Building-Blocks of a Data Protection Revolution
The Uneasy Case for Blockchain Technology to Secure Privacy and Identity
Zusammenfassung
Die Datenschutz-Grundverordnung (DSGVO) hat am 25. Mai 2018 nach einem langwierigen Regulierungsprozess die ausgediente Datenschutz-Richtlinie ersetzt. Die schnell wachsende Technologielandschaft wird die Fähigkeit der DSGVO, persönliche Daten und den freien Datenverkehr zu schützen, auf die Probe stellen. Dieses Werk schlägt eine technologische Ergänzung vor, um das in der DSGV festgehaltene Ziel des Datenschutzes zu realisieren. Es handelt sich um digitale Identitätsmanagement-Plattformen auf der Grundlage von Blockchain-Technologie. Die Struktur der Blockchain stellt jedoch einige Herausforderungen mit Bezug auf die Vereinbarkeit mit der DSGVO. Dementsprechend wird auch der Anspruch der DSGVO als neutrale Rechtsvorschrift auf die Probe gestellt. Die Vereinbarkeit einer Blockchain-basierten Lösung wird auf der Grundlage von Datenschutz-Prinzipien wie der Rechenschaftspflicht, der Datenminimierung, Kontrolle und eingebautem Datenschutz in Verbindung mit dem Recht auf Vergessenwerden und auf Datenübertragbarkeit untersucht.
Abstract
Die Datenschutz-Grundverordnung (DSGVO) hat am 25. Mai 2018 nach einem langwierigen Regulierungsprozess die ausgediente Datenschutz-Richtlinie ersetzt. Die schnell wachsende Technologielandschaft wird die Fähigkeit der DSGVO, persönliche Daten und den freien Datenverkehr zu schützen, auf die Probe stellen. Dieses Werk schlägt eine technologische Ergänzung vor, um das in der DSGV festgehaltene Ziel des Datenschutzes zu realisieren. Es handelt sich um digitale Identitätsmanagement-Plattformen auf der Grundlage von Blockchain-Technologie. Die Struktur der Blockchain stellt jedoch einige Herausforderungen mit Bezug auf die Vereinbarkeit mit der DSGVO. Dementsprechend wird auch der Anspruch der DSGVO als neutrale Rechtsvorschrift auf die Probe gestellt. Die Vereinbarkeit einer Blockchain-basierten Lösung wird auf der Grundlage von Datenschutz-Prinzipien wie der Rechenschaftspflicht, der Datenminimierung, Kontrolle und eingebautem Datenschutz in Verbindung mit dem Recht auf Vergessenwerden und auf Datenübertragbarkeit untersucht.
Schlagworte
Data Protection Blockchain Profiling Blockchain Technology Building-Blocks Data Protection Revolution Secure Identity Secure Privacy Uneasy Code- Kapitel Ausklappen | EinklappenSeiten
- 11–14 I. Introduction 11–14
- 53–56 V. Conclusion 53–56
- Books
- Bakhoum, M., et al (eds), Personal Data in Competition, Consumer Protection and IP Law –Towards a Holistic Approach? (Springer 2017).
- Bernal, P., Internet Privacy Rights: Rights to Protect Autonomy (Cambridge 2014).
- Bygrave, L.A., Data Privacy Law: An Interntional Perspective (Oxford 2014).
- Clippinger, J.H. and Bollier, D. (eds), From Bitcoin to Burning Man and Beyond: The Quest for Identity and Autonomy in a Digital Society (Institute for Institutional Innovation by Data-Driven Design 2014),
- de Burca, C., EU Law: Text Cases and Materials (6th edn, Oxford 2015).
- DeCew, J., Privacy (The Stanford Encyclopedia of Philosophy, Spring 2015)
- Falke, J. and Schepel, H. (eds.), Legal Aspects of Standardisation in the Member States of the EC and of EFTA, vol 1 (H. S. A. Luxembourg: Office for Official Publications of the European Communities 2000).
- Fischer-Hübner, S., et al (eds), Privacy and Identity Management for Life (Springer 2010).
- Fuster, G.G., The Emergence of Personal Data Protection as a Fundamental Right of the EU (Springer 2014).
- Gutwirth, S., et al (eds), Reinventing Data Protection? (Springer 2009).
- Gutwirth, S., Poullet, Y. and Paul de Hart (eds), Data Protection in a Profiled World (Springer 2010).
- Hildebrandt, M. and Gutwirth, S., (eds), Profiling the European Citizen: Cross-disciplinary perspectives (Springer 2008).
