Bibliographie sélective OHADA

Data gatekeepers (data controllers and processors) that use blockchain for data transfer effectively enjoy limited liability for violations of the GDPR. This is due to the fact that applying the GDPR’s data gatekeeper system of liability to a decentralized technology such as blockchain is difficult for three reasons. Firstly, identifying data gatekeepers on the blockchain can only be done by either assigning data gatekeeper roles to actors on the blockchain, or structuring the blockchain as private or permissioned one, so as to fit with GDPR requirements. Neither of these approaches provides a universally applicable and satisfactory method for privacy protection. Secondly, because of their knowledge and investment in infrastructure, large data gatekeepers such as IBM, Amazon and Microsoft have an informational advantage over data protection authorities (DPAs) and an additional protective layer against liability, as their blockchain infrastructure is used by other businesses and corporations that are primarily liable for data processing. Finally, administrative fines and reputational damages for non-compliance with the GDPR are insufficient deterrents for large data gatekeepers, whereas damages awarded to individual data subjects for data gatekeepers’ violations of GDPR are extremely low and too costly to obtain.

Compliance with the GDPR while using blockchain technology for data processing results in compliance issues, due to the fact that the blockchain and the GDPR employ different methods to ensure privacy-by-design and privacy-by-default. The blockchain is built on disintermediation and relative decentralization, whereas the GDPR aims for re-intermediation and relative centralization of the data protection process. This paper provides an overview of and suggestions on how to secure compliance with the GDPR while processing data using the blockchain. A focus is placed on the data protection impact assessment on the blockchain network, issues in identifying and determining the role(s) of sole and joint data controllers and data processors, obstacles to exercising the right to rectification and right to be forgotten when the data is recorded on the blockchain, GDPR data transfer requirements as applied to the blockchain, and the protection of privacy in the process of creating blockchain-based smart contracts.