Smart contracts and personal data

Smart contracts are algorithms that are stored in a blockchain and execute automated decisions. To the extent that these decisions may significantly affect individuals or profile them, the requirements set out in Article 22 of the GDPR must be considered from the design and incorporate the necessary safeguards and measures to protect the rights of data subjects.

Smart contracts are algorithms that are executed without human intervention in a blockchain. When the result of the same has a significant impact on natural persons, or profiles are drawn up, the requirements established in Article 22 of the GDPR must be considered from the design. This implies that, when designing or selecting the blockchain on which a service is to be deployed, the conditions that lift the prohibition of such processing will have to be determined, in addition to incorporating the guarantees and measures to protect the rights of data subjects. These measures will include, as a minimum, human intervention by the controller and the possibility for the data subject to challenge such automated decision.

Smart contracts are one of the most widely used and well-known applications of blockchain along with cryptocurrencies. Despite its name, a smart contract is nothing more than a program (an algorithm) that is stored in the nodes of a blockchain and executes automated decisions. These decisions can be of a financial nature, such as virtual currencies passing from one user to another, but also of another type, such as managing data relating to the digital identity of a natural person.

Smart contracts can be included in the blockchain by its designers and managers, but they can also be realized by anyone who wants to create a new service on a blockchain, for example, automatic services of betting, buying, and selling, notary services, document certifications, financial, investments in digital assets, verification of digital identities, etc.

Smart Contracts: how they work, types and much more

In theory, the smart contract does not access external data and the information it uses is the data stored in the blockchain itself. However, there is an instrument that allows the smart contract to access the world outside the blockchain. This instrument is called an “oracle” and allows the internal states of the blockchain to be updated based on information external to the blockchain, by performing a new transaction. Some “oracles” operate autonomously and are even offered as third-party services. When a transaction is carried out on a smart contract, events can be generated that leave a record with additional information to the transaction itself in the blockchain (logs), which is accessible and can be consulted and used by external applications.

In turn, sometimes even the decision of when such smart contracts are executed is beyond the control of any physical person. In such cases, the programs will be executed automatically when transactions are made on them upon detecting that some event has occurred, such as a change in the blockchain, outside the blockchain, or the execution of another previous transaction.

As mentioned above, the result of smart contracts is reflected in a change in the state of the information stored in the blockchain, which in turn is automatically recorded in the blockchain itself. These changes can cause other smart contracts to be executed in cascade or could even cause contracts from different services or blockchains to be executed (there always being a transaction that initiates the process).

A smart contract is intended to, once deployed, and validated on the blockchain, remain invariant, since otherwise it would produce a detectable inconsistency in the chain. The philosophy behind the smart contract is, as Lawrence Lessig stated in his book “Code and Other Laws of Cyberspace” in 1999, “CODE IS LAW“. This expression, which can be translated as “the algorithm is the law”, aims to eliminate the human factor in decision-making and make it rest solely on a computer program. In this way, it seeks to create an environment in which human laws and principles, and the execution of humans themselves, are ineffective.

However, since a smart contract is a computer program made by people, it is susceptible to programming errors, unexpected or unknown behaviors by the programmer, or the existence of vulnerabilities. In addition, other elements that make up the blockchain environment, such as the oracles mentioned above, DApps (traditional software applications that allow people to interact with the blockchain and smart contracts), wallets, exchange bureaus, etc., can be manipulated to cause errors in smart contracts.

This circumstance is more common than we might think and can generate a set of fraudulent data that the blockchain governance model does not contemplate correcting. In relation to the latter, in the face of errors produced in smart contracts that have had serious economic consequences, transgressions have been made to said immutability in the interpretation of contracts. These transgressions have had a significant impact due to the failure to foresee these circumstances and the lack of governance models to manage them. An example is the well-known DAO Fork of Ethereum which, due to a massive appropriation of assets caused by a programming error, forced human intervention with the consequent inconsistency, and a conflict between the participants in the blockchain, which materialized in the bifurcation and separation of the blockchain into two different blockchain networks, with a different cryptocurrency for each of them.

From the above, a smart contract can produce automated decisions that could have legal effects or significantly affect the interested party causing, for example, economic losses, loss of rights to digital or material goods, fraud of any kind, etc. In turn, this type of contract generates and stores new data of the data subjects in the blockchain which, for example, could be used to create a profile of the data subject if digital identity data is being processed.

The very nature of the smart contract, when applied on data of natural persons, falls within the scope defined by Article 22 of the GDPR. This refers to the right of a data subject not to be subject to decisions based solely on automated means, including profiling, where such decisions have legal effects on him or her or significantly affect him or her.

Paragraph 2 of the article establishes three exceptions to this prohibition: explicit consent, the conclusion or performance of a contract between the data subject and a data controller, or the existence of an enabling law. In any of the cases, it is necessary to identify a controller figure in the execution of such a smart contract.

Given the nature of a smart contract, the sophistication and complexity it can reach, and the blockchain environment where it is deployed and executed, it is not immediately possible to ensure or affirm the validity of the conclusion of a contract between the data controller and the data subject or to consider it as a contract in the strict legal sense. It is also difficult to ensure that the data subject’s express, unambiguous, specific, and informed consent to the processing of his or her data can always materialize, in order to be considered as one of the exceptions allowed under Article 22 of the GDPR.

But even if these exceptions apply in each case, Article 22 of the GDPR itself obliges the controller to take measures to safeguard the data subject’s rights. The regulation specifies at least two safeguards expressly and as a minimum: human intervention by the controller, and the data subject being able to challenge the automated decision. However, other safeguards that may be necessary are data protection policies, governance measures for the service provided, effectiveness beyond the mandatory minimum for exercising rights, as well as protection measures by design, by default, security measures and measures for managing, notifying, and communicating personal data breaches depending on the risk to the rights and freedoms of data subjects.

You got lots of information for smart contracts. Now you know all about it. Venice Swap is smart contract that built in Ethereum and Polygon networks. Trade on Venice Swap.

Add Comment