區塊鏈環境中個人資訊保護的法律障礙與應對

The Legal Obstacle and Solution of Personal Information Protection in Blockchain

區塊鏈是指以分散式運算為目的生成的，以資料存儲、點對點傳輸、共識機制和加密演算法等為核心的電腦技術集合。區塊鏈技術特性給個人資訊法律保護帶來了全方位挑戰。區塊鏈資料中的註冊資料、區塊體資料、具有可識別性的附加資料和區塊鏈功能交易資料構成個人資訊。在區塊鏈背景下，全球個人資訊保護立法重心由個人資訊處理者轉向節點控制者。公鏈屬於根技術和技術基礎，公鏈發起人以及節點控制者不承擔個人資訊處理者的法律責任，而非公有鏈在法律性質上屬於產品應用，其發起人和有限節點控制者應該承擔個人資訊處理者的法律責任。區塊鏈不可篡改性使得只能以達到刪除權和更正權目的方式在制度上加以實現。

Blockchain refers to a collection of computer technologies with data storage, peer-to-peer transmission, consensus mechanisms, cryptographic algorithms, etc. as the core, which is generated for the purpose of distributed computing. The characteristics of blockchain technology pose an all-round challenge to the legal protection of personal information. Registration data, block body data, additional data with identifiability in blockchain network and blockchain functional transaction data constitute personal information. In the context of blockchain, the focus of global personal information protection legislation will shift from the network operators to the node controllers. The public blockchain belongs to the root technology and technical foundation, and the public blockchain’s initiator as well as the node controller does not bear the legal responsibility of the personal information processor. The permissioned blockchain, on the other hand, belongs to the product application in legal nature, and its initiator and limited node controllers should bear the legal responsibility of personal information processor. The tamper-evident nature of blockchain makes it only be realized institutionally in a way that achieves the purpose of the right of deletion and correction.