PT Journal
AU Maurice, S
TI Conceptualizations of the controller in permissionless blockchains
SO JIPITEC
PY 2020
BP 215
EP 227
VL 11
IS 2
DE Blockchain; Controller; GDPR; permissionsless Blockchain
AB The relationship between blockchain and the General Data Protection Regulation (hereinafter GDPR) is often described as problematic.  This article addresses one of the problems blockchain faces: who is/are the controller(s) in a blockchain context? This article demonstrates that it is particularly difficult to identify the controller in blockchain applications that are integrated in the core code of a permissionless blockchain. The P2P character of blockchains, with its broad distribution of responsibilities, makes it difficult to ascertain who is able to determine purposes and means of the processing of data. In order to structure the discussion, this article develops three conceptualizations of cooperation within a blockchain. These conceptualizations give different perspectives on the relations between the actors in a blockchain that are potential controllers. The article identifies who is most likely to be the controller in the different conceptualizations and gives indications about the extent to which the controllers are able to exercise their responsibilities.  A problem is that an adequate exercise of responsibility requires coordination within the blockchain. However, the system that normally takes care of coordination in a permissionless blockchain – the crypto-economic incentive system – is at present not able to provide adequate data protection.
ER