Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IAPP Exam CIPP-E Topic 4 Question 84 Discussion

Actual exam question for IAPP's CIPP-E exam
Question #: 84
Topic #: 4
[All CIPP-E Questions]

Since blockchain transactions are classified as pseudonymous, are they considered to be within the material scope of the GDPR, or outside of it?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to the GDPR, the material scope of the regulation covers the processing of personal data wholly or partly by automated means, or by non-automated means if the data forms part of a filing system or is intended to form part of a filing system (Article 2(1)). Personal data is defined as any information relating to an identified or identifiable natural person (data subject) (Article 4(1)). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4(1)). Therefore, pseudonymous data, such as blockchain transactions that use public keys or other identifiers, may still fall within the definition of personal data if the data subject can be identified or re-identified by using additional information or means (Recital 26).

The GDPR also applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the European Union, regardless of whether the processing takes place in the European Union or not (Article 3(1)). The GDPR also applies to the processing of personal data of data subjects who are in the European Union by a controller or processor not established in the European Union, where the processing activities are related to the offering of goods or services to such data subjects in the European Union or the monitoring of their behaviour as far as their behaviour takes place within the European Union (Article 3(2)). Therefore, the territorial scope of the GDPR covers both controllers and processors established in the European Union, and controllers and processors not established in the European Union but targeting or monitoring data subjects in the European Union.

In this scenario, blockchain transactions are classified as pseudonymous data, which may still be considered as personal data under the GDPR if the data subjects can be identified or re-identified. Therefore, such transactions are within the material scope of the GDPR, as they involve the processing of personal data by automated means. However, the GDPR only applies to such transactions to the extent that they include data subjects in the European Union, either by having a controller or processor established in the European Union, or by offering goods or services to or monitoring the behaviour of such data subjects. Therefore, the answer is C.


Contribute your Thoughts:

Brock
6 months ago
I think blockchains being decentralized could mean they are within the scope but outside the territorial scope of the GDPR.
upvoted 0 times
...
Geraldine
6 months ago
That's a good point, it could mean they are within the material scope of the GDPR.
upvoted 0 times
...
Felix
6 months ago
But what about the fact that transactions could involve data subjects in the EU?
upvoted 0 times
...
Belen
6 months ago
I disagree, I believe they are outside the material scope because they do not include personal data about data subjects in the EU.
upvoted 0 times
...
Geraldine
6 months ago
I think blockchain transactions should be within the material scope of the GDPR.
upvoted 0 times
...
Cristy
7 months ago
I think blockchains being decentralized could impact their territorial scope under the GDPR.
upvoted 0 times
...
Geraldine
7 months ago
I see your point, but I think transactions involving data subjects in the EU fall under the GDPR.
upvoted 0 times
...
Salome
7 months ago
I disagree, I believe they are outside the material scope because they do not include personal data about data subjects in the EU.
upvoted 0 times
...
Jody
7 months ago
I think blockchain transactions are within the material scope of the GDPR.
upvoted 0 times
...
Edna
8 months ago
Ah, good point! I hadn't even considered that. But then again, I'm not sure if the GDPR makes that kind of distinction. Hmm, this is getting tricky. I'm still leaning towards C, but B is an interesting option too.
upvoted 0 times
...
Valentin
8 months ago
Guys, guys, hold up. What about option B? Aren't blockchain transactions for 'personal or household purposes'? I mean, a lot of people use it for personal transactions and stuff, right? Maybe that could be the way to go.
upvoted 0 times
Lilli
7 months ago
So, maybe option C would be more accurate, as long as EU data subjects are involved?
upvoted 0 times
...
Josephine
7 months ago
I believe it's more about whether the transactions involve personal data of EU data subjects.
upvoted 0 times
...
Reyes
7 months ago
But does that mean they are outside the material scope of the GDPR?
upvoted 0 times
...
Lilli
7 months ago
I think option B makes sense. Blockchain transactions are often used for personal purposes.
upvoted 0 times
...
...
Rocco
8 months ago
You know, I was thinking the same thing. The whole decentralized nature of blockchains seems to be a bit of a loophole when it comes to GDPR. But then again, I don't know, maybe the regulators have found a way to close that gap. I'm torn between C and D.
upvoted 0 times
...
Shasta
8 months ago
Hmm, I'm not so sure. What about the whole decentralized thing? Wouldn't that mean it's outside the territorial scope? I'm leaning more towards D on this one.
upvoted 0 times
...
Kimberely
8 months ago
Yeah, I agree with you. Although blockchain is all about privacy and anonymity, the GDPR is pretty broad and covers a lot of ground. I'd say C is the way to go here.
upvoted 0 times
...
Felix
8 months ago
This question is a bit tricky, isn't it? I mean, blockchain transactions are a bit of a gray area when it comes to GDPR. But I think I got it - the answer is C, because even though the transactions are pseudonymous, they still include data subjects in the EU, so they're within the material scope of GDPR.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77