Abstract
The aim of this chapter is to assess the level of privacy available to cryptocurrency users. Even though privacy is often mentioned as a reason to use cryptocurrency, the privacy level is in reality quite low. This should first of all be explained because of the transparency of the transactions’ register and second of all because of the difficult applicability of data protection measures. This is being illustrated through the question of the applicability of the General Data Protection Regulation. In this respect, two principal maladjustments problems are addressed: those regarding the addressees of the General Data Protection Regulation’s provisions and those resulting from the immutability of the register. These uncertainties have tended to strengthen the development and use of anonymization techniques by the community to compensate the transparency of the register. The chapter finally addresses these techniques, their potential as a privacy-enhancement tool but also their limits to ensure users’ fundamental right to data protection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
See for example Herrera-Joancomartì and Pérez-Solà (2016).
- 2.
Badev and Chen (2014), p. 8.
- 3.
- 4.
Herrera-Joancomartì and Pérez-Solà (2016).
- 5.
Reid and Harrigan (2011).
- 6.
Herrera-Joancomartì and Pérez-Solà (2016).
- 7.
De Filippi (2017), p. 1.
- 8.
ECtHR. 2015. Brito Ferrinho Bexiga Villa-Nova v. Portugal 69436/10: §42.
- 9.
Idem: §44; ECtHR. 2015. M.N. and other v. San Marino 28005/12: §55.
- 10.
Idem.
- 11.
GDPR, Art. 4(2).
- 12.
GDPR, Recital 26.
- 13.
European Parliament, European Parliamentary Research Service. 2019. Blockchain and the General Data Protection Regulation, Can distributed ledgers be squared with European data protection law?, p. 27.
- 14.
See for example Berberich and Steiner (2016), p. 423.
- 15.
For example, the CNIL as well as the observatory and forum of the European Union on the blockchain has recognized the fact that public keys constitute personal data according to the definition given by the RGPD. See CNIL. 2018. Blockchain and the GDPR: Solutions for a responsible use of the blockchain in the context of personal data. See also European Blockchain Observatory and Forum. 2018. Blockchain and the GDPR.
- 16.
Rueckert (2019), p. 7.
- 17.
European Parliament, European Parliamentary Research Service. 2019. Blockchain and the General Data Protection Regulation, Can distributed ledgers be squared with European data protection law?
- 18.
Böhme et al. (2015), p. 221.
- 19.
European Commission. 2012. Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
- 20.
European Parliament, Committee on Economic and Monetary Affairs. 2017. Report on FinTech: the influence of technology on the future of the financial sector, p. 10.
- 21.
This may encompass for instance cryptocurrencies or smart contracts, Europol, Financial Intelligence Group. 2017. From suspicion to action—Converting financial intelligence into greater operational contact, p. 38.
- 22.
European Parliament, Committee on Economic and Monetary Affairs. 2017. Report on FinTech: the influence of technology on the future of the financial sector, pp. 10–14.
- 23.
De Filippi and Reymond (2018), p. 138.
- 24.
European Parliament, European Parliamentary Research Service. 2019. Blockchain and the General Data Protection Regulation, Can distributed ledgers be squared with European data protection law?, p. 76.
- 25.
European Parliament, Council. 1995. Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
- 26.
Idem, Art. 17(3) and 23(1).
- 27.
GDPR, Art. 79.
- 28.
Idem, Art. 4(7).
- 29.
Idem, Art. 4(8).
- 30.
Idem, Art. 4(2).
- 31.
European Parliament, Council of the European Union. 2018. Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.
- 32.
Waelbroeck (2017), p. 10.
- 33.
Idem, p. 13.
- 34.
Böhme et al. (2015), p. 221.
- 35.
This is for instance the approach that is taken by Matthias Berberick and Malgorzata Steiner in the context of blockchains: “A connection between pseudonymised data and the data subject will usually and necessarily arise in BC transactions effected for offchain goods, e.g. conversion into real money payments, purchase of goods or services, registration data, where the transaction parties must be known. Against that background, there is a strong case for arguing that individual related information on BC is personal data”. Berberich and Steiner (2016), p. 423.
- 36.
Van Ooijen and Ursic-Vrabec (2018), p. 92.
- 37.
See for example Charlies Fried who recognises the importance of choice and control about “facts that most persons in a given society choose not to reveal about themselves”, Parent (1983), p. 270. “Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves” Fried (1968) quoted in Solove et al. (2006), p. 39.
- 38.
According to the German Constitutional Court, the right to informational self-determination should be understood as the right for individuals to “decide in principle themselves when and within what limits personal matters are disclosed”, see German Constitutional Court. 2013. English Translation of essential parts of the German “Volkszählungsurteil” from 15 December 1983, which established in Germany the Basic Right on Informational Self-Determination.
- 39.
See for instance Rayan Calo who describes privacy harms as “the loss of control over information about oneself or one’s attributes” Calo (2011), p. 1134.
- 40.
Lazaro and Le Métayer (2015), p. 23.
- 41.
De Filippi (2017), p. 6.
- 42.
Reid and Harrigan (2011).
- 43.
See for example Zerocash, http://zerocash-project.org. Accessed on 10 November 2021.
- 44.
Möser (2013).
- 45.
Moerel and Prins (2016), p. 62.
- 46.
Solove (2013), p. 1901.
- 47.
Moerel and Prins (2016), p. 84 and the reference they make to Arnon Grunberg who argued for the introduction of the right to ignorance as a human right.
- 48.
