"Our goal is not merely providing GDPR-compliance for Blockchain, but rather using Blockchain to raise data protection levels in the digital world to new dimensions"
Christian Wirth & Michael Kolain
As soon as personal data is processed, European data protection law (esp. the GDPR) provides very strict rules that must be observed by data controllers and processors. This leads to a variety of problems, especially in the case of artificial intelligence (AI) systems and smart robotics, as the GDPR takes these new technologies insufficiently into account. By introducing the method of “Anonymity Assessment,” we propose an interdisciplinary approach to classifying anonymity and measuring the degree of pseudo-anonymization of a given data set in a legal and technical sense. The legal provisions of GDPR are therefore “translated” into mathematical equations. To this end, we propose two scores: the Objective Anonymity Score (OAS), which determines the risk of (re-)identifying a natural person under objective statistical measures; and the Subjective Anonymity Score (SAS), which takes into account the subjective perspective of data controllers or processors.
The Study about "Can distributed ledgers be squared with European data protection law?" done by the European Parliament acknowledges our contributions to classify Blockchain as a case of Joint Controllership (Art. 26 GDPR), demanding and drafting a Blockchain-based system to monitor the data controller's compliance.
The Journal of Banking and Financial Technology (Springer Verlag) writes about our latest Paper: "Chrisitan Wirth et al., also showed [66] how blockchain design can be compatible with General Data Protection Regulation (GDPR) act."
Our Contributions regarding developments in the field of Multichain Architectures as well as the fusion between Tech and Law have been recognized in: Edgar Rose, 18. DSRI-Herbstakademie, "RECHT 4.0 - Innovationen aus den rechtswissenschaftlichen Laboren", Heidelberg, 6.-9.9.2017, in: Computer und Recht (CR) 2017, R124-R125.
In collaboration with the German Institute for Standardization (DIN) our team developed the first
worldwide standard of its kind on handling personal data using blockchain technology.
Scope of the DIN SPEC: This DIN SPEC establishes general principles for and methods of handling personal
data in blockchain ecosystems. It specifies technical and organizational measures for
data protection while taking into account the principle of "privacy by design" as well
as specifications that are inspired by legal frameworks, such as GDPR.
The document defines relevant terms for both technical as well as legal
experts and establishes a methodological framework that helps to identify types of
data (encrypted and not encrypted) as well as methods of data processing that lead
to a positive or negative classification as "personal data" in blockchain scenarios.
This DIN SPEC is aimed towards establishing a high level of privacy in blockchain ecosystems.
This document is applicable to all IT systems using blockchain technology.