Blockchain and Data Protection - the Investor's View
Articles
Legal
Blockchain / Digital Assets
Data / Technology / IP
As every investment, investments in projects token require solid due diligence. Hereby data protection is one aspect to take into account as well.
Dr. Martin Eckert
Legal Partner
Luca Hitz
Legal Partner
Blockchain projects are booming. Besides Bitcoin, ETH, Ripple and Dash there is a long list of other Token which can be acquired by investors and which have gained more and more attention as an investment opportunity. As every investment, investments in projects token require solid due diligence. Not only the project itself should be considered carefully but also the legal framework in the relevant jurisdictions. Hereby data protection is one aspect to take into account as well. According to the EU General Data Protection Regulation (GDPR), which is entered into force on May 25th, 2018 the non-compliant organisation or person can also be faced with heavy fines and compensation and liability payments toward any person who has suffered material or non-material damage as a result of an infringement. The extensive control and sanctioning powers of the data protection authorities must not be underestimated. Non-compliance with data protection regulations can jeopardize blockchain projects and business models by orders from data protection authorities. All this can have a significant effect on the value of a token.
How can an investor avoid pitfalls?
Generally, an investor should make sure that the project complies with the highest standards. As the blockchain is global by nature, we recommend the GDPR as standard for the blockchain projects. The EU legislation is generally user friendly, however, sometimes difficult to comply with. The main issues for the blockchain technology with regard to data protection is the right to rectification and the right to be forgotten as provided in Art. 16 and 17 GDPR. Furthermore, the GDPR requires privacy by design and by default and in some cases* prior to the processing of data a Data Protection Impact Assessment (DPIA).
In order to ensure that the project in which the investor wants to invest in takes data protection serious, the investor should carefully study the whitepaper and check whether the project has addressed data protection issues and taken adequate measures (such as privacy by design and DPIA). At best the project has a privacy certificate, which confirms that all data protection requirements are met (such as the ePrivacy seal; www.eprivacy.eu).
The blockchain technology is still in its infancy and not all legal questions are clarified yet. Consequently, it is very important for a diligent investor to have an eye on the development of the legal environment, especially regarding data protection issues. Data protection will not only have an impact on the success of the project but in the long run also have a negative or positive impact on the value of any token.
*In particular when new technologies are used and this is likely to result in a high risk to the rights and freedoms of a natural person.
