A guide to Non-Fungible Tokens (NFTs), 2023 - Flipbook - Page 23


laundering and counter-terrorism for “virtual asset service providers”. However,
the FATF (which refers to virtual assets rather than cryptoassets) published
guidance in 2021 on Virtual Assets and Virtual Asset Service Providers stating
that NFTs are not generally considered virtual assets. However, they make it
clear that this space is rapidly evolving and the guidance should be applied on
a case-by-case basis, so there may well be instances in the future where NFTs
may be considered to fall within the scope of FATF standards. This is likely to be
the case where NFTs are used for payment or investment purposes.
Data protection
Data protection laws have potential implications with regard to NFTs, as they
commonly apply to any processing of personal data regardless of the context.
Post-Brexit, the data protection regime applicable in the UK now comprises the
UK GDPR.
This note focuses on issues that apply under the UK GDPR, although the EU
GDPR may continue to have extra-territorial effect in some situations, and is
likely to present similar issues which may also need to be considered.
The applicability of UK GDPR in the context of blockchain transactions is
challenging. There are a range of ways in which blockchain technology is
incompatible with UK GDPR, including:
•
•
•
Immutability: the unchangeable nature of blockchain is in opposition to
some rights protected by UK GDPR, such as the right to be forgotten, or to
have incorrect personal data amended.
Enforcement: the relative anonymity offered to users would pose issues for
data subjects in identifying the person(s) against which they can exercise
their rights under UK GDPR. In particular, there may not be one single entity
against which to enforce, given the distributed nature of the technology.
Pseudonymity: blockchain transactions are not entirely anonymous
but rather pseudonymous as personal identifiers in the hash are able to
be linked back to an individual user. As a result, this data would remain
“personal data” for the purposes of UK GDPR.
22
Paperturn flip book viewer