The table below sets out some key distinctions between public blockchains and private distributed ledger implementations in terms of the likely application of data protection laws.
PUBLIC BLOCKCHAIN
DISTRIBUTED LEDGER
ISSUE
All data including commercially sensitive data (eg, prices) and data subject to regulation (eg, personally identifying) is passed to all participants. As such, every participant has to comply with data protection laws in the jurisdiction they are in, including in respect of subsequent cross-border transfers of that data.
Some private distributed ledgers pass data only to those who are party to a deal. Private distributed ledgers on which all participants are known will have in place contractual agreements such as service level agreements between the ledger operator and the participants, which would establish liability, including limitations of liability, so the existing legal framework can be referred to.
Data privacy
There is no necessary relationship between each node. Therefore, there are no contractual arrangements between participants that can facilitate data protection compliance across the board.
The data being shared between nodes is effectively the same data that is shared in traditional confirmations between banks today. Thus, there are contractual agreements in place between the participants that can ensure data protection compliance.
Rights of end users
Since data is broadcast to every node on the network and there is no permissioning to control who is on the network, it is not possible to control the flow of sensitive data crossborder. Public blockchains will not be able to meet the relevant cross-border transfer requirements.
Clear contractual obligations and rules can be established between identified participants to limit the flow of sensitive data. Processes can be established to meet the relevant cross-border transfer requirements.
Cross-border transfer of data
Data Privacy
down-arrow-2-v1up-arrow-v1
Responsibility for compliance
down-arrow-2-v1up-arrow-v1
Rights of end users
down-arrow-2-v1up-arrow-v1
Cross-border transfer of data
down-arrow-2-v1up-arrow-v1
Each node deals with the data it receives as a fully autonomous operator, meaning that each participant is likely to be required to comply as an independent controller of the personal data it receives.
Each node receives only the data that is relevant to it. Some jurisdictions, particularly in the EU, make a clear distinction between data "controllers" and data "processors," and apply different compliance standards. Many other jurisdictions, however, do not make this distinction.
Responsibility for compliance
BLOCKCHAINS VERSUS DISTRIBUTED LEDGERS
GLOBAL DATA PROTECTION LAW
BLOCKCHAINS VERSUS DISTRIBUTED LEDGERS
DATA PROTECTION LAWS IN VARIOUS JURISDICTION
RETURN TO BAKERMCKENZIE.COM
white-banner-arrow-2
HOME
WHAT ARE BLOCKCHAINS?
KEY ISSUES
Red-Menu-ArrowUp-Red-Menu-Arrow
CONTACTS
INTRODUCTION
CONCLUSION
hamburgerx-toc
Baker-McKenzie-New-Logos
LinkedinTwitterEmail
KEY ISSUES
Red-Menu-Arrow
WHAT ARE BLOCKCHAINS?
CONCLUSION
CONTACTS
LinkedinTwitterEmail
HOME
INTRODUCTION