- Leenes, R. et al (eds), Data Protection and Privacy: (In)visibilities and Infrastructures (Springer 2017).
- Morgan, B. and Yeung, K., An Introduction to Law and Regulation: Text and Materials (Cambridge University Press 2007)
- Neethling, J. et al, Neethling’s Law of Personality (Butterworths 1996)
- Olleros, F.X., and Elgar, M.Z.E. (ed.), Research Handbook on Digital Transformations (2016).
- Rennenberg, K., Royer, D. and Deuker, A. (eds), The Future of Identity in the Information Society: Challenges and Opportunities (Springer 2009).
- Contribution to edited books
- Bart van der Sloot, ‘Legal Fundamentalism: Is Data Protection Really a Fundamental Right’ in Ronald Leenes et al (eds), Data Protection and Privacy: (In)visibilities and Infrastructures (Springer 2017).
- Jean-Marc Dinant, ‘The Concepts of Identity and Identifiablity: Legal and Technical Deadlocks for Protecting Human Beings in the Information Society?’ as cited in Gutwirth et al (eds), Reinventing Data Protection? (Springer 2009).
- Manon Oostveen and Kristina Irion, ‘The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right?’ as cited in Bakhoum, M., et al (eds), Personal Data in Competition, Consumer Protection and IP Law –Towards a Holistic Approach? (Springer 2017).
- Marc Pilkington, ‘Blockchain Technology: Principles and Applications’ (September 18, 2015) in F. Xavier Olleros and Majlinda Zhegu. Edward Elgar (ed.), Research Handbook on Digital Transformations (2016).
- Norberto Andrade, ‘Data Protection, Privacy and Identity: Distinguishing Concepts and Articulating Rights’ in Simone Fischer-Hübner et al (eds), Privacy and Identity Management for Life (Springer 2010).
- Samuel Warren and Louis Brandeis, ‘The Right to Privacy’ (1890) 4 Harvard Law Review 193, as cited in Judith DeCew, ‘Privacy’, The Stanford Encyclopedia of Philosophy (Spring 2015).
- Yves Poullet, ‘About the E-Privacy Directive: Towards a Third Generation of Data Protection Legislation?’ in Serge Gutwirth, Yves Poullet and Paul de Hart (eds), Data Protection in a Profiled World (Springer 2010) 14.
- Journal articles
- Christophe Lazaro and Daniel Le Métayer, ‘Control over Personal Data: True Remedy or Fairy Tale?’ (2015) 12 (1) SCRIPTed 3.
- David Nuñez and Isaac Agudo, ‘BlindIdM: A privacy-preserving approach for identity management as a service’ (2014) 13 (2) International Journal of Information Security 199.
- Dennis D Hirsch, ‘In Search of the Holy Grail: Achieving Global Privacy Rules Through Sector-Based Codes of Conduct’ (2013) 74 Ohio State Law Journal 1029.
- Edgar A. Whitley, ‘Informational privacy, consent and the ‘control’ of personal data’ (2009) 14 Information Security Technical Report 154.
- Gary T Marx, ‘Murky Conceptual Waters: The Public and The Private’ (2001) 3 Ethics and Information Technology 157.
- Gerrit Hornung and Christoph Schnabel, ‘Data protection in Germany I: The population census decision and the right to informational self-determination’ (2009) 25 Computer Law and Security Review 84
- Irwin Altman, ‘Privacy: A Conceptual Analysis’ (1976) 8 Environment and Behavior 7.
- Janice Y Tsai et al, ‘The Effect of Online Privacy Information on Purchasing Behaviour: An Experimental Study’ (2011) 22(2) Information Systems Research 254.
- Johann Neethling, ‘Personality Rights: A Comparative Overview’ (2005) 38 (2) Comparative and International Law Journal of Southern Africa 210.
- Juliane Kokott and Christoph Sobotta, ‘The Distinction between Privacy and Data Protection Jurisprudence of the CJEU and ECtHR’ (2013) 3 (4) International Data Privacy Law 222.
- Marco Iansiti and Karim Lakhani, ‘The Truth About Blockchain’ (Harvard Business Review, January-February 2017).
- Matthias Berberich and Malgorzata Steiner, ‘Blockchain Technology and the GDPR: How to Reconcile Privacy and Distributed Ledgers’ (2016) 2 European Data Protection Law Review 422.
- Mireille Hilderbrandt and Laura Tielmans, ‘Data Protection by Design and Technology Neutral Law’ (2013) 29 Computer Law and Security Review 509.
