3

The Bitcoin blockchain stores data about bitcoin users. This includes:

  • There bitcoin address, which is linkable to their identity via blockchain analysis
  • Transactions they have made

This would seem to constitute personal data. Would a bitcoin node need consent from any EU citizen who has data on the blockchain? What if an EU citizen made a GDPR request to have their data removed from the blockchain? What about other cryptocurrencies, like Monero, that store transactions but not monero addresses or amounts?

Note that almost any cryptocurrency blockchain can also store arbitrary data (in case the above would not count), although this would be considered a "misuse" of the blockchain in most cases. (There are some blockchains that are designed for arbitrary data storage, however.)

Christopher King
  • 1,754
  • 3
  • 16
  • 21

1 Answers1

2

No, consent is not required. There are six lawful bases for processing personal data, see Art. 6. A bitcoin node can base it processing on "performance of a contract" (adding data to the blockchain) or "legitimate interests" (processing existing data).

Bitcoin nodes can be considered joint controllers (Art. 26) because they vote and choose a fork to follow. So the right of erasure (Art. 17) can be exercised against each node. As erasure is not possible in the blockchain, the bitcoin node could have a huge problem. But note that the right of erasure also has conditions, in most cases it is not possible to request erasure.

Of course, the above only applies to the processing of personal data. So it has to be determined first whether personal data is processed. I don't know any details about Monero, so I can't answer that question.

BlueDogRanch
  • 19,184
  • 5
  • 37
  • 62
wimh
  • 2,925
  • 12
  • 16