Page 0031

4 - Fair processing notices

Lastly, the creation of a governance framework will

enable network members to comply with Articles 13

and 14 of the GDPR, which oblige data controllers to

provide data subjects with fair processing information

(i.e. privacy notices). The obligation to provide fair

processing information is triggered either when personal

data is collected directly from the data subject, or indeed

when personal data is obtained from someone other

than the data subject.25 In either case, the data controller

must provide data subjects with certain categories of

information, including the contact information of the

data controller, the purposes for which the data are being

processed, the recipients of the personal data, and the

data controller's intent to transfer personal data to certain

third countries.26 Additionally, the data controllers must

remind the data subjects of their rights under the GDPR,

including their rights to request access to and rectification

or erasure of personal data.27

A clear governance framework would enable network

members to operate the network in coordination while

clarifying each member's role in the network. This

framework provides the means for members to easily

identify which of them must provide fair processing

information and uphold other data subjects' rights.

The framework solution allows members to create

a cumulative document containing the information

required by Articles 13 and 14 for each data controller.

Lastly, the framework can obligate network members

to make this information available to the public, either

by requiring the members to create and maintain an

easily accessible website disclosing the fair processing

information, or by requiring the members to individually

(or collectively) provide fair processing information to any

data subjects whose data the members collect and obtain.

B

Buiding the governance framework:

key requirements

A complete catalogue of everything that should be

addressed in a contractual governance framework for a

blockchain network is beyond the scope of this paper. For

example, a governance framework should also deal with

various issues not related to data protection, such as rules

around joining or exiting the network, audit requirements

and practices, ownership of intellectual property and

rights in blockchain data, permitted and prohibited

conduct, remediation requirements when governance

violations are identified, dispute resolution, and governing

law and jurisdiction (to name but a few). From a

data protection and privacy perspective, the governance

framework should:

• be contractually binding on all participants in the

blockchain network;

• implement the GDPR-required provisions for data

processing, joint controllers, the model clauses for

transferring personal data outside the EEA, and the

making available of fair processing notices;

• establish a process for data subjects to exercise their

rights under the GDPR, including a procedure to notify

other data controllers to delete personal data when

a request is received by one network member (see

below); and

• provide mechanisms to achieve data minimisation,

privacy by design, risk mitigation and permit the

removal of personal data that is no longer required

(see below).

GDPR and the Blockchain I 29

GDPR and the Blockchain I 29

Index

  1. Page 0001
  2. Page 0002
  3. Page 0003
  4. Page 0004
  5. Page 0005
  6. Page 0006
  7. Page 0007
  8. Page 0008
  9. Page 0009
  10. Page 0010
  11. Page 0011
  12. Page 0012
  13. Page 0013
  14. Page 0014
  15. Page 0015
  16. Page 0016
  17. Page 0017
  18. Page 0018
  19. Page 0019
  20. Page 0020
  21. Page 0021
  22. Page 0022
  23. Page 0023
  24. Page 0024
  25. Page 0025
  26. Page 0026
  27. Page 0027
  28. Page 0028
  29. Page 0029
  30. Page 0030
  31. Page 0031
  32. Page 0032
  33. Page 0033
  34. Page 0034
  35. Page 0035
  36. Page 0036
  37. Page 0037
  38. Page 0038
  39. Page 0039
  40. Page 0040
  41. Page 0041
  42. Page 0042
  43. Page 0043
  44. Page 0044
  45. Page 0045
  46. Page 0046
  47. Page 0047
  48. Page 0048
  49. Page 0049
  50. Page 0050
  51. Page 0051
  52. Page 0052