SLIDE 1
Privacy Enhancing Technology and the Right to be Forgotten
Michael Kolain
Privacy Enhancing Technology and the Right to be Forgotten Michael - - PowerPoint PPT Presentation
Privacy Enhancing Technology and the Right to be Forgotten Michael - - PowerPoint PPT Presentation
Privacy Enhancing Technology and the Right to be Forgotten Michael Kolain Taking on the epic boss: The right to erasure Right to erasure (right to be forgotten) Art. 17 GDPR (1) The data subject shall have the right to obtain from the
SLIDE 2
SLIDE 3
(1) The data subject shall have the right to obtain from the controller the erasure
- f personal data (...) if:
a) the personal data are no longer necessary in relation to the purposes for which they were collected (...); b) the data subject withdraws consent (…); d) the personal data have been unlawfully processed;
- Art. 17 GDPR
Right to erasure (‘right to be forgotten’)
3
SLIDE 4
PrivacyByBlockchainDesig n.com
“Delete” on a storage device
SLIDE 5
PrivacyByBlockchainDesig n.com
“Delete” from index of a search engine
SLIDE 6
PrivacyByBlockchainDesig n.com
“Delete” an auto complete value
SLIDE 7
PrivacyByBlockchainDesig n.com
“Delete” in a state register?
SLIDE 8
PrivacyByBlockchainDesig n.com
Opinion of the Austrian Data Protection Authority (DSB)
Decision DSB-D123.270/0009-DSB/2018 – 05.12.2018
- Deletion and destruction are not (necessarily) the same
- Removal of the personal reference ("anonymisation") can in principle be a
possible means of deleting personal data
- Complete irreversibility is not necessary, regardless of the means used to
extinguish it
- Can an encrypted dataset / a hash / a irretrievable public key lead to
deletion? On which pillars should a blockchain architecture that can “forget” build upon?
SLIDE 9
PrivacyByBlockchainDesig n.com
How can we „erase“ data from a Blockchain (without making it unfunctional)?
- Legal obligation of the
nodes to comply with a deletion command
- Pruning (“Trim the Merkle-
Tree”)
- Zero-Knowledge-Proofs
- Chameleon Hash
9
SLIDE 10
PrivacyByBlockchainDesig n.com
Pruning (“Trim the Merkle-Tree”)
10
Architectural element of a governance framework
SLIDE 11
PrivacyByBlockchainDesig n.com
Legal obligation of the nodes to comply with a deletion command
11
Architectural element of a governance framework
SLIDE 12
PrivacyByBlockchainDesig n.com
Wh What is “true” in the digital world?
Does ist make much sense to try to get rid of “false” information in the cyberspace? Traditional understanding: “False information shall be deleted” → paper files, newspapers, single servers New (?) understanding: “True is only what has been validated by the authorized person or body”
Do we need a new dogma of trust in information in the digital era? How can a Web 3.0 contribute?
SLIDE 13
PrivacyByBlockchainDesig n.com
Ho How could the „blockchain landscape of the future“ look lik like?
SLIDE 14
PrivacyByBlockchainDesig n.com
Ho How could the „blockchain landscape of the future“ look lik like? Where is data stored? How is data linked? Which information does a data(set) hold?
When does data need to be erased?
How can information be retriedved from data?
SLIDE 15
PrivacyByBlockchainDesig n.com
Th The Future of Data a Law?
Link to storage and editing layer Link to access layer Link to right registry Litigation interface Link to ID registry „Data“ Governance Relay
SLIDE 16
PrivacyByBlockchainDesig n.com
Michael K Kolain
Co-Initiator of DIN SPEC 4997 Author and speaker on regulatory questions of digital technologies Scientific Co-Coordinator at German Research Institute
- f Public Administration
michael.kolain@posteo.de // kolain@foev-speyer.de