Part 1 of this essay examines the technical background of web tracking as a means of collecting information for the purposes of marketing.[1] Part 2 deals with the data privacy implications of web tracking.[2]

Trackers use a number of different methods, such as browser cookies, fingerprints, IP-addresses and so forth, to track the behaviour of Internet users. They collect data on users and aggregate them into profiles, which can then be used as a basis for targeted advertising. Before the GDPR became applicable on 25 May 2018, sec. 15 para. 3 German Telemedia Act allowed providers of telemedia services to create pseudonymous user profiles for the purpose of advertising, market research or the adequate implementation of telemedia services. However, since 25 May 2018, the data privacy provisions in the German Telemedia Act are no longer applicable. As the ePrivacy Regulation is still under discussion, the lawfulness of online data processing is currently governed only by the GDPR.

Blockchain technology and the General Data Protection Regulation (GDPR) have both received considerable media attention. The GDPR was created against a backdrop of centralized data processing and does not take decentralized approaches such as blockchain into account. Accordingly, blockchain protocols and implementations pose significant challenges to the application of the GDPR. Notwithstanding, blockchain technology can also be seen as a means of data protection.

This three-part essay explores the application of the GDPR to blockchain-based data processing. Part one deals with the question of determining the data controller in blockchain systems because numerous responsibilities rest upon the data controller under the GDPR. This regulation is based on the assumption that there is always a data controller behind any processing of personal data. However, the data protection concept of ‘control’ does not accord with very notion of decentralized data processing.