Dennis Hillemann is a partner with KPMG Law with a specialization in administrative law. He advises and represents federal and state authorities, universities and companies in public law and constitutional law. As a fan of blockchain technology, he also promotes its dissemination in the public sector with his podcast. Dennis acts as a speaker on the opportunities of technology across Europe, most recently in September in Paris at the OECD Global Blockchain Policy Forum.
Can the Household exemption be applied on privately motivated but public Blockchain transactions?
An exception to the material scope of the GDRP in connection with blockchain technology (CNIL opinion)
Exceptions in the GDRP system in connection with the blockchain technology are a controversial law institute in jurisprudence. Controversial is also the application of the exemption from the material scope with respect to the processing of personal data by a natural person in the course of a purely personal or household activity: and thus without any reference to a professional or economic activity. This exception is systematically covered by Article 2 para 2 c) GDRP and the corresponding recital No. 18 for the GDRP. These concern “the processing of personal data by a natural person
in the course of a purely personal or household activity: and thus without any reference to a professional or economic activity”. Nevertheless, the classification of the processing as processing in the course of a purely personal or household activity is problematic, since the classification of the actors in the blockchain applications encounters legitimate difficulties. When looking at solutions, one also encounters the well differentiating opinion of the French CNIL. The view of CNIL, according to which the GDRP does not apply, if a blockchain is used only for personal purposes, for example for a Bitcoin transaction, represents a successful solution, particularly since CNIL justified the legitimate differentiation between the actors (Miner, Software Developers and joint controllers for processing). Besides, the CNIL is aware of the practical difficulties in public blockchains and points out that this remains reserved for a deeper consideration.
Conference on Blockchain & GDPR, Berlin, November 26th, 2019, 9:30am – 6:00pm