DATA PROTECTION
Spain: AEPD publishes guidance on smart contracts in blockchain and personal data
The Spanish data protection authority ('AEPD') published guidance on smart contracts in blockchain and personal data. In particular, the guidance provides that smart contracts are algorithms that run without human intervention on a blockchain and when the result of the same has a significant impact on natural persons, or elaborate profiles, the requirements under Article 22 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') must be taken into account.
Moreover, the guidance stipulates that a smart contract is a program i.e. an algorithm that is stored on the nodes of a blockchain, which executes automated decisions on e.g. financial nature and managing data related to digital identity of a natural person. Alongside to the obligations under Article 22 of the GDPR, the guidance notes that the following safeguards may also be necessary when using smart contracts:
You can read the guidance, only available in Spanish, here.
Moreover, the guidance stipulates that a smart contract is a program i.e. an algorithm that is stored on the nodes of a blockchain, which executes automated decisions on e.g. financial nature and managing data related to digital identity of a natural person. Alongside to the obligations under Article 22 of the GDPR, the guidance notes that the following safeguards may also be necessary when using smart contracts:
- data protection policies;
- governance measures of the services provided;
- effectiveness beyond the mandatory minimum of exercise of rights and protection measures by design and by default;
- security and management measures; and
- notification and communication of personal data breaches based on the risk to the rights and freedoms of the interested parties.
You can read the guidance, only available in Spanish, here.
