New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IAPP Exam CIPP-E Topic 2 Question 90 Discussion

Actual exam question for IAPP's CIPP-E exam
Question #: 90
Topic #: 2
[All CIPP-E Questions]

Since blockchain transactions are classified as pseudonymous, are they considered to be within the material scope of the GDPR, or outside of it?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to the GDPR, the material scope of the regulation covers the processing of personal data wholly or partly by automated means, or by non-automated means if the data forms part of a filing system or is intended to form part of a filing system (Article 2(1)). Personal data is defined as any information relating to an identified or identifiable natural person (data subject) (Article 4(1)). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4(1)). Therefore, pseudonymous data, such as blockchain transactions that use public keys or other identifiers, may still fall within the definition of personal data if the data subject can be identified or re-identified by using additional information or means (Recital 26).

The GDPR also applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the European Union, regardless of whether the processing takes place in the European Union or not (Article 3(1)). The GDPR also applies to the processing of personal data of data subjects who are in the European Union by a controller or processor not established in the European Union, where the processing activities are related to the offering of goods or services to such data subjects in the European Union or the monitoring of their behaviour as far as their behaviour takes place within the European Union (Article 3(2)). Therefore, the territorial scope of the GDPR covers both controllers and processors established in the European Union, and controllers and processors not established in the European Union but targeting or monitoring data subjects in the European Union.

In this scenario, blockchain transactions are classified as pseudonymous data, which may still be considered as personal data under the GDPR if the data subjects can be identified or re-identified. Therefore, such transactions are within the material scope of the GDPR, as they involve the processing of personal data by automated means. However, the GDPR only applies to such transactions to the extent that they include data subjects in the European Union, either by having a controller or processor established in the European Union, or by offering goods or services to or monitoring the behaviour of such data subjects. Therefore, the answer is C.


Contribute your Thoughts:

Devorah
3 months ago
I hope the answer isn't 'All of the above' - that would be a real blockchain moment!
upvoted 0 times
...
Alica
3 months ago
I'm going with D. The GDPR is all about location, location, location, and a decentralized blockchain just doesn't fit neatly into that framework.
upvoted 0 times
Barney
2 months ago
Yeah, D seems like the best option. Blockchains being decentralized complicates things.
upvoted 0 times
...
Sunshine
2 months ago
I agree, D makes the most sense. The GDPR is all about location.
upvoted 0 times
...
...
Pearlene
3 months ago
Hmm, I'm torn between C and D. The decentralized nature of blockchains makes me wonder about the territorial scope, but the inclusion of EU data subjects is a strong factor.
upvoted 0 times
...
Christiane
3 months ago
I think blockchain transactions are within the material scope of the GDPR, but outside the territorial scope due to their decentralized nature.
upvoted 0 times
...
Marva
3 months ago
I see your point, Narcisa. But I think transactions involving data subjects in the EU are still within the scope of the GDPR.
upvoted 0 times
...
Buddy
3 months ago
B sounds right to me. Transactions for personal or household purposes should be outside the GDPR's scope, regardless of whether they involve pseudonymous data.
upvoted 0 times
Von
3 months ago
I agree, personal transactions should not fall under the GDPR's jurisdiction.
upvoted 0 times
...
Teri
3 months ago
B sounds right to me. Transactions for personal or household purposes should be outside the GDPR's scope, regardless of whether they involve pseudonymous data.
upvoted 0 times
...
...
Narcisa
3 months ago
I disagree, I believe they are outside the material scope because they do not include personal data about data subjects in the EU.
upvoted 0 times
...
Val
3 months ago
I think blockchain transactions are within the material scope of the GDPR.
upvoted 0 times
...
Cristal
4 months ago
I think blockchain transactions are within the material scope of the GDPR but outside the territorial scope because blockchains are decentralized.
upvoted 0 times
...
Dorathy
4 months ago
I see your point, Lucy. But I think they are within the material scope to the extent that transactions involve data subjects in the EU.
upvoted 0 times
...
Lucy
4 months ago
I disagree, I believe they are outside the material scope because they do not include personal data about data subjects in the EU.
upvoted 0 times
...
Aracelis
4 months ago
I think blockchain transactions are within the material scope of the GDPR.
upvoted 0 times
...
Barrie
4 months ago
I think C is the correct answer. Blockchain transactions involving EU data subjects should be within the GDPR's scope, even if they are pseudonymous.
upvoted 0 times
Twana
3 months ago
D) Within the material scope of the GDPR but outside of the territorial scope, because blockchains are decentralized.
upvoted 0 times
...
Dottie
3 months ago
I agree, C seems to be the most appropriate choice.
upvoted 0 times
...
Rosann
4 months ago
C) Within the material scope of the GDPR to the extent that transactions include data subjects in the European Union.
upvoted 0 times
...
Anglea
4 months ago
A) Outside the material scope of the GDPR, because transactions do not include personal data about data subjects in the European Union.
upvoted 0 times
...
...

Save Cancel