See for example Kroll (2012).
- 49.
Lazaro and Le Métayer (2015), p. 21.
- 50.
“Therefore, it is possible in principle for someone to create, for ex, 100k bitcoin transactions between addresses they control before converting the bitcoins into another form. Reassembling such a chain of transactions, particularly if it needs to be done manually, would be at least very time consuming, if not impossible. Such a technique may form part of a complex laundering technique involving multiple individuals, VC and so on.” UNODC. 2014. Basic Manual on the Detection And Investigation of the Laundering of Crime Proceeds Using Virtual Currencies, p. 44.
- 51.
Feuvrier (2019).
- 52.
See for example Houben and Snyers (2018), p. 14.
- 53.
See for example the proposal made during a global conference on money laundering and digital currencies organised by the Basel Institute in 2017.
References
Androulaki, E., Karame, G. O., Roeschlin, M., Scherer, T., Capkun, S. (2013). Evaluating user privacy in Bitcoin. In A. R. Sadeghi (Eds.), Financial cryptography and data security. FC 2013. Lecture Notes in Computer Science (vol. 7859). Springer.
Badev, A., & Chen, M. (2014). Bitcoin: Technical background and data analysis. Finance and Economics Discussion Series. Division of Research & Statistics and Monetary Affairs Federal Reserve Board 2014-104. Board of Governors of the Federal Reserve System (U.S.).
Berberich, M., & Steiner, M. (2016). Blockchain technology and the GPDR – How to reconcile privacy and distributed ledgers. European Data Protection Law Review, 2(3).
Böhme, R., Christin, N., Edelman, B., & Moore, T. (2015). Bitcoin: Economics, technology and governance. Journal of Economic Perspectives, 29.
Calo, R. (2011). The boundaries of privacy harm. Indiana Law Journal, 86.
De Filippi, P. (2017). The interplay between decentralization and privacy: The case of blockchain technologies. Journal of Peer Production, (7).
De Filippi, P., & Reymond, M. (2018). Blockchain et droit à l’oubli. In T. Nitot & N. Cercy (Eds.), Numérique: reprendre le contrôle. https://hal.archives-ouvertes.fr/hal-01676888/document
Feuvrier, L. (2019). Bitcoin et lutte anti-blanchiment: la course à la réglementation. Journal du Coin. https://journalducoin.com/analyses/bitcoin-lutte-anti-blanchiment-course-reglementation/
Herrera-Joancomartì, J., & Pérez-Solà, C. (2016). Privacy in Bitcoin transactions: New challenges from blockchain scalability solutions. In V. Torra, Y. Narukawa, G. Navarro-Arribas, & C. Yañez (Eds.), Modeling decisions for artificial intelligence. 13th International Conference, MDAI 2016 Sant Julià de Lòria, Andorra, September 19–21, 2016 Proceedings, Springer.
Houben, R., & Snyers, A. (2018). Cryptocurrencies and blockchains. European Parliament, Policy Department for Economic, Scientific, and Quality of Life Policies.
Kaminstky, D. (2011). Black Ops of TCP/IP. https://www.blackhat.com/presentations/bh-asia-02/Kaminsky/bh-asia-02-kaminsky.pdf
Kroll, P. (2012). Take control of your personal data. European Commission – Directorate-General for Justice Publications Office of the European Union.
Lazaro, C., & Le Métayer, D. (2015). The control over personal data: True remedy or fairy tale? Project-Teams Privatics Research Report N° 8681. https://arxiv.org/ftp/arxiv/papers/1504/1504.03877.pdf
Moerel, L., & Prins, C. (2016). Privacy for the Homo Digitalis, proposal for a New Regulatory Framework for Data Protection in the Light of Big Data and the Internet of Things. Tilburg University. https://doi.org/10.2139/ssrn.2784123
Möser, M. (2013). Anonymity of Bitcoin transactions. An analysis of mixing services. Münster Bitcoin Conference. University of Münster. https://www.wi.uni-muenster.de/sites/wi/files/public/department/itsecurity/mbc13/mbc13-moeser-paper.pdf
Parent, W. (1983). Privacy, morality and the law. Philosophy and Public Affairs, 12.
Reid, F., & Harrigan, M. (2011). An analysis of anonymity in the Bitcoin system. In Y. Altshuler, Y. Elovici, A. Cremers, N. Aharony, & A. Pentland (Eds.), Security and privacy in social networks. Springer.
Rueckert, C. (2019). Cryptocurrencies and fundamental rights. Journal of Cybersecurity, 5(1).
Solove, D. (2013). Privacy self-management and the consent dilemma. Harvard Law Review, 126.
Solove, D., Rotenberg, M., & Schwartz, P. (Eds.). (2006). Privacy, information and technology. ASPEN Publisher.
Van Ooijen, I., & Ursic-Vrabec, H. (2018). Does the GDPR enhance consumers’ control over personal data? An analysis from a behavioural perspective. Journal of Consumer Policy, 42(1).
Waelbroeck, P. (2017). Les enjeux économiques de la blockchain. Annales des Mines – Réalités industrielles, 3.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Jolly, L. (2022). Ensuring the Protection of Privacy of Cryptocurrency Users: An Impossible Task?. In: Borges, G., Sorge, C. (eds) Law and Technology in a Global Digital Society. Springer, Cham. https://doi.org/10.1007/978-3-030-90513-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-90513-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90512-5
Online ISBN: 978-3-030-90513-2
eBook Packages: Law and CriminologyLaw and Criminology (R0)