- Nadja Kanellopoulou, ‘Legal Philosophical Dimensions of Privacy’, EnCoRe Briefing Paper 2009.
- Paul de Hert and Vagelis Papakonstantinou, ‘The New General Data Protection Regulation: Still a Sound System for The Protection of Individuals?’ (2016) 32 Computer Law and Security Review 179.
- Raphael Gallert and Serge Gutwirth, ‘The Legal Construction of Privacy and Data Protection’ (2013) 29 (5) Computer Law and Security Review 522.
- Ronald H Coase, ‘The Problem of Social Cost’ (1960) 3 Journal of Law and Economics 1.
- Scott R. Peppet, ‘Unraveling privacy: The personal prospectus and the threat of a full-disclosure future.’ (2011) 105 Northwestern University Law Review 1153 1183.
- Simone Fischer-Hübner, C. Hoofnagle, I. Krontiris, K. Rannenberg, and M. Waidner (eds.), ‘Online Privacy: Towards Information Self-Determination on the Internet’, Dagstuhl Manifestos, Vol. 1 Issue 1 1–20.
- Online articles
- Aaron Wright and Primavera Di Filippi, ‘Decentralized Blockchain Technology and the Rise of Lex Cryptographia’ (10 March 2015) <www.intgovforum.org/cms/wks2015/uploads/proposal_background_paper/SSRN-id2580664.pdf>.
- Alan F. Westin, ‘Privacy and Freedom’, Washington and Lee Law Review, Vol. 25 Issue 1 (1967) 7. <http://scholarlycommons.law.wlu.edu/cgi/viewcontent.cgi?article=3659&context=wlulr>.
- Bert-Jaap Koops, ‘The Trouble with European Data Protection Law’ (TILT Law and Technology Preprint Publications 2014). <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2505692>
- Blockchain Bundesverbrand, ‘Blockchain, data protection, and the GDPR’ (May 2018). < https://www.bundesblock.de/wp-content/uploads/2018/05/GDPR_Position_Paper_v1.0.pdf >
- Christian Lundkvist, Rouven Heck, Joel Torstensson, Zac Mitton and Michael Sena, ‘Uport: A Platform for Self-Sovereign Identity’ (21 February 2017). <https://whitepaper.uport.me/uPort_whitepaper_DRAFT20170221.pdf>.
- David S. Evans, ‘Economic Aspects of Bitcoin and Other Decentralized Public-Ledger Currency Platforms’, Coase-Sandor Institute for Law & Economics, Research Paper No. 685 3 (15 April 2014). <http://dx.doi.org/10.2139/ssrn.2424516>.
- David Reinsel, John Gantz and John Rydning, ‘Data Age 2025: The Evolution of Data to Life-Critical’ (April 2017). <www.seagate.com/www-content/our-story/trends/files/Seagate-WP-DataAge2025-March-2017.pdf>.
- Don Tapscott and Alex Tapscott, ‘The Impact of the Blockchain Goes Beyond Financial Services’ (10 May 2016) <https://hbr.org/2016/05/the-impact-of-the-blockchain-goes-beyond-financial-services?referral=03759&cm_vc=rr_item_page.bottom>.
- Guy Ziskind, Oz Nathan and Alex Sandy Pentland, ‘Decentralizing Privacy: Using Blockchain to Protect Personal Data’, 2015 IEEE Computer Society - IEEE CS Security and Privacy Workshops. <www.computer.org/csdl/proceedings/spw/2015/9933/00/9933a180.pdf>.
- H T Tavani, ‘Privacy and the Internet’ (2000) Boston College Intellectual Property & Technology. <www.bc.edu/bc_org/avp/law/st_org/iptf/commentary/content/2000041901.html>
- Irene Kamara, ‘Co-regulation in EU Personal Data Protection: The Case of Technical Standards and the Privacy by Design Standardisation 'Mandate'’ (2017) 8(1) European Journal of Law and Technology. <http://ejlt.org/article/view/545/723>.
- Joseph Bonneau et al., ‘Research Perspectives and Challenges for Bitcoin and
- Cryptocurrencies’ IEEE Security and Privacy. <www.jbonneau.com/doc/BMCNKF15-IEEESP-bitcoin.pdf.>.
- Lilian Mitrou and Maria Karyda, ‘EU’s Data Protection Reform and the Right to be Forgotten: A Legal Response to a Technological Challenge’. <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2165245&rec=1&srcabs=2032325&alg=1&pos=10>.
- Massachusetts Institute of Technology, ‘Core Identity Blockchain Project’ (2017). <https://law.mit.edu/blog/core-identity-blockchain-project>.
- Moritz Walther, ‘The EU GDPR and Distributed Ledgers (Blockchain): Solutions to a Worst Case Scenario’ (2018). <https://www.researchgate.net/publication/325069696_The_EU_GDPR_and_Distributed_Ledgers_Blockchain_Solutions_to_a_Worst_Case_Scenario>
- Neil M Richards and Jonathan H King, ‘Three Paradoxes of Big Data’ (2013) 66 Stanford Law Review Online 41. <www.stanfordlawreview.org/online/privacy-and-big-data-three-paradoxes-of-big-data/>.
- Neil Robinson et al, Review of the European Data Protection Directive (Cambridge 2009). <https://ico.org.uk/media/about-the-ico/documents/1042349/review-of-eu-dp-directive.pdf>.
- Patrick Tucker, ‘Has Big Data made Anonymity Impossible?’ MIT Technology Review - Business Report (7 May 2013). <www.technologyreview.com/s/514351/has-big-data-made-anonymity-impossible/?set=514341>.
- Sarah Eskens, ‘Profiling the European Consumer in the Internet of Things: How Will the General Data Protection Regulation Apply to this Form of Personal Data Processing, and How Should It?’. <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2752010>.
- Satoshi Nakomoto, ‘Bitcoin: A Peer-to-Peer Electronic Cash System’ BITCOIN.ORG 3 (2009). <https://bitcoin.org/bitcoin.pdf>.
- Vernon Turner, ‘The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things’ (April 2014). <www.emc.com/leadership/digital-universe/2014iview/digital-universe-of-opportunities-vernon-turner.htm>.
- World Economic Forum, ‘A Blueprint for Digital Identity’ (August 2016). <www3.weforum.org/docs/WEF_A_Blueprint_for_Digital_Identity.pdf>.
- Yli-Huumo J, Ko D, Choi S, Park S, Smolander K (2016) Where Is Current Research on Blockchain Technology?—A Systematic Review. PLoS ONE 11(10): e0163477. <https://doi.org/10.1371/journal.pone.0163477>.
- Website and blogs
- Ashurst, ‘Blockchain 101: An Introductory Guide to Blockchain’, Digital Economy, 20 March 2017. <www.ashurst.com/en/news-and-insights/insights/blockchain-101/>.
- Accenture, ‘Editing the Uneditable Blockchain: Why Distributed Ledger Technology Must Adapt to an Imperfect World’. <www.accenture.com/t00010101T000000__w__/es-es/_acnmedia/PDF-33/Accenture-Editing-Uneditable-Blockchain.pdf>.
- Djuri Baars, ‘Towards Self-Sovereign Identity Using Blockchain Technology’, Master Thesis, University of Twente 2016. <http://essay.utwente.nl/71274/1/Baars_MA_BMS.pdf>
- Ethereum Stack Exchange, ‘What's the difference between proof of stake and proof of work?’. <https://ethereum.stackexchange.com/questions/118/whats-the-difference-between-proof-of-stake-and-proof-of-work>.
- Gartner Press Release, ‘Gartner Says 6.4 Billion Connected "Things" Will Be in Use in 2016, Up 30 Percent From 2015’ (Stamford, 10 November 2015). <www.gartner.com/newsroom/id/3165317>.
- Gartner Press Release, ‘Gartner's 2016 Hype Cycle for Emerging Technologies Identifies Three Key Trends That Organizations Must Track to Gain Competitive Advantage’ (August 2016). <www.gartner.com/newsroom/id/3412017>.
- Goldman Sachs Global Investment Research, ‘Blockchain: Putting Theory into Practice’ (2016). <https://www.scribd.com/doc/313839001/Profiles-in-Innovation-May-24-2016-1>.
- ITU-T, ‘NGN Identity Management Framework’, (2009) Recommendation Y.2720. < https://www.itu.int/rec/T-REC-Y.2720-200901-I>.
- Sovrin, ‘Identity for all’. <www.sovrin.org/>.
- TNS Opinion & Social, ‘Data Protection’ Special Eurobarometer 431 (June 2011). <http://ec.europa.eu/commfrontoffice/publicopinion/archives/ebs/ebs_431_sum_en.pd>.
- Vitalik Buterin, ‘On Public and Private Blockchains’ (7 August 2015). <https://blog.ethereum.org/2015/08/07/on-public-and-private-blockchains/>.
- Wikipedia, ‘Blocks’ <https://en.bitcoin.it/wiki/Blocks>.