Digital ledger technology and its future with GDPR

Abstract

Throughout this work titled ‘Digital Ledger Technology and its Future with GDPR’, the author aims to examine and address the future that lies ahead for DLT-based applications in relation to the provisions of the recently enacted General Data Protection Regulation (‘GDPR’). This analysis is performed by first considering whether data which is stored within a DLTbased application is indeed subject to the scope of the GDPR. This consideration leads to the determination that both the public keys and the transactional data found within a DLT-based application fall within the remit of the provisions of the GDPR. The work presented proceeds to examine whether important roles set out within the GDPR such as the data controller and the data processor can be successfully established, while retaining the ability to operate as a regulatory point of control as required by the GDPR.

The research undertaken indicates that it will be very challenging for permissionless DLTbased applications to comply with the relevant provisions of the GDPR. This is mainly because all the users within a public DLT-based application have the potential to be considered as data controllers whilst retaining no control over the data transacted within the network. The work presented then proceeds to analyse whether or not DLT-based applications retain the ability to successfully safeguard and uphold the rights of data subjects within the network.

This analysis leads to the overall conclusion that it will be very difficult for DLT-based applications to uphold the rights of data subjects, due to the technological nature of such applications. The trustless, decentralised and immutable nature of DLT-based applications provides that it will be impossible for public DLT-based applications to comply with the provisions of the GDPR. Moreover, in the future, a rethinking of the legislation may be required so as to allow DLT-based applications space to develop and realise their potential.