In recent years, blockchain technology has triggered public and legal debates among others, regarding its tension with the GDPR. For instance, the GDPR is predicated on the idea that in each data processing activity, there is always at least one natural or legal person (“data controller”) who is accountable for compliance and can be requested to fulfill the rights of data subjects. However, the polycentric nature of blockchains seems to challenge this logic. Furthermore, it is practically impossible to delete the data on the blocks, which further endangers the applicability of the right to be forgotten. At the same time, the European Digital Identity Regulation proposal amending the eIDAS Regulation, is opening the way for new regulatory technical measurements, including tamper-proof electronic ledgers. It also includes references to self-sovereign identification, timestamps, and data integrity, giving stakeholders evidence of identity verification.
Consequently, stakeholders are confronted with several legal issues in developing blockchain-based identity management systems, including trust service providers defined in the eIDAS and the proposal.
This panel will focus on the interplay between the GDPR and the proposed eIDAS 2.0; state-of-the-art blockchain-based identity management systems, including Self-Sovereign Identity and biometric recognition. The aim is to provide a brief overview of the applications’ main components, taking into account the opportunities and challenges for data protection. The panel will discuss, among others, the following:
• What is the rationale for the use of blockchain-based identity management systems?
• How do such infrastructures operate?
• What are the benefits and risks of such systems?
• What are the legal challenges for fundamental rights and freedoms and data protection, particularly when biometric data are integrated into these systems?
• What could be the safeguards against the discussed risks?