Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: Law Society and TLA produce legal and regulatory guidance report on blockchain, outlines steps to prevent identification and calls for guidance on DPIA

The Law Society announced, on 7 September 2020, that it had produced a legal and regulatory guidance report ('the Report') with the Tech London Advocates' ('TLA') Blockchain Legal and Regulatory Group, which sets out key recommendations for legal practitioners on the many aspects relating to distributed ledger technologies ('DLT'), including data protection and data governance. In particular, the Report notes that further guidance is required from data protection authorities in relation to a risk approach in assessing whether or not information constitutes personal data, as assumed by Recital 26 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), particularly in relation to how such data is stored, transferred, and expressed on DLT and blockchain platforms. In addition, the Report highlights that currently, there is no legal certainty for developers who wish to handle public keys in a GDPR compliant manner and in relation to the steps to be taken to prevent identification when using blockchain technology.

Moreover, the Report outlines questions to be answered by the Information Commissioner's Office ('ICO') and other data protection authorities, including whether the use of blockchain triggers an obligation to carry out a Data Protection Impact Assessment ('DPIA'), how erasure should be interpreted for the purposes of Article 17 of the GDPR in the context of blockchain technologies, and whether a data subject can be a data controller in relation to personal data that relates to them, particularly in the context of a data subject operating a node on a DLT or blockchain platform. In addition, the Report recommends steps to prevent the identification of natural persons which include using hash-based pseudonyms instead of clear-text identifiers, and keeping details of each party's identity off-chain to enable it to be modified and deleted.

You can read the press release here and the Report here.