength Victor Flambaum, Yevgeny

New Effects of Dark Matter which are Linear in the Interaction Strength Victor Flambaum, Yevgeny Stadnik, Benjamin Roberts, Vladimir Dzuba University of New South Wales, Sydney, Australia Physical Review D 89 , 043522 (2014) Physical Review

1.1k views • 61 slides
Chameleon Field theory 20140076 KIMMUNSIK Physics. Dep INDEX 1. Introduction Accelerating

Chameleon Field theory 20140076 KIMMUNSIK Physics. Dep INDEX 1. Introduction Accelerating

Chameleon Field theory 20140076 KIMMUNSIK Physics. Dep INDEX 1. Introduction Accelerating expansion of the Universe 2. Cosmology constant and its problem 3. Quintessence and Chameleon Mechanism 4. How to find it? 5. Conclusion

513 views • 28 slides
Blazar Project Update, Open Infrastructure Summit Shanghai 2019 Masahito Muroi IRC: masahito

Blazar Project Update, Open Infrastructure Summit Shanghai 2019 Masahito Muroi IRC: masahito

November 2019 Blazar Project Update, Open Infrastructure Summit Shanghai 2019 Masahito Muroi IRC: masahito LINE Tetsuro Nakamura IRC: tetsuro NTT Bertrand Souville IRC: bertys DOCOMO Euro-Labs What is Blazar? Blazar provides

528 views • 15 slides
Challenges of string theory: particle physics and cosmology Sa ul Ramos-S anchez XIII

Challenges of string theory: particle physics and cosmology Sa ul Ramos-S anchez XIII

Challenges of string theory: particle physics and cosmology Sa ul Ramos-S anchez XIII Mexican Workshop on Particles and Fields October 20, 2011 Sa ul Ramos-S anchez IF-UNAM Challenges of string theory What do we know? SM = QCD

580 views • 39 slides

More recommend