Chapter 2 Data privacy Flashcards
What is a processor?
A processor is a party that processes personal data on behalf of the controller and serves the aims set by the controller.
Why do processors have fewer obligations under GDPR?
Because they lack a critical aspect of autonomy when processing data.
When can processing of data be lawful?
If a data subject consents to it, as long as such consent if freely given, specific, informed and unambiguous.
What is personal data?
Data that can identify the data subject
Explain the case of Breyer and its importance.
Even dynamic IP addresses, associated with an internet user’s computer, could qualify as personal data on the basis that the addresses could relate to an identifiable user when combined with the account data held by the user’s internet service provider (ISP).
Just because one person cannot identify an individual with the information they possess, the fact that the second party (ISP) has additional information that could identify the individual in combination with the first information, is enough to regard the data of the first party as personal data.
Does GDPR apply on encrypted date on the blockchain?
The GDPR expressly applies to pseudonymised data and encryption techniques are treated merely as a matter of data security rather than a means of anonymising data.
What is an option to fall outside of the scope of the GDPR?
To completely anonmyse the personal data.
What is the challenge with anonmysing data to fall outside of the scope of GDPR?
There is no clarity yet to what it takes to anonmyse the personal data to the point where it can be safely stored on the blockchain.
When might indefinite retention of personal data on the blockchain be justified?
A blockchain reflecting shifting rights in property or some other asset.
When can an erasure request ben denied?
When the processing relates to freedom of expression , implicates public interests and/or relates to an overriding legal obligation.
Why is it difficult to delete information from the blockchain?
Each block is produced by generating a hash using information derived from a transaction, with links to the hash in the preceding block. As each block becomes affixed tot he previous block ad infinitium, the ability to delete or amend a block in the chain becomes almost impossible because of the knock-on effect this would have on all other blocks.
What is a risk when deleting information from the blockchain?
This weakens the reliability of the ledger, undermining one of the most appealing features of the blockchain as compared with traditional ledger systems.
Explain the concept of off-chain.
The bulk of data is stored off-chain with only a hash of data on the chain which points to the off-chain record.
What is the aim of off-chain?
This is to limit the amount and quality of the data which could not be erased.