Questions on privacy and blockchain are the source of great debate, especially given its diametrically opposed characteristics.
Lessons learned in the development of cloud computing can assist analysis of data protection in relation to blockchain projects. In particular, as is the case in cloud computing, there is no one-size-fits-all solution for blockchain, given the huge diversity of architectures and use cases.
One of the key characteristic to note is that blockchain systems do not rely on a single provider of storage or computing resources. Each user of the blockchain uses his or her computing resources, on a peer-to-peer basis. Moreover, each user has a complete copy of the distributed ledger on his or her own computer.
Consequently, the user of a blockchain system may at the same time be data controller for the data that he or she uploads onto the blockchain, and data processor by virtue of storing the full copy of the blockchain on his or her own computer. As such, this classification in and of itself is something that policy makers and regulators struggle to grapple with. To add another layer to this, with the blockchain being borderless and the data processor and data controller potentially being in any country in the world, the application of legislation is also quite difficult.
Finally, there is also an important question to address as to whether there is a difference between anonymity and pseudonymity and how this will be treated by data protection and privacy laws.