ATTENTION/WARNING - NE PAS DÉPOSER ICI/DO NOT SUBMIT HERE

Ceci est la version de TEST de DIAL.mem. Veuillez ne pas soumettre votre mémoire sur ce site mais bien à l'URL suivante: 'https://thesis.dial.uclouvain.be'.
This is the TEST version of DIAL.mem. Please use the following URL to submit your master thesis: 'https://thesis.dial.uclouvain.be'.
 

Implementing GDPR's Right to be Forgotten (GDPR, Art. 17) in Blockchain: Decentralization and Immutability Challenges

Luca, Ana-Maria
(2024)

Files

LUCA_82782000_2024.pdf
  • Closed access
  • Adobe PDF
  • 1.16 MB

Details

Supervisors
Alain Strowel
Faculty
Faculté de droit et de criminologie
Degree label
Master [120] en droit, à finalité spécialisée: Droit de l'entreprise
Abstract
The transformational power of blockchain technology on data storage and processing cannot be overstated. Based on three fundamental principles—transparency, decentralization, and immutability—blockchain has brought in a new age of trust and security. Blockchain's decentralized nature, aided by a peer-to-peer network, redefines trust dynamics by removing the requirement for a central institution. While decentralization improves data integrity and security, it complicates transaction approval time. Transparency, a fundamental blockchain concept, promotes traceability while protecting anonymity by publishing only public addresses. Immutability, or the ability to remain unchanged, instills trust among parties but offers difficulties in dealing with errors or unanimous consent to annul transactions. The following research digs into the connection between blockchain's decentralized and immutable nature and the General Data Protection Regulation (GDPR), especially regarding the right to be forgotten (GDPR, art. 17). One crucial question arises: Who must comply with GDPR and react to data subject requests? The controller is the focal point. Three types of blockchains have varying degrees of decentralization: private, consortium, and public. The private blockchain runs within a single organization, allowing the controller to be centralized. Joint controllership is used in a consortium blockchain, necessitating unambiguous agreements among cooperating companies. Because public blockchains are open to anyone, defining controllership presents complicated issues, with nodes and users designated entities wielding the most power. The study then focuses on blockchain's immutability and the inherent difficulties in removing data from a system built to resist alteration. Seven ways have been identified, divided between those implementing the right to be forgotten by design and more aggressive approaches, including infrastructure assaults. External data storage connected via hashes, encryption with critical destruction, exploiting flaws in cryptographic methods, and strategic alterations via smart contracts are all investigated. Private blockchains and consortiums may use 51% and Sybil attacks to compel changes.