Philipp Quiel, LL.M. works as a Senior Associate at reuschlaw Legal Consultants and is one of the Co-Editors of the legal journal “Datenschutz-Berater”. Before working for resuschlaw, Mr. Quiel worked for the data protection team at CMS Hasche Sigle (Munich) and before that at datenschutz nord GmbH (Berlin). Philipp Quiel is certified as DPO by Maastricht University, Faculty of Law and wrote his Master Thesis about “Blockchain Technology in the light of European Union Data Protection Law”. Mr. Quiel advises mainly on German and European Data Protection and IT Law and has published articles in legal journals on questions around Data Protection Law and is currently writing a PhD Thesis dealing with Data Protection Law.
How far can a Contract Serve as a Justification for Permanent Storage on a Blockchain?
Identifying an appropriate legal basis for the processing of personal data with blockchain technology is key. Only if a legal basis is applicable, the processing of personal data can be justified. Art. 6 (1) b GDPR is (in general) applicable, if data processing is necessary for the performance of a contract with the data subject. While the EDPB is convinced of it’s “core contract view” some legal scholars have developed other approaches that seem closer to the legal provisions under the GDPR.
This presentation focuses on possibilities to justify processing of personal data with blockchain technology based on Art. 6 (1) b GDPR. While doing so, a look at the different outcomes when following the approach of the EDPB on the one hand and when following the “concrete abstract approach” developed in legal literature on the other hand is taken. Additionally, the presentation looks at possibilities to conclude contracts in both permissionless and permissioned blockchain systems and it is also asked, who should contract with whom and what happens, if one of the contacting parties terminates a